Add option to do init run-all for terragrunt #398
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CalvinRodo
requested changes
Nov 14, 2024
patheard
reviewed
Nov 14, 2024
CalvinRodo
requested changes
Nov 14, 2024
test/format-error/format-error.tf
Outdated
| @@ -9,5 +9,5 @@ terraform { | |||
| } | |||
|
|
|||
| resource "random_id" "id" { | |||
| byte_length = 8 | |||
There was a problem hiding this comment.
This might be the reason why you had to change the format-error test to a success I think auto formatting broke the test.
We should figure out if there is a way to ignore auto-format in this file.
There was a problem hiding this comment.
Yeah, exactly. The autoformat formatted it and therefore broke the test without me realizing it.
Co-authored-by: Calvin Rodo <[email protected]>
…erraform-plan into feat/implement_run_all
Test init-fail❌ Terraform Init: Show Init resultsInitializing the backend...
Initializing provider plugins...
- Finding latest version of foo/bar...
Error: Failed to query available provider packages
Could not retrieve the list of available versions for provider foo/bar:
provider registry registry.terraform.io does not have a provider named
registry.terraform.io/foo/bar
All modules should specify their required_providers so that external
consumers will get the correct providers when using a module. To see which
modules are currently depending on foo/bar, run the following command:
terraform providers
Show Validate resultsError: Missing required provider
This configuration requires provider registry.terraform.io/foo/bar, but that
provider isn't available. You may be able to install it automatically by
running:
terraform init
Show planError: Inconsistent dependency lock file
The following dependency selections recorded in the lock file are
inconsistent with the current configuration:
- provider registry.terraform.io/foo/bar: required by this configuration but no version is selected
To make the initial dependency selections that will initialize the dependency
lock file, run:
terraform init
|
Test validate-fail✅ Terraform Init: Show Validate resultsError: Reference to undeclared input variable
on validate-fail.tf line 4, in resource "random_id" "foo":
4: foo = var.bar
An input variable with the name "bar" has not been declared. This variable
can be declared with a variable "bar" {} block.
Show planError: Reference to undeclared input variable
on validate-fail.tf line 4, in resource "random_id" "foo":
4: foo = var.bar
An input variable with the name "bar" has not been declared. This variable
can be declared with a variable "bar" {} block.
|
Test skip-conftest✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
Warning: Duplicate required provider
on skip-conftest.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
|
Test format-error✅ Terraform Init: 🧹 Format: run format-error.tfPlan: 1 to add, 0 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Warning: Duplicate required provider
on format-error.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest results20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions
|
Test invalid✅ Terraform Init: Show Validate resultsWarning: Duplicate required provider
on invalid.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
Error: Missing required argument
on invalid.tf line 11, in resource "random_id" "id":
11: resource "random_id" "id" {
The argument "byte_length" is required, but no definition was found.
Error: Unsupported argument
on invalid.tf line 12, in resource "random_id" "id":
12: muffin = "blueberry"
An argument named "muffin" is not expected here.
🧹 Format: run invalid.tfShow planWarning: Duplicate required provider
on invalid.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
Error: Missing required argument
on invalid.tf line 11, in resource "random_id" "id":
11: resource "random_id" "id" {
The argument "byte_length" is required, but no definition was found.
Error: Unsupported argument
on invalid.tf line 12, in resource "random_id" "id":
12: muffin = "blueberry"
An argument named "muffin" is not expected here.
|
Test skip-plan✅ Terraform Init: |
Test changes✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
Warning: Duplicate required provider
on changes.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest results20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions
|
Test skip-fmt✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
Warning: Duplicate required provider
on skip-fmt.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest results20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions
|
Test conftest-deny✅ Terraform Init: Plan: 38 to add, 0 to change, 0 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.rds.data.aws_iam_policy_document.read_connection_string[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "read_connection_string" {
+ id = (known after apply)
+ json = (known after apply)
+ minified_json = (known after apply)
+ statement {
+ actions = [
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:GetResourcePolicy",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:ListSecretVersionIds",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
]
+ sid = "0"
}
+ statement {
+ actions = [
+ "secretsmanager:ListSecrets",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "1"
}
+ statement {
+ actions = [
+ "kms:Decrypt",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "2"
+ condition {
+ test = "StringEquals"
+ values = [
+ "secretsmanager.ca-central-1.amazonaws.com",
]
+ variable = "kms:ViaService"
}
}
}
# module.rds.aws_cloudwatch_log_group.log_exports["postgresql"] will be created
+ resource "aws_cloudwatch_log_group" "log_exports" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/rds/cluster/test-rds-cluster/postgresql"
+ name_prefix = (known after apply)
+ retention_in_days = 7
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
}
# module.rds.aws_cloudwatch_log_group.proxy[0] will be created
+ resource "aws_cloudwatch_log_group" "proxy" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/rds/proxy/test-rds-proxy"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
}
# module.rds.aws_db_proxy.proxy[0] will be created
+ resource "aws_db_proxy" "proxy" {
+ arn = (known after apply)
+ debug_logging = false
+ endpoint = (known after apply)
+ engine_family = "POSTGRESQL"
+ id = (known after apply)
+ idle_client_timeout = 1800
+ name = "test-rds-proxy"
+ require_tls = true
+ role_arn = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
+ vpc_subnet_ids = (known after apply)
+ auth {
+ auth_scheme = "SECRETS"
+ client_password_auth_type = (known after apply)
+ description = "The database connection string"
+ iam_auth = "DISABLED"
+ secret_arn = (known after apply)
# (1 unchanged attribute hidden)
}
}
# module.rds.aws_db_proxy_default_target_group.this[0] will be created
+ resource "aws_db_proxy_default_target_group" "this" {
+ arn = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ id = (known after apply)
+ name = (known after apply)
+ connection_pool_config (known after apply)
}
# module.rds.aws_db_proxy_target.target[0] will be created
+ resource "aws_db_proxy_target" "target" {
+ db_cluster_identifier = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ endpoint = (known after apply)
+ id = (known after apply)
+ port = (known after apply)
+ rds_resource_id = (known after apply)
+ target_arn = (known after apply)
+ target_group_name = (known after apply)
+ tracked_cluster_id = (known after apply)
+ type = (known after apply)
}
# module.rds.aws_db_subnet_group.rds will be created
+ resource "aws_db_subnet_group" "rds" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ id = (known after apply)
+ name = "test-rds-subnet-group"
+ name_prefix = (known after apply)
+ subnet_ids = (known after apply)
+ supported_network_types = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.aws_iam_policy.read_connection_string[0] will be created
+ resource "aws_iam_policy" "read_connection_string" {
+ arn = (known after apply)
+ attachment_count = (known after apply)
+ id = (known after apply)
+ name = "test-rdsReadConnectionString"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = (known after apply)
+ policy_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_iam_role.rds_proxy[0] will be created
+ resource "aws_iam_role" "rds_proxy" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "rds.amazonaws.com"
}
+ Sid = "RDSAssume"
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "test-rds_rds_proxy"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# module.rds.aws_iam_role_policy_attachment.read_connection_string[0] will be created
+ resource "aws_iam_role_policy_attachment" "read_connection_string" {
+ id = (known after apply)
+ policy_arn = (known after apply)
+ role = "test-rds_rds_proxy"
}
# module.rds.aws_rds_cluster.cluster will be created
+ resource "aws_rds_cluster" "cluster" {
+ allocated_storage = (known after apply)
+ allow_major_version_upgrade = false
+ apply_immediately = false
+ arn = (known after apply)
+ availability_zones = (known after apply)
+ backtrack_window = 0
+ backup_retention_period = 7
+ ca_certificate_identifier = (known after apply)
+ ca_certificate_valid_till = (known after apply)
+ cluster_identifier = "test-rds-cluster"
+ cluster_identifier_prefix = (known after apply)
+ cluster_members = (known after apply)
+ cluster_resource_id = (known after apply)
+ copy_tags_to_snapshot = true
+ database_name = "foo"
+ db_cluster_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ db_system_id = (known after apply)
+ delete_automated_backups = true
+ deletion_protection = true
+ enable_global_write_forwarding = false
+ enable_http_endpoint = false
+ enable_local_write_forwarding = false
+ enabled_cloudwatch_logs_exports = [
+ "postgresql",
]
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_lifecycle_support = (known after apply)
+ engine_mode = "provisioned"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ final_snapshot_identifier = (known after apply)
+ hosted_zone_id = (known after apply)
+ iam_database_authentication_enabled = false
+ iam_roles = (known after apply)
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ master_password = (sensitive value)
+ master_user_secret = (known after apply)
+ master_user_secret_kms_key_id = (known after apply)
+ master_username = "cal"
+ network_type = (known after apply)
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = "07:00-09:00"
+ preferred_maintenance_window = "sun:06:00-sun:07:00"
+ reader_endpoint = (known after apply)
+ skip_final_snapshot = false
+ storage_encrypted = true
+ storage_type = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[0] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-0"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[1] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-1"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[2] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-2"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_secretsmanager_secret.connection_string[0] will be created
+ resource "aws_secretsmanager_secret" "connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ replica (known after apply)
}
# module.rds.aws_secretsmanager_secret.proxy_connection_string[0] will be created
+ resource "aws_secretsmanager_secret" "proxy_connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ replica (known after apply)
}
# module.rds.aws_secretsmanager_secret_version.connection_string[0] will be created
+ resource "aws_secretsmanager_secret_version" "connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_secretsmanager_secret_version.proxy_connection_string[0] will be created
+ resource "aws_secretsmanager_secret_version" "proxy_connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_security_group.rds will be created
+ resource "aws_security_group" "rds" {
+ arn = (known after apply)
+ description = "The Security group that allows communication between the proxy and the database"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "test-rds_rds_proxy_sg"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.aws_security_group_rule.rds_egress will be created
+ resource "aws_security_group_rule" "rds_egress" {
+ description = "Egress from the database"
+ from_port = 5432
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ self = true
+ source_security_group_id = (known after apply)
+ to_port = 5432
+ type = "egress"
}
# module.rds.aws_security_group_rule.rds_ingress will be created
+ resource "aws_security_group_rule" "rds_ingress" {
+ description = "Ingress to the database"
+ from_port = 5432
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ self = true
+ source_security_group_id = (known after apply)
+ to_port = 5432
+ type = "ingress"
}
# module.rds.random_string.random will be created
+ resource "random_string" "random" {
+ id = (known after apply)
+ length = 6
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ numeric = true
+ result = (known after apply)
+ special = false
+ upper = false
}
# module.vpc.aws_default_network_acl.default will be created
+ resource "aws_default_network_acl" "default" {
+ arn = (known after apply)
+ default_network_acl_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_route_table.default will be created
+ resource "aws_default_route_table" "default" {
+ arn = (known after apply)
+ default_route_table_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ route = []
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_security_group.default will be created
+ resource "aws_default_security_group" "default" {
+ arn = (known after apply)
+ description = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_internet_gateway.gw will be created
+ resource "aws_internet_gateway" "gw" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_nat_gateway.nat_gw[0] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ip_addresses = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
# (1 unchanged attribute hidden)
}
# module.vpc.aws_network_acl.main will be created
+ resource "aws_network_acl" "main" {
+ arn = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ owner_id = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_main_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_main_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_network_acl_rule.block_rdp[0] will be...Show Conftest resultsFAIL - plan.json - main - Postgresql main password > 8 characters: ["module.rds.aws_rds_cluster.cluster"]
20 tests, 19 passed, 0 warnings, 1 failure, 0 exceptions
|
Test truncate-plan✅ Terraform Init: Plan: 38 to add, 0 to change, 0 to destroyShow summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.rds.data.aws_iam_policy_document.read_connection_string[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "read_connection_string" {
+ id = (known after apply)
+ json = (known after apply)
+ minified_json = (known after apply)
+ statement {
+ actions = [
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:GetResourcePolicy",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:ListSecretVersionIds",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
]
+ sid = "0"
}
+ statement {
+ actions = [
+ "secretsmanager:ListSecrets",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "1"
}
+ statement {
+ actions = [
+ "kms:Decrypt",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "2"
+ condition {
+ test = "StringEquals"
+ values = [
+ "secretsmanager.ca-central-1.amazonaws.com",
]
+ variable = "kms:ViaService"
}
}
}
# module.rds.aws_cloudwatch_log_group.log_exports["postgresql"] will be created
+ resource "aws_cloudwatch_log_group" "log_exports" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/rds/cluster/test-rds-cluster/postgresql"
+ name_prefix = (known after apply)
+ retention_in_days = 7
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
}
# module.rds.aws_cloudwatch_log_group.proxy[0] will be created
+ resource "aws_cloudwatch_log_group" "proxy" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/rds/proxy/test-rds-proxy"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
}
# module.rds.aws_db_proxy.proxy[0] will be created
+ resource "aws_db_proxy" "proxy" {
+ arn = (known after apply)
+ debug_logging = false
+ endpoint = (known after apply)
+ engine_family = "POSTGRESQL"
+ id = (known after apply)
+ idle_client_timeout = 1800
+ name = "test-rds-proxy"
+ require_tls = true
+ role_arn = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
+ vpc_subnet_ids = (known after apply)
+ auth {
+ auth_scheme = "SECRETS"
+ client_password_auth_type = (known after apply)
+ description = "The database connection string"
+ iam_auth = "DISABLED"
+ secret_arn = (known after apply)
# (1 unchanged attribute hidden)
}
}
# module.rds.aws_db_proxy_default_target_group.this[0] will be created
+ resource "aws_db_proxy_default_target_group" "this" {
+ arn = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ id = (known after apply)
+ name = (known after apply)
+ connection_pool_config (known after apply)
}
# module.rds.aws_db_proxy_target.target[0] will be created
+ resource "aws_db_proxy_target" "target" {
+ db_cluster_identifier = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ endpoint = (known after apply)
+ id = (known after apply)
+ port = (known after apply)
+ rds_resource_id = (known after apply)
+ target_arn = (known after apply)
+ target_group_name = (known after apply)
+ tracked_cluster_id = (known after apply)
+ type = (known after apply)
}
# module.rds.aws_db_subnet_group.rds will be created
+ resource "aws_db_subnet_group" "rds" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ id = (known after apply)
+ name = "test-rds-subnet-group"
+ name_prefix = (known after apply)
+ subnet_ids = (known after apply)
+ supported_network_types = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.aws_iam_policy.read_connection_string[0] will be created
+ resource "aws_iam_policy" "read_connection_string" {
+ arn = (known after apply)
+ attachment_count = (known after apply)
+ id = (known after apply)
+ name = "test-rdsReadConnectionString"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = (known after apply)
+ policy_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_iam_role.rds_proxy[0] will be created
+ resource "aws_iam_role" "rds_proxy" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "rds.amazonaws.com"
}
+ Sid = "RDSAssume"
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "test-rds_rds_proxy"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
+ inline_policy (known after apply)
}
# module.rds.aws_iam_role_policy_attachment.read_connection_string[0] will be created
+ resource "aws_iam_role_policy_attachment" "read_connection_string" {
+ id = (known after apply)
+ policy_arn = (known after apply)
+ role = "test-rds_rds_proxy"
}
# module.rds.aws_rds_cluster.cluster will be created
+ resource "aws_rds_cluster" "cluster" {
+ allocated_storage = (known after apply)
+ allow_major_version_upgrade = false
+ apply_immediately = false
+ arn = (known after apply)
+ availability_zones = (known after apply)
+ backtrack_window = 0
+ backup_retention_period = 7
+ ca_certificate_identifier = (known after apply)
+ ca_certificate_valid_till = (known after apply)
+ cluster_identifier = "test-rds-cluster"
+ cluster_identifier_prefix = (known after apply)
+ cluster_members = (known after apply)
+ cluster_resource_id = (known after apply)
+ copy_tags_to_snapshot = true
+ database_name = "foo"
+ db_cluster_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ db_system_id = (known after apply)
+ delete_automated_backups = true
+ deletion_protection = true
+ enable_global_write_forwarding = false
+ enable_http_endpoint = false
+ enable_local_write_forwarding = false
+ enabled_cloudwatch_logs_exports = [
+ "postgresql",
]
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_lifecycle_support = (known after apply)
+ engine_mode = "provisioned"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ final_snapshot_identifier = (known after apply)
+ hosted_zone_id = (known after apply)
+ iam_database_authentication_enabled = false
+ iam_roles = (known after apply)
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ master_password = (sensitive value)
+ master_user_secret = (known after apply)
+ master_user_secret_kms_key_id = (known after apply)
+ master_username = "probably"
+ network_type = (known after apply)
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = "07:00-09:00"
+ preferred_maintenance_window = "sun:06:00-sun:07:00"
+ reader_endpoint = (known after apply)
+ skip_final_snapshot = false
+ storage_encrypted = true
+ storage_type = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[0] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-0"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[1] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-1"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[2] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-2"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = (known after apply)
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_secretsmanager_secret.connection_string[0] will be created
+ resource "aws_secretsmanager_secret" "connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ replica (known after apply)
}
# module.rds.aws_secretsmanager_secret.proxy_connection_string[0] will be created
+ resource "aws_secretsmanager_secret" "proxy_connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ replica (known after apply)
}
# module.rds.aws_secretsmanager_secret_version.connection_string[0] will be created
+ resource "aws_secretsmanager_secret_version" "connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_secretsmanager_secret_version.proxy_connection_string[0] will be created
+ resource "aws_secretsmanager_secret_version" "proxy_connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_security_group.rds will be created
+ resource "aws_security_group" "rds" {
+ arn = (known after apply)
+ description = "The Security group that allows communication between the proxy and the database"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "test-rds_rds_proxy_sg"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.aws_security_group_rule.rds_egress will be created
+ resource "aws_security_group_rule" "rds_egress" {
+ description = "Egress from the database"
+ from_port = 5432
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ self = true
+ source_security_group_id = (known after apply)
+ to_port = 5432
+ type = "egress"
}
# module.rds.aws_security_group_rule.rds_ingress will be created
+ resource "aws_security_group_rule" "rds_ingress" {
+ description = "Ingress to the database"
+ from_port = 5432
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ self = true
+ source_security_group_id = (known after apply)
+ to_port = 5432
+ type = "ingress"
}
# module.rds.random_string.random will be created
+ resource "random_string" "random" {
+ id = (known after apply)
+ length = 6
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ numeric = true
+ result = (known after apply)
+ special = false
+ upper = false
}
# module.vpc.aws_default_network_acl.default will be created
+ resource "aws_default_network_acl" "default" {
+ arn = (known after apply)
+ default_network_acl_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_route_table.default will be created
+ resource "aws_default_route_table" "default" {
+ arn = (known after apply)
+ default_route_table_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ route = []
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_security_group.default will be created
+ resource "aws_default_security_group" "default" {
+ arn = (known after apply)
+ description = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_internet_gateway.gw will be created
+ resource "aws_internet_gateway" "gw" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_nat_gateway.nat_gw[0] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ip_addresses = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
# (1 unchanged attribute hidden)
}
# module.vpc.aws_network_acl.main will be created
+ resource "aws_network_acl" "main" {
+ arn = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ owner_id = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_main_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_main_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_network_acl_rule.block_rdp[0] will be...Show Conftest results20 tests, 20 passed, 0 warnings, 0 failures, 0 exceptions
|
Test import✅ Terraform Init: Plan: 2 to import, 1 to add, 0 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_cloudwatch_log_group.controltower-notificationforwarder will be imported
resource "aws_cloudwatch_log_group" "controltower-notificationforwarder" {
arn = "arn:aws:logs:ca-central-1:124044056575:log-group:/aws/lambda/aws-controltower-NotificationForwarder"
id = "/aws/lambda/aws-controltower-NotificationForwarder"
kms_key_id = null
log_group_class = "STANDARD"
name = "/aws/lambda/aws-controltower-NotificationForwarder"
name_prefix = null
retention_in_days = 14
skip_destroy = false
tags = {}
tags_all = {}
}
# aws_cloudwatch_log_group.topic will be created
+ resource "aws_cloudwatch_log_group" "topic" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "topic"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags_all = (known after apply)
}
# aws_sns_topic.controltower-notificationforwarder will be imported
resource "aws_sns_topic" "controltower-notificationforwarder" {
application_failure_feedback_role_arn = null
application_success_feedback_role_arn = null
application_success_feedback_sample_rate = 0
archive_policy = null
arn = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
beginning_archive_time = null
content_based_deduplication = false
delivery_policy = null
display_name = null
fifo_topic = false
firehose_failure_feedback_role_arn = null
firehose_success_feedback_role_arn = null
firehose_success_feedback_sample_rate = 0
http_failure_feedback_role_arn = null
http_success_feedback_role_arn = null
http_success_feedback_sample_rate = 0
id = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
kms_master_key_id = null
lambda_failure_feedback_role_arn = null
lambda_success_feedback_role_arn = null
lambda_success_feedback_sample_rate = 0
name = "internal-sre-alert"
name_prefix = null
owner = "124044056575"
policy = jsonencode(
{
Id = "SNS Access Policy"
Statement = [
{
Action = [
"SNS:Subscribe",
"SNS:SetTopicAttributes",
"SNS:RemovePermission",
"SNS:Receive",
"SNS:Publish",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:AddPermission",
]
Condition = {
StringEquals = {
"aws:SourceOwner" = "124044056575"
}
}
Effect = "Allow"
Principal = {
AWS = "*"
}
Resource = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
Sid = "AllowAccountToUse"
},
{
Action = "SNS:Publish"
Condition = {
StringEquals = {
"aws:SourceAccount" = "124044056575"
}
}
Effect = "Allow"
Principal = {
Service = "cloudwatch.amazonaws.com"
}
Resource = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
Sid = "AllowCloudWatchToPublish"
},
{
Action = "SNS:Publish"
Condition = {
ArnEquals = {
"aws:SourceArn" = "arn:aws:events:ca-central-1:124044056575:rule/internal-sre-alerts-abuse-rule"
}
}
Effect = "Allow"
Principal = {
Service = "events.amazonaws.com"
}
Resource = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
Sid = "AllowAbuseEventsToPublish"
},
{
Action = "SNS:Publish"
Condition = {
StringEquals = {
"aws:SourceAccount" = "124044056575"
}
}
Effect = "Allow"
Principal = {
Service = "budgets.amazonaws.com"
}
Resource = "arn:aws:sns:ca-central-1:124044056575:internal-sre-alert"
Sid = "AllowBudgetEventsToPublish"
},
]
Version = "2012-10-17"
}
)
signature_version = 0
sqs_failure_feedback_role_arn = null
sqs_success_feedback_role_arn = null
sqs_success_feedback_sample_rate = 0
tags = {
"CostCentre" = "SRE"
"Terraform" = "true"
"managed_by" = "AFT"
}
tags_all = {
"CostCentre" = "SRE"
"Terraform" = "true"
"managed_by" = "AFT"
}
tracing_config = null
}
Plan: 2 to import, 1 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.controltower-notificationforwarder"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.topic"]
21 tests, 19 passed, 2 warnings, 0 failures, 0 exceptions
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary | Résumé
Modifying github action to be able to use terragrunt init-all as this is needed for the Azure LZ.