Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use new VPC in docdb #98

Merged
merged 1 commit into from
Aug 18, 2023
Merged

fix: use new VPC in docdb #98

merged 1 commit into from
Aug 18, 2023

Conversation

xav
Copy link
Contributor

@xav xav commented Aug 7, 2023

Description

Resolves # (issue)

How Has This Been Tested?

Due Diligence

  • Breaking change
  • Requires a documentation update
  • Requires a e2e/integration test update

@Elyniss Elyniss linked an issue Aug 7, 2023 that may be closed by this pull request
Fix prod deploy #97
Closed
@xav xav temporarily deployed to infra/prod August 7, 2023 21:24 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/staging August 7, 2023 21:24 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 7, 2023 21:26 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/staging August 7, 2023 21:26 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/e200b0f7-74f6-463d-a1a3-1c09f3e63b3e/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.ecs.aws_appautoscaling_target.ecs_target has been deleted
  - resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"
      - resource_id        = "service/prod_keyserver_cluster/prod_keyserver-service" -> null
      - scalable_dimension = "ecs:service:DesiredCount" -> null
      - service_namespace  = "ecs" -> null
        # (3 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement
+/- create replacement and then destroy
 <= read (data resources)

Terraform will perform the following actions:

  # module.ecs.aws_alb.network_load_balancer must be replaced
+/- resource "aws_alb" "network_load_balancer" {
      ~ arn                              = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/net/prod-keyserver-lb-3a8/b386cfa05af63d6b" -> (known after apply)
      ~ arn_suffix                       = "net/prod-keyserver-lb-3a8/b386cfa05af63d6b" -> (known after apply)
      ~ dns_name                         = "prod-keyserver-lb-3a8-b386cfa05af63d6b.elb.eu-central-1.amazonaws.com" -> (known after apply)
      ~ id                               = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/net/prod-keyserver-lb-3a8/b386cfa05af63d6b" -> (known after apply)
      ~ internal                         = false -> (known after apply)
      ~ ip_address_type                  = "ipv4" -> (known after apply)
      ~ name                             = "prod-keyserver-lb-3a8" -> (known after apply)
      ~ security_groups                  = [] -> (known after apply)
      ~ subnets                          = [ # forces replacement
          - "subnet-003e71fe834d8ae89",
          - "subnet-01c85562ab20d9798",
          - "subnet-0ee4ef2c9f8840739",
        ] -> (known after apply) # forces replacement
      - tags                             = {} -> null
      ~ vpc_id                           = "vpc-0de9380f8679bfa0d" -> (known after apply)
      ~ zone_id                          = "Z3F0SRJ5LGBH90" -> (known after apply)
        # (4 unchanged attributes hidden)

      - access_logs {
          - enabled = false -> null
        }

      - subnet_mapping {
          - subnet_id = "subnet-003e71fe834d8ae89" -> null
        }
      - subnet_mapping {
          - subnet_id = "subnet-01c85562ab20d9798" -> null
        }
      - subnet_mapping {
          - subnet_id = "subnet-0ee4ef2c9f8840739" -> null
        }
    }

  # module.ecs.aws_appautoscaling_policy.ecs_target_cpu will be created
  + resource "aws_appautoscaling_policy" "ecs_target_cpu" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "application-scaling-policy-cpu"
      + policy_type        = "TargetTrackingScaling"
      + resource_id        = "service/prod_keyserver_cluster/prod_keyserver-service"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + target_tracking_scaling_policy_configuration {
          + disable_scale_in = false
          + target_value     = 80

          + predefined_metric_specification {
              + predefined_metric_type = "ECSServiceAverageCPUUtilization"
            }
        }
    }

  # module.ecs.aws_appautoscaling_policy.ecs_target_memory will be created
  + resource "aws_appautoscaling_policy" "ecs_target_memory" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "application-scaling-policy-memory"
      + policy_type        = "TargetTrackingScaling"
      + resource_id        = "service/prod_keyserver_cluster/prod_keyserver-service"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + target_tracking_scaling_policy_configuration {
          + disable_scale_in = false
          + target_value     = 80

          + predefined_metric_specification {
              + predefined_metric_type = "ECSServiceAverageMemoryUtilization"
            }
        }
    }

  # module.ecs.aws_appautoscaling_target.ecs_target will be created
  + resource "aws_appautoscaling_target" "ecs_target" {
      + id                 = (known after apply)
      + max_capacity       = 8
      + min_capacity       = 2
      + resource_id        = "service/prod_keyserver_cluster/prod_keyserver-service"
      + role_arn           = "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"
    }

  # module.ecs.aws_ecs_service.app_service will be created
  + resource "aws_ecs_service" "app_service" {
      + cluster                            = "arn:aws:ecs:eu-central-1:898587786287:cluster/prod_keyserver_cluster"
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 2
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "prod_keyserver-service"
      + platform_version                   = (known after apply)
      + propagate_tags                     = "TASK_DEFINITION"
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + task_definition                    = (known after apply)
      + wait_for_steady_state              = true

      + load_balancer {
          + container_name   = "prod_keyserver"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:11" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "prod_keyserver" -> (known after apply)
      ~ revision                 = 11 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.ecs.aws_lb_listener.listener must be replaced
+/- resource "aws_lb_listener" "listener" {
      ~ arn               = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/net/prod-keyserver-lb-3a8/b386cfa05af63d6b/e5607c95c34a4423" -> (known after apply)
      ~ id                = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/net/prod-keyserver-lb-3a8/b386cfa05af63d6b/e5607c95c34a4423" -> (known after apply)
      ~ load_balancer_arn = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/net/prod-keyserver-lb-3a8/b386cfa05af63d6b" # forces replacement -> (known after apply) # forces replacement
      - tags              = {} -> null
        # (5 unchanged attributes hidden)

      ~ default_action {
          ~ order            = 1 -> (known after apply)
          ~ target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/prod-keyserver-4e6/0de87e574afd3da4" -> (known after apply)
            # (1 unchanged attribute hidden)
        }
    }

  # module.ecs.aws_lb_target_group.target_group must be replaced
+/- resource "aws_lb_target_group" "target_group" {
      ~ arn                                = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/prod-keyserver-4e6/0de87e574afd3da4" -> (known after apply)
      ~ arn_suffix                         = "targetgroup/prod-keyserver-4e6/0de87e574afd3da4" -> (known after apply)
      ~ id                                 = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/prod-keyserver-4e6/0de87e574afd3da4" -> (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      ~ name                               = "prod-keyserver-4e6" -> (known after apply)
      ~ preserve_client_ip                 = "false" -> (known after apply)
      + protocol_version                   = (known after apply)
      - tags                               = {} -> null
      ~ vpc_id                             = "vpc-0de9380f8679bfa0d" # forces replacement -> (known after apply) # forces replacement
        # (9 unchanged attributes hidden)

      ~ health_check {
          ~ matcher             = "200-399" -> (known after apply)
          ~ timeout             = 6 -> (known after apply)
            # (7 unchanged attributes hidden)
        }

      - stickiness {
          - cookie_duration = 0 -> null
          - enabled         = false -> null
          - type            = "source_ip" -> null
        }
    }

  # module.ecs.aws_route53_record.dns_load_balancer will be updated in-place
  ~ resource "aws_route53_record" "dns_load_balancer" {
        id      = "Z098781520DYMYC4P6VDC_keys.walletconnect.com_A"
        name    = "keys.walletconnect.com"
        # (5 unchanged attributes hidden)

      - alias {
          - evaluate_target_health = true -> null
          - name                   = "prod-keyserver-lb-3a8-b386cfa05af63d6b.elb.eu-central-1.amazonaws.com" -> null
          - zone_id                = "Z3F0SRJ5LGBH90" -> null
        }
      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # module.ecs.aws_security_group.tls_ingess will be created
  + resource "aws_security_group" "tls_ingess" {
      + arn                    = (known after apply)
      + description            = "Allow tls ingress from everywhere"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 443
            },
        ]
      + name                   = "prod_keyserver-tls-ingress"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.ecs.aws_security_group.vpc_app_ingress will be created
  + resource "aws_security_group" "vpc_app_ingress" {
      + arn                    = (known after apply)
      + description            = "Allow app port ingress from vpc"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = ""
              + from_port        = 8080
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 8080
            },
        ]
      + name                   = "prod_keyserver-vpc-ingress-to-app"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.keystore_docdb.aws_docdb_cluster.docdb_primary must be replaced
-/+ resource "aws_docdb_cluster" "docdb_primary" {
      + apply_immediately               = (known after apply)
      ~ arn                             = "arn:aws:rds:eu-central-1:898587786287:cluster:prod-keyserver-keystore-docdb-primary-cluster" -> (known after apply)
      ~ availability_zones              = [
          - "eu-central-1a",
          - "eu-central-1b",
          - "eu-central-1c",
        ] -> (known after apply)
      + cluster_identifier_prefix       = (known after apply)
      ~ cluster_members                 = [
          - "prod-keyserver-keystore-docdb-primary-instance-0",
          - "prod-keyserver-keystore-docdb-replica-instance-0",
        ] -> (known after apply)
      ~ cluster_resource_id             = "cluster-ZPQ3K3N6OQGRWMP54DWDNTLOQE" -> (known after apply)
      ~ db_cluster_parameter_group_name = "default.docdb4.0" -> (known after apply)
      ~ db_subnet_group_name            = "prod-keyserver-keystore-docdb-private-subnet-group" -> "prod-keyserver-keystore-docdb-new-private-subnet-group" # forces replacement
      - deletion_protection             = false -> null
      ~ endpoint                        = "prod-keyserver-keystore-docdb-primary-cluster.cluster-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)
      ~ engine_version                  = "4.0.0" -> (known after apply)
      ~ hosted_zone_id                  = "Z1ZKU8ZZR6T7FW" -> (known after apply)
      ~ id                              = "prod-keyserver-keystore-docdb-primary-cluster" -> (known after apply)
      ~ preferred_backup_window         = "02:13-02:43" -> (known after apply)
      ~ preferred_maintenance_window    = "thu:00:23-thu:00:53" -> (known after apply)
      ~ reader_endpoint                 = "prod-keyserver-keystore-docdb-primary-cluster.cluster-ro-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)
      - tags                            = {} -> null
      ~ vpc_security_group_ids          = [
          - "sg-0b1eb08038ec4a608",
        ] -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_instances[0] must be replaced
-/+ resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      ~ arn                          = "arn:aws:rds:eu-central-1:898587786287:db:prod-keyserver-keystore-docdb-primary-instance-0" -> (known after apply)
      ~ availability_zone            = "eu-central-1c" -> (known after apply)
      ~ ca_cert_identifier           = "rds-ca-2019" -> (known after apply)
      ~ cluster_identifier           = "prod-keyserver-keystore-docdb-primary-cluster" # forces replacement -> (known after apply) # forces replacement
      ~ db_subnet_group_name         = "prod-keyserver-keystore-docdb-private-subnet-group" -> (known after apply)
      ~ dbi_resource_id              = "db-2MRQIKXNMKZZQSIU66GJRXATSA" -> (known after apply)
      ~ endpoint                     = "prod-keyserver-keystore-docdb-primary-instance-0.cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)
      ~ engine_version               = "4.0.0" -> (known after apply)
      ~ id                           = "prod-keyserver-keystore-docdb-primary-instance-0" -> (known after apply)
      + identifier_prefix            = (known after apply)
      ~ kms_key_id                   = "arn:aws:kms:eu-central-1:898587786287:key/d717b1dc-df2f-48b4-aa33-c0fe0c5b1dc8" -> (known after apply)
      ~ port                         = 27017 -> (known after apply)
      ~ preferred_backup_window      = "02:13-02:43" -> (known after apply)
      ~ preferred_maintenance_window = "sun:03:41-sun:04:11" -> (known after apply)
      ~ publicly_accessible          = false -> (known after apply)
      ~ storage_encrypted            = true -> (known after apply)
      - tags                         = {} -> null
      ~ writer                       = false -> (known after apply)
        # (6 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_replica_instances[0] must be replaced
-/+ resource "aws_docdb_cluster_instance" "docdb_replica_instances" {
      + apply_immediately            = (known after apply)
      ~ arn                          = "arn:aws:rds:eu-central-1:898587786287:db:prod-keyserver-keystore-docdb-replica-instance-0" -> (known after apply)
      ~ availability_zone            = "eu-central-1b" -> (known after apply)
      ~ ca_cert_identifier           = "rds-ca-2019" -> (known after apply)
      ~ cluster_identifier           = "prod-keyserver-keystore-docdb-primary-cluster" # forces replacement -> (known after apply) # forces replacement
      ~ db_subnet_group_name         = "prod-keyserver-keystore-docdb-private-subnet-group" -> (known after apply)
      ~ dbi_resource_id              = "db-UK4BMNPEXZPF3MOXRGTUZVO35Q" -> (known after apply)
      ~ endpoint                     = "prod-keyserver-keystore-docdb-replica-instance-0.cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)
      ~ engine_version               = "4.0.0" -> (known after apply)
      ~ id                           = "prod-keyserver-keystore-docdb-replica-instance-0" -> (known after apply)
      + identifier_prefix            = (known after apply)
      ~ kms_key_id                   = "arn:aws:kms:eu-central-1:898587786287:key/d717b1dc-df2f-48b4-aa33-c0fe0c5b1dc8" -> (known after apply)
      ~ port                         = 27017 -> (known after apply)
      ~ preferred_backup_window      = "02:13-02:43" -> (known after apply)
      ~ preferred_maintenance_window = "mon:21:08-mon:21:38" -> (known after apply)
      ~ publicly_accessible          = false -> (known after apply)
      ~ storage_encrypted            = true -> (known after apply)
      - tags                         = {} -> null
      ~ writer                       = true -> (known after apply)
        # (6 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_subnet_group.new_private_subnets will be created
  + resource "aws_docdb_subnet_group" "new_private_subnets" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "prod-keyserver-keystore-docdb-new-private-subnet-group"
      + name_prefix = (known after apply)
      + subnet_ids  = (known after apply)
      + tags_all    = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.keystore_docdb.aws_security_group.new_service_security_group will be created
  + resource "aws_security_group" "new_service_security_group" {
      + arn                    = (known after apply)
      + description            = "Allow ingress from the application"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
      + name                   = "prod-keyserver-keystore-docdb-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.o11y.data.jsonnet_file.dashboard will be read during apply
  # (config refers to values not yet known)
 <= data "jsonnet_file" "dashboard" {
      + ext_str  = {
          + "cloudwatch_uid"   = "P2kGF7Q4k"
          + "dashboard_title"  = "prod - keyserver"
          + "dashboard_uid"    = "prod-keyserver"
          + "docdb_cluster_id" = "prod-keyserver-keystore-docdb-primary-cluster"
          + "ecs_service_name" = "prod_keyserver-service"
          + "environment"      = "prod"
          + "load_balancer"    = (known after apply)
          + "notifications"    = jsonencode(
                [
                  + {
                      + uid = "NNOynGwVz"
                    },
                ]
            )
          + "prometheus_uid"   = "3EqgoK64k"
          + "target_group"     = (known after apply)
        }
      + id       = (known after apply)
      + rendered = (known after apply)
      + source   = "monitoring/dashboard.jsonnet"
    }

  # module.o11y.grafana_dashboard.main will be updated in-place
  ~ resource "grafana_dashboard" "main" {
      ~ config_json  = jsonencode(
            {
              - __inputs      = []
              - __requires    = []
              - annotations   = {
                  - list = [
                      - {
                          - builtIn    = 1
                          - datasource = "-- Grafana --"
                          - enable     = true
                          - hide       = true
                          - iconColor  = "rgba(0, 211, 255, 1)"
                          - name       = "Annotations & Alerts"
                          - showIn     = 0
                          - target     = {
                              - limit    = 100
                              - matchAny = false
                              - tags     = []
                              - type     = "dashboard"
                            }
                          - type       = "dashboard"
                        },
                    ]
                }
              - editable      = true
              - gnetId        = null
              - graphTooltip  = 1
              - hideControls  = false
              - links         = []
              - liveNow       = false
              - panels        = [
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "CPU_Avg",
                                          - "25m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "max"
                                    }
                                  - type      = "query"
                                },
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "Mem_Avg",
                                          - "25m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "max"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "25m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver App CPU/Memory"
                          - name                = "prod Keyserver App CPU/Memory alert"
                          - noDataState         = "alerting"
                          - notifications       = []
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 30
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 50
                                        },
                                    ]
                                }
                              - unit       = "percent"
                            }
                          - overrides = [
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                            ]
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 0
                          - y = 0
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "CPU (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "CPU (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                          - {
                              - alias            = "Memory (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "MemoryUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "Mem_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "Memory (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "MemoryUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "Mem_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "App CPU/Memory"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 5
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 12
                          - y = 0
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "Hosts Count"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {}
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "HealthyHostCount"
                              - metricQueryType  = 1
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - sql              = {
                                  - from   = {
                                      - property = {
                                          - name = "AWS/NetworkELB"
                                          - type = "string"
                                        }
                                      - type     = "property"
                                    }
                                  - select = {
                                      - name       = "MAX"
                                      - parameters = [
                                          - {
                                              - name = "HealthyHostCount"
                                              - type = "functionParameter"
                                            },
                                        ]
                                      - type       = "function"
                                    }
                                  - where  = {
                                      - expressions = [
                                          - {
                                              - operator = {
                                                  - name  = "="
                                                  - value = "net/prod-keyserver-lb-3a8/b386cfa05af63d6b"
                                                }
                                              - property = {
                                                  - name = "LoadBalancer"
                                                  - type = "string"
                                                }
                                              - type     = "operator"
                                            },
                                        ]
                                      - type        = "and"
                                    }
                                }
                              - sqlExpression    = "SELECT MAX(HealthyHostCount) FROM \"AWS/NetworkELB\" WHERE LoadBalancer = 'net/prod-keyserver-lb-3a8/b386cfa05af63d6b'"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "Healthy Hosts"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 100
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 0
                          - y = 8
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "LB-0"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - LoadBalancer = "net/prod-keyserver-lb-3a8/b386cfa05af63d6b"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "ActiveFlowCount_TLS"
                              - metricQueryType  = 0
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                        ]
                      - title         = "Active NLB Flows"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = "When the NLB has connection failures to the targets then these jump. We for instance had this when we had a too low file descriptor limit."
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 250
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 80
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 12
                          - y = 8
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "LB-0"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - LoadBalancer = "net/prod-keyserver-lb-3a8/b386cfa05af63d6b"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "TCP_Target_Reset_Count"
                              - metricQueryType  = 0
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - statistic        = "Sum"
                            },
                        ]
                      - title         = "NLB Target Resets"
                      - type          = "timeseries"
                    },
                  - {
                      - content     = "# DocumentDB"
                      - datasource  = null
                      - gridPos     = {
                          - h = 4
                          - w = 24
                          - x = 0
                          - y = 16
                        }
                      - mode        = "markdown"
                      - title       = ""
                      - transparent = true
                      - type        = "text"
                    },
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "CPU_Max",
                                          - "5m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "avg"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "5m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver DocumentDB CPU alert"
                          - name                = "prod Keyserver DocumentDB CPU alert"
                          - noDataState         = "alerting"
                          - notifications       = [
                              - {
                                  - uid = "NNOynGwVz"
                                },
                            ]
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 30
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 50
                                        },
                                    ]
                                }
                              - unit       = "percent"
                            }
                          - overrides = [
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                            ]
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 8
                          - x = 0
                          - y = 20
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "CPU (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/DocDB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "CPU (Avg)"
                              - datasource       = {
                                  - type = "cl
...

Action: pull_request

@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/1eb4a256-d387-44df-8cc9-0ecdcd4d703b/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"
        name                               = "staging_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging_keyserver" -> (known after apply)
      ~ revision                 = 61 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.keystore_docdb.aws_docdb_cluster.docdb_primary must be replaced
-/+ resource "aws_docdb_cluster" "docdb_primary" {
      + apply_immediately               = (known after apply)
      ~ arn                             = "arn:aws:rds:eu-central-1:898587786287:cluster:staging-keyserver-keystore-docdb-primary-cluster" -> (known after apply)
      ~ availability_zones              = [
          - "eu-central-1a",
          - "eu-central-1b",
          - "eu-central-1c",
        ] -> (known after apply)
      + cluster_identifier_prefix       = (known after apply)
      ~ cluster_members                 = [
          - "staging-keyserver-keystore-docdb-primary-instance-0",
        ] -> (known after apply)
      ~ cluster_resource_id             = "cluster-IHQNJWC63NKRELS7LEYFYOE5KE" -> (known after apply)
      ~ db_cluster_parameter_group_name = "default.docdb5.0" -> (known after apply)
      ~ db_subnet_group_name            = "staging-keyserver-keystore-docdb-private-subnet-group" -> "staging-keyserver-keystore-docdb-new-private-subnet-group" # forces replacement
      - deletion_protection             = false -> null
      ~ endpoint                        = "staging-keyserver-keystore-docdb-primary-cluster.cluster-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)
      ~ engine_version                  = "5.0.0" -> (known after apply)
      ~ hosted_zone_id                  = "Z1ZKU8ZZR6T7FW" -> (known after apply)
      ~ id                              = "staging-keyserver-keystore-docdb-primary-cluster" -> (known after apply)
      ~ preferred_backup_window         = "22:12-22:42" -> (known after apply)
      ~ preferred_maintenance_window    = "sat:21:17-sat:21:47" -> (known after apply)
      ~ reader_endpoint                 = "staging-keyserver-keystore-docdb-primary-cluster.cluster-ro-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)
      - tags                            = {} -> null
      ~ vpc_security_group_ids          = [
          - "sg-01de29cd9149d5d29",
        ] -> (known after apply)
        # (11 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_instances[0] must be replaced
-/+ resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      ~ arn                          = "arn:aws:rds:eu-central-1:898587786287:db:staging-keyserver-keystore-docdb-primary-instance-0" -> (known after apply)
      ~ availability_zone            = "eu-central-1c" -> (known after apply)
      ~ ca_cert_identifier           = "rds-ca-2019" -> (known after apply)
      ~ cluster_identifier           = "staging-keyserver-keystore-docdb-primary-cluster" # forces replacement -> (known after apply) # forces replacement
      ~ db_subnet_group_name         = "staging-keyserver-keystore-docdb-private-subnet-group" -> (known after apply)
      ~ dbi_resource_id              = "db-GF34S7DWNQQBQUS4WCMKJKNQSA" -> (known after apply)
      ~ endpoint                     = "staging-keyserver-keystore-docdb-primary-instance-0.cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)
      ~ engine_version               = "5.0.0" -> (known after apply)
      ~ id                           = "staging-keyserver-keystore-docdb-primary-instance-0" -> (known after apply)
      + identifier_prefix            = (known after apply)
      ~ kms_key_id                   = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> (known after apply)
      ~ port                         = 27017 -> (known after apply)
      ~ preferred_backup_window      = "22:12-22:42" -> (known after apply)
      ~ preferred_maintenance_window = "fri:02:49-fri:03:19" -> (known after apply)
      ~ publicly_accessible          = false -> (known after apply)
      ~ storage_encrypted            = true -> (known after apply)
      - tags                         = {} -> null
      ~ writer                       = true -> (known after apply)
        # (6 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_subnet_group.new_private_subnets will be created
  + resource "aws_docdb_subnet_group" "new_private_subnets" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "staging-keyserver-keystore-docdb-new-private-subnet-group"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-0851c91f1a82ece18",
          + "subnet-0f59998ee3eeb6b29",
          + "subnet-0fe665bde6c07d332",
        ]
      + tags_all    = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place
  ~ resource "aws_docdb_subnet_group" "private_subnets" {
        id          = "staging-keyserver-keystore-docdb-private-subnet-group"
        name        = "staging-keyserver-keystore-docdb-private-subnet-group"
      ~ subnet_ids  = [
          - "subnet-0851c91f1a82ece18",
          - "subnet-0f59998ee3eeb6b29",
          - "subnet-0fe665bde6c07d332",
          + "subnet-006f9fc131af3565e",
          + "subnet-05894f2d41c0e8b45",
          + "subnet-06557bf48886434f1",
        ]
        tags        = {}
        # (3 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_security_group.new_service_security_group will be created
  + resource "aws_security_group" "new_service_security_group" {
      + arn                    = (known after apply)
      + description            = "Allow ingress from the application"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
      + name                   = "staging-keyserver-keystore-docdb-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = "vpc-08d4ffa8940e11aa5"
    }

  # module.keystore_docdb.aws_security_group.service_security_group must be replaced
-/+ resource "aws_security_group" "service_security_group" {
      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)
      ~ egress                 = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow outbound traffic from the DocDB cluster"
              - from_port        = 0
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "-1"
              - security_groups  = []
              - self             = false
              - to_port          = 0
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)
      ~ ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow inbound traffic to the DocDB cluster"
              - from_port        = 27017
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 27017
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
        name                   = "staging-keyserver-keystore-docdb-service"
      + name_prefix            = (known after apply)
      ~ owner_id               = "898587786287" -> (known after apply)
      - tags                   = {} -> null
      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement
        # (3 unchanged attributes hidden)
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be updated in-place
  ~ resource "aws_cloudwatch_metric_alarm" "main" {
      ~ dimensions                = {
          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"
        } -> (known after apply)
        id                        = "staging-keyserver-docdb-autoscaling-0"
        tags                      = {}
        # (16 unchanged attributes hidden)
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be updated in-place
  ~ resource "aws_lambda_function" "main" {
        id                             = "staging-keyserver-docdb-autoscaling"
        tags                           = {}
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"
              - "max_capacity"       = "6"
              - "min_capacity"       = "0"
            } -> (known after apply)
        }

        # (1 unchanged block hidden)
    }

Plan: 6 to add, 5 to change, 4 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  + create%0A  ~ update in-place%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"%0A        name                               = "staging_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "staging_keyserver" -> (known after apply)%0A      ~ revision                 = 61 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster.docdb_primary must be replaced%0A-/+ resource "aws_docdb_cluster" "docdb_primary" {%0A      + apply_immediately               = (known after apply)%0A      ~ arn                             = "arn:aws:rds:eu-central-1:898587786287:cluster:staging-keyserver-keystore-docdb-primary-cluster" -> (known after apply)%0A      ~ availability_zones              = [%0A          - "eu-central-1a",%0A          - "eu-central-1b",%0A          - "eu-central-1c",%0A        ] -> (known after apply)%0A      + cluster_identifier_prefix       = (known after apply)%0A      ~ cluster_members                 = [%0A          - "staging-keyserver-keystore-docdb-primary-instance-0",%0A        ] -> (known after apply)%0A      ~ cluster_resource_id             = "cluster-IHQNJWC63NKRELS7LEYFYOE5KE" -> (known after apply)%0A      ~ db_cluster_parameter_group_name = "default.docdb5.0" -> (known after apply)%0A      ~ db_subnet_group_name            = "staging-keyserver-keystore-docdb-private-subnet-group" -> "staging-keyserver-keystore-docdb-new-private-subnet-group" # forces replacement%0A      - deletion_protection             = false -> null%0A      ~ endpoint                        = "staging-keyserver-keystore-docdb-primary-cluster.cluster-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)%0A      ~ engine_version                  = "5.0.0" -> (known after apply)%0A      ~ hosted_zone_id                  = "Z1ZKU8ZZR6T7FW" -> (known after apply)%0A      ~ id                              = "staging-keyserver-keystore-docdb-primary-cluster" -> (known after apply)%0A      ~ preferred_backup_window         = "22:12-22:42" -> (known after apply)%0A      ~ preferred_maintenance_window    = "sat:21:17-sat:21:47" -> (known after apply)%0A      ~ reader_endpoint                 = "staging-keyserver-keystore-docdb-primary-cluster.cluster-ro-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)%0A      - tags                            = {} -> null%0A      ~ vpc_security_group_ids          = [%0A          - "sg-01de29cd9149d5d29",%0A        ] -> (known after apply)%0A        # (11 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_instances[0] must be replaced%0A-/+ resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      + apply_immediately            = (known after apply)%0A      ~ arn                          = "arn:aws:rds:eu-central-1:898587786287:db:staging-keyserver-keystore-docdb-primary-instance-0" -> (known after apply)%0A      ~ availability_zone            = "eu-central-1c" -> (known after apply)%0A      ~ ca_cert_identifier           = "rds-ca-2019" -> (known after apply)%0A      ~ cluster_identifier           = "staging-keyserver-keystore-docdb-primary-cluster" # forces replacement -> (known after apply) # forces replacement%0A      ~ db_subnet_group_name         = "staging-keyserver-keystore-docdb-private-subnet-group" -> (known after apply)%0A      ~ dbi_resource_id              = "db-GF34S7DWNQQBQUS4WCMKJKNQSA" -> (known after apply)%0A      ~ endpoint                     = "staging-keyserver-keystore-docdb-primary-instance-0.cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> (known after apply)%0A      ~ engine_version               = "5.0.0" -> (known after apply)%0A      ~ id                           = "staging-keyserver-keystore-docdb-primary-instance-0" -> (known after apply)%0A      + identifier_prefix            = (known after apply)%0A      ~ kms_key_id                   = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> (known after apply)%0A      ~ port                         = 27017 -> (known after apply)%0A      ~ preferred_backup_window      = "22:12-22:42" -> (known after apply)%0A      ~ preferred_maintenance_window = "fri:02:49-fri:03:19" -> (known after apply)%0A      ~ publicly_accessible          = false -> (known after apply)%0A      ~ storage_encrypted            = true -> (known after apply)%0A      - tags                         = {} -> null%0A      ~ writer                       = true -> (known after apply)%0A        # (6 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_subnet_group.new_private_subnets will be created%0A  + resource "aws_docdb_subnet_group" "new_private_subnets" {%0A      + arn         = (known after apply)%0A      + description = "Managed by Terraform"%0A      + id          = (known after apply)%0A      + name        = "staging-keyserver-keystore-docdb-new-private-subnet-group"%0A      + name_prefix = (known after apply)%0A      + subnet_ids  = [%0A          + "subnet-0851c91f1a82ece18",%0A          + "subnet-0f59998ee3eeb6b29",%0A          + "subnet-0fe665bde6c07d332",%0A        ]%0A      + tags_all    = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place%0A  ~ resource "aws_docdb_subnet_group" "private_subnets" {%0A        id          = "staging-keyserver-keystore-docdb-private-subnet-group"%0A        name        = "staging-keyserver-keystore-docdb-private-subnet-group"%0A      ~ subnet_ids  = [%0A          - "subnet-0851c91f1a82ece18",%0A          - "subnet-0f59998ee3eeb6b29",%0A          - "subnet-0fe665bde6c07d332",%0A          + "subnet-006f9fc131af3565e",%0A          + "subnet-05894f2d41c0e8b45",%0A          + "subnet-06557bf48886434f1",%0A        ]%0A        tags        = {}%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_security_group.new_service_security_group will be created%0A  + resource "aws_security_group" "new_service_security_group" {%0A      + arn                    = (known after apply)%0A      + description            = "Allow ingress from the application"%0A      + egress                 = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      + id                     = (known after apply)%0A      + ingress                = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A      + name                   = "staging-keyserver-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      + owner_id               = (known after apply)%0A      + revoke_rules_on_delete = false%0A      + tags_all               = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_id                 = "vpc-08d4ffa8940e11aa5"%0A    }%0A%0A  # module.keystore_docdb.aws_security_group.service_security_group must be replaced%0A-/+ resource "aws_security_group" "service_security_group" {%0A      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ egress                 = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow outbound traffic from the DocDB cluster"%0A              - from_port        = 0%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "-1"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 0%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ ingress                = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow inbound traffic to the DocDB cluster"%0A              - from_port        = 27017%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "tcp"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 27017%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A        name                   = "staging-keyserver-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      ~ owner_id               = "898587786287" -> (known after apply)%0A      - tags                   = {} -> null%0A      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be updated in-place%0A  ~ resource "aws_cloudwatch_metric_alarm" "main" {%0A      ~ dimensions                = {%0A          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A        } -> (known after apply)%0A        id                        = "staging-keyserver-docdb-autoscaling-0"%0A        tags                      = {}%0A        # (16 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be updated in-place%0A  ~ resource "aws_lambda_function" "main" {%0A        id                             = "staging-keyserver-docdb-autoscaling"%0A        tags                           = {}%0A        # (20 unchanged attributes hidden)%0A%0A      ~ environment {%0A          ~ variables = {%0A              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A              - "max_capacity"       = "6"%0A              - "min_capacity"       = "0"%0A            } -> (known after apply)%0A        }%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0APlan: 6 to add, 5 to change, 4 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@xav xav temporarily deployed to infra/prod August 7, 2023 21:28 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 7, 2023 22:10 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/staging August 7, 2023 22:10 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/2e7857a9-979b-499d-b894-69aaa1032c39/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"
        name                               = "staging_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging_keyserver" -> (known after apply)
      ~ revision                 = 61 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be updated in-place
  ~ resource "aws_docdb_cluster" "docdb_primary" {
      ~ deletion_protection             = false -> true
        id                              = "staging-keyserver-keystore-docdb-primary-cluster"
        tags                            = {}
      ~ vpc_security_group_ids          = [
          - "sg-01de29cd9149d5d29",
        ] -> (known after apply)
        # (23 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place
  ~ resource "aws_docdb_subnet_group" "private_subnets" {
        id          = "staging-keyserver-keystore-docdb-private-subnet-group"
        name        = "staging-keyserver-keystore-docdb-private-subnet-group"
      ~ subnet_ids  = [
          - "subnet-0851c91f1a82ece18",
          - "subnet-0f59998ee3eeb6b29",
          - "subnet-0fe665bde6c07d332",
          + "subnet-006f9fc131af3565e",
          + "subnet-05894f2d41c0e8b45",
          + "subnet-06557bf48886434f1",
        ]
        tags        = {}
        # (3 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_security_group.service_security_group must be replaced
-/+ resource "aws_security_group" "service_security_group" {
      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)
      ~ egress                 = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow outbound traffic from the DocDB cluster"
              - from_port        = 0
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "-1"
              - security_groups  = []
              - self             = false
              - to_port          = 0
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)
      ~ ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow inbound traffic to the DocDB cluster"
              - from_port        = 27017
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 27017
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
        name                   = "staging-keyserver-keystore-docdb-service"
      + name_prefix            = (known after apply)
      ~ owner_id               = "898587786287" -> (known after apply)
      - tags                   = {} -> null
      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement
        # (3 unchanged attributes hidden)
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed
  # (because aws_cloudwatch_log_group.main is not in configuration)
  - resource "aws_cloudwatch_log_group" "main" {
      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - retention_in_days = 7 -> null
      - tags              = {} -> null
      - tags_all          = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed
  # (because aws_cloudwatch_metric_alarm.main is not in configuration)
  - resource "aws_cloudwatch_metric_alarm" "main" {
      - actions_enabled           = true -> null
      - alarm_actions             = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null
      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null
      - comparison_operator       = "GreaterThanThreshold" -> null
      - datapoints_to_alarm       = 0 -> null
      - dimensions                = {
          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"
        } -> null
      - evaluation_periods        = 1 -> null
      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null
      - insufficient_data_actions = [] -> null
      - metric_name               = "CPUUtilization" -> null
      - namespace                 = "AWS/DocDB" -> null
      - ok_actions                = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - period                    = 300 -> null
      - statistic                 = "Average" -> null
      - tags                      = {} -> null
      - tags_all                  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - threshold                 = 80 -> null
      - treat_missing_data        = "missing" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed
  # (because aws_iam_policy.lambda is not in configuration)
  - resource "aws_iam_policy" "lambda" {
      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"
                    },
                  - {
                      - Action   = [
                          - "rds:DescribeDBInstances",
                          - "rds:DescribeDBClusters",
                          - "rds:CreateDBInstance",
                          - "rds:DeleteDBInstance",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:rds:eu-central-1:898587786287:*",
                        ]
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null
      - tags      = {} -> null
      - tags_all  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed
  # (because aws_iam_role.lambda is not in configuration)
  - resource "aws_iam_role" "lambda" {
      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2023-08-07T15:13:40Z" -> null
      - force_detach_policies = false -> null
      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null

      - inline_policy {}
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed
  # (because aws_iam_role_policy_attachment.lambda is not in configuration)
  - resource "aws_iam_role_policy_attachment" "lambda" {
      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null
      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed
  # (because aws_lambda_function.main is not in configuration)
  - resource "aws_lambda_function" "main" {
      - architectures                  = [
          - "x86_64",
        ] -> null
      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null
      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null
      - handler                        = "index.handler" -> null
      - id                             = "staging-keyserver-docdb-autoscaling" -> null
      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null
      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 128 -> null
      - package_type                   = "Zip" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - runtime                        = "python3.9" -> null
      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null
      - source_code_size               = 1933 -> null
      - tags                           = {} -> null
      - tags_all                       = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - timeout                        = 3 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"
              - "max_capacity"       = "6"
              - "min_capacity"       = "0"
            } -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed
  # (because aws_lambda_permission.sns is not in configuration)
  - resource "aws_lambda_permission" "sns" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - id            = "AllowSubscriptionToSNS" -> null
      - principal     = "sns.amazonaws.com" -> null
      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - statement_id  = "AllowSubscriptionToSNS" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed
  # (because aws_sns_topic.main is not in configuration)
  - resource "aws_sns_topic" "main" {
      - application_success_feedback_sample_rate = 0 -> null
      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - content_based_deduplication              = false -> null
      - fifo_topic                               = false -> null
      - firehose_success_feedback_sample_rate    = 0 -> null
      - http_success_feedback_sample_rate        = 0 -> null
      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - lambda_success_feedback_sample_rate      = 0 -> null
      - name                                     = "staging-keyserver-docdb-autoscaling" -> null
      - owner                                    = "898587786287" -> null
      - policy                                   = jsonencode(
            {
              - Id        = "__default_policy_ID"
              - Statement = [
                  - {
                      - Action    = [
                          - "SNS:GetTopicAttributes",
                          - "SNS:SetTopicAttributes",
                          - "SNS:AddPermission",
                          - "SNS:RemovePermission",
                          - "SNS:DeleteTopic",
                          - "SNS:Subscribe",
                          - "SNS:ListSubscriptionsByTopic",
                          - "SNS:Publish",
                        ]
                      - Condition = {
                          - StringEquals = {
                              - "AWS:SourceOwner" = "898587786287"
                            }
                        }
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"
                      - Sid       = "__default_statement_ID"
                    },
                ]
              - Version   = "2008-10-17"
            }
        ) -> null
      - sqs_success_feedback_sample_rate         = 0 -> null
      - tags                                     = {} -> null
      - tags_all                                 = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed
  # (because aws_sns_topic_subscription.main is not in configuration)
  - resource "aws_sns_topic_subscription" "main" {
      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - confirmation_timeout_in_minutes = 1 -> null
      - confirmation_was_authenticated  = true -> null
      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - endpoint_auto_confirms          = false -> null
      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - owner_id                        = "898587786287" -> null
      - pending_confirmation            = false -> null
      - protocol                        = "lambda" -> null
      - raw_message_delivery            = false -> null
      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
    }

Plan: 2 to add, 4 to change, 11 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  ~ update in-place%0A  - destroy%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"%0A        name                               = "staging_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "staging_keyserver" -> (known after apply)%0A      ~ revision                 = 61 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be updated in-place%0A  ~ resource "aws_docdb_cluster" "docdb_primary" {%0A      ~ deletion_protection             = false -> true%0A        id                              = "staging-keyserver-keystore-docdb-primary-cluster"%0A        tags                            = {}%0A      ~ vpc_security_group_ids          = [%0A          - "sg-01de29cd9149d5d29",%0A        ] -> (known after apply)%0A        # (23 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place%0A  ~ resource "aws_docdb_subnet_group" "private_subnets" {%0A        id          = "staging-keyserver-keystore-docdb-private-subnet-group"%0A        name        = "staging-keyserver-keystore-docdb-private-subnet-group"%0A      ~ subnet_ids  = [%0A          - "subnet-0851c91f1a82ece18",%0A          - "subnet-0f59998ee3eeb6b29",%0A          - "subnet-0fe665bde6c07d332",%0A          + "subnet-006f9fc131af3565e",%0A          + "subnet-05894f2d41c0e8b45",%0A          + "subnet-06557bf48886434f1",%0A        ]%0A        tags        = {}%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_security_group.service_security_group must be replaced%0A-/+ resource "aws_security_group" "service_security_group" {%0A      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ egress                 = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow outbound traffic from the DocDB cluster"%0A              - from_port        = 0%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "-1"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 0%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ ingress                = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow inbound traffic to the DocDB cluster"%0A              - from_port        = 27017%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "tcp"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 27017%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A        name                   = "staging-keyserver-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      ~ owner_id               = "898587786287" -> (known after apply)%0A      - tags                   = {} -> null%0A      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed%0A  # (because aws_cloudwatch_log_group.main is not in configuration)%0A  - resource "aws_cloudwatch_log_group" "main" {%0A      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - retention_in_days = 7 -> null%0A      - tags              = {} -> null%0A      - tags_all          = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed%0A  # (because aws_cloudwatch_metric_alarm.main is not in configuration)%0A  - resource "aws_cloudwatch_metric_alarm" "main" {%0A      - actions_enabled           = true -> null%0A      - alarm_actions             = [%0A          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",%0A        ] -> null%0A      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null%0A      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null%0A      - comparison_operator       = "GreaterThanThreshold" -> null%0A      - datapoints_to_alarm       = 0 -> null%0A      - dimensions                = {%0A          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A        } -> null%0A      - evaluation_periods        = 1 -> null%0A      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null%0A      - insufficient_data_actions = [] -> null%0A      - metric_name               = "CPUUtilization" -> null%0A      - namespace                 = "AWS/DocDB" -> null%0A      - ok_actions                = [%0A          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",%0A        ] -> null%0A      - period                    = 300 -> null%0A      - statistic                 = "Average" -> null%0A      - tags                      = {} -> null%0A      - tags_all                  = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - threshold                 = 80 -> null%0A      - treat_missing_data        = "missing" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed%0A  # (because aws_iam_policy.lambda is not in configuration)%0A  - resource "aws_iam_policy" "lambda" {%0A      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - path      = "/" -> null%0A      - policy    = jsonencode(%0A            {%0A              - Statement = [%0A                  - {%0A                      - Action   = [%0A                          - "logs:CreateLogStream",%0A                          - "logs:CreateLogGroup",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"%0A                    },%0A                  - {%0A                      - Action   = [%0A                          - "logs:PutLogEvents",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"%0A                    },%0A                  - {%0A                      - Action   = [%0A                          - "rds:DescribeDBInstances",%0A                          - "rds:DescribeDBClusters",%0A                          - "rds:CreateDBInstance",%0A                          - "rds:DeleteDBInstance",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = [%0A                          - "arn:aws:rds:eu-central-1:898587786287:*",%0A                        ]%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null%0A      - tags      = {} -> null%0A      - tags_all  = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed%0A  # (because aws_iam_role.lambda is not in configuration)%0A  - resource "aws_iam_role" "lambda" {%0A      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - assume_role_policy    = jsonencode(%0A            {%0A              - Statement = [%0A                  - {%0A                      - Action    = "sts:AssumeRole"%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - Service = "lambda.amazonaws.com"%0A                        }%0A                      - Sid       = ""%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - create_date           = "2023-08-07T15:13:40Z" -> null%0A      - force_detach_policies = false -> null%0A      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - managed_policy_arns   = [%0A          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",%0A        ] -> null%0A      - max_session_duration  = 3600 -> null%0A      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - path                  = "/" -> null%0A      - tags                  = {} -> null%0A      - tags_all              = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null%0A%0A      - inline_policy {}%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed%0A  # (because aws_iam_role_policy_attachment.lambda is not in configuration)%0A  - resource "aws_iam_role_policy_attachment" "lambda" {%0A      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null%0A      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed%0A  # (because aws_lambda_function.main is not in configuration)%0A  - resource "aws_lambda_function" "main" {%0A      - architectures                  = [%0A          - "x86_64",%0A        ] -> null%0A      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null%0A      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null%0A      - handler                        = "index.handler" -> null%0A      - id                             = "staging-keyserver-docdb-autoscaling" -> null%0A      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null%0A      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null%0A      - layers                         = [] -> null%0A      - memory_size                    = 128 -> null%0A      - package_type                   = "Zip" -> null%0A      - publish                        = false -> null%0A      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null%0A      - reserved_concurrent_executions = -1 -> null%0A      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - runtime                        = "python3.9" -> null%0A      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null%0A      - source_code_size               = 1933 -> null%0A      - tags                           = {} -> null%0A      - tags_all                       = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - timeout                        = 3 -> null%0A      - version                        = "$LATEST" -> null%0A%0A      - environment {%0A          - variables = {%0A              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A              - "max_capacity"       = "6"%0A              - "min_capacity"       = "0"%0A            } -> null%0A        }%0A%0A      - tracing_config {%0A          - mode = "PassThrough" -> null%0A        }%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed%0A  # (because aws_lambda_permission.sns is not in configuration)%0A  - resource "aws_lambda_permission" "sns" {%0A      - action        = "lambda:InvokeFunction" -> null%0A      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - id            = "AllowSubscriptionToSNS" -> null%0A      - principal     = "sns.amazonaws.com" -> null%0A      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - statement_id  = "AllowSubscriptionToSNS" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed%0A  # (because aws_sns_topic.main is not in configuration)%0A  - resource "aws_sns_topic" "main" {%0A      - application_success_feedback_sample_rate = 0 -> null%0A      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - content_based_deduplication              = false -> null%0A      - fifo_topic                               = false -> null%0A      - firehose_success_feedback_sample_rate    = 0 -> null%0A      - http_success_feedback_sample_rate        = 0 -> null%0A      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - lambda_success_feedback_sample_rate      = 0 -> null%0A      - name                                     = "staging-keyserver-docdb-autoscaling" -> null%0A      - owner                                    = "898587786287" -> null%0A      - policy                                   = jsonencode(%0A            {%0A              - Id        = "__default_policy_ID"%0A              - Statement = [%0A                  - {%0A                      - Action    = [%0A                          - "SNS:GetTopicAttributes",%0A                          - "SNS:SetTopicAttributes",%0A                          - "SNS:AddPermission",%0A                          - "SNS:RemovePermission",%0A                          - "SNS:DeleteTopic",%0A                          - "SNS:Subscribe",%0A                          - "SNS:ListSubscriptionsByTopic",%0A                          - "SNS:Publish",%0A                        ]%0A                      - Condition = {%0A                          - StringEquals = {%0A                              - "AWS:SourceOwner" = "898587786287"%0A                            }%0A                        }%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - AWS = "*"%0A                        }%0A                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"%0A                      - Sid       = "__default_statement_ID"%0A                    },%0A                ]%0A              - Version   = "2008-10-17"%0A            }%0A        ) -> null%0A      - sqs_success_feedback_sample_rate         = 0 -> null%0A      - tags                                     = {} -> null%0A      - tags_all                                 = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed%0A  # (because aws_sns_topic_subscription.main is not in configuration)%0A  - resource "aws_sns_topic_subscription" "main" {%0A      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null%0A      - confirmation_timeout_in_minutes = 1 -> null%0A      - confirmation_was_authenticated  = true -> null%0A      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - endpoint_auto_confirms          = false -> null%0A      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null%0A      - owner_id                        = "898587786287" -> null%0A      - pending_confirmation            = false -> null%0A      - protocol                        = "lambda" -> null%0A      - raw_message_delivery            = false -> null%0A      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A    }%0A%0APlan: 2 to add, 4 to change, 11 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/a5419c36-2355-40c5-b289-aac2983da5a3/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
+/- create replacement and then destroy
 <= read (data resources)

Terraform will perform the following actions:

  # module.ecs.aws_alb.network_load_balancer must be replaced
+/- resource "aws_alb" "network_load_balancer" {
      ~ arn                              = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/net/prod-keyserver-lb-3a8/b386cfa05af63d6b" -> (known after apply)
      ~ arn_suffix                       = "net/prod-keyserver-lb-3a8/b386cfa05af63d6b" -> (known after apply)
      ~ dns_name                         = "prod-keyserver-lb-3a8-b386cfa05af63d6b.elb.eu-central-1.amazonaws.com" -> (known after apply)
      ~ id                               = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/net/prod-keyserver-lb-3a8/b386cfa05af63d6b" -> (known after apply)
      ~ internal                         = false -> (known after apply)
      ~ ip_address_type                  = "ipv4" -> (known after apply)
      ~ name                             = "prod-keyserver-lb-3a8" -> (known after apply)
      ~ security_groups                  = [] -> (known after apply)
      ~ subnets                          = [ # forces replacement
          - "subnet-003e71fe834d8ae89",
          - "subnet-01c85562ab20d9798",
          - "subnet-0ee4ef2c9f8840739",
        ] -> (known after apply) # forces replacement
      - tags                             = {} -> null
      ~ vpc_id                           = "vpc-0de9380f8679bfa0d" -> (known after apply)
      ~ zone_id                          = "Z3F0SRJ5LGBH90" -> (known after apply)
        # (4 unchanged attributes hidden)

      - access_logs {
          - enabled = false -> null
        }

      - subnet_mapping {
          - subnet_id = "subnet-003e71fe834d8ae89" -> null
        }
      - subnet_mapping {
          - subnet_id = "subnet-01c85562ab20d9798" -> null
        }
      - subnet_mapping {
          - subnet_id = "subnet-0ee4ef2c9f8840739" -> null
        }
    }

  # module.ecs.aws_appautoscaling_policy.ecs_target_cpu will be created
  + resource "aws_appautoscaling_policy" "ecs_target_cpu" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "application-scaling-policy-cpu"
      + policy_type        = "TargetTrackingScaling"
      + resource_id        = "service/prod_keyserver_cluster/prod_keyserver-service"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + target_tracking_scaling_policy_configuration {
          + disable_scale_in = false
          + target_value     = 80

          + predefined_metric_specification {
              + predefined_metric_type = "ECSServiceAverageCPUUtilization"
            }
        }
    }

  # module.ecs.aws_appautoscaling_policy.ecs_target_memory will be created
  + resource "aws_appautoscaling_policy" "ecs_target_memory" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "application-scaling-policy-memory"
      + policy_type        = "TargetTrackingScaling"
      + resource_id        = "service/prod_keyserver_cluster/prod_keyserver-service"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + target_tracking_scaling_policy_configuration {
          + disable_scale_in = false
          + target_value     = 80

          + predefined_metric_specification {
              + predefined_metric_type = "ECSServiceAverageMemoryUtilization"
            }
        }
    }

  # module.ecs.aws_appautoscaling_target.ecs_target will be created
  + resource "aws_appautoscaling_target" "ecs_target" {
      + id                 = (known after apply)
      + max_capacity       = 8
      + min_capacity       = 2
      + resource_id        = "service/prod_keyserver_cluster/prod_keyserver-service"
      + role_arn           = "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"
    }

  # module.ecs.aws_ecs_service.app_service will be created
  + resource "aws_ecs_service" "app_service" {
      + cluster                            = "arn:aws:ecs:eu-central-1:898587786287:cluster/prod_keyserver_cluster"
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 2
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "prod_keyserver-service"
      + platform_version                   = (known after apply)
      + propagate_tags                     = "TASK_DEFINITION"
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + task_definition                    = (known after apply)
      + wait_for_steady_state              = true

      + load_balancer {
          + container_name   = "prod_keyserver"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.ecs.aws_ecs_task_definition.app_task will be created
  + resource "aws_ecs_task_definition" "app_task" {
      + arn                      = (known after apply)
      + container_definitions    = (sensitive value)
      + cpu                      = "256"
      + execution_role_arn       = "arn:aws:iam::898587786287:role/prod_keyserver_ecs_task_execution_role"
      + family                   = "prod_keyserver"
      + id                       = (known after apply)
      + memory                   = "512"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags_all                 = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + task_role_arn            = "arn:aws:iam::898587786287:role/prod_keyserver_ecs_task_execution_role"

      + runtime_platform {
          + operating_system_family = "LINUX"
        }
    }

  # module.ecs.aws_lb_listener.listener must be replaced
+/- resource "aws_lb_listener" "listener" {
      ~ arn               = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/net/prod-keyserver-lb-3a8/b386cfa05af63d6b/e5607c95c34a4423" -> (known after apply)
      ~ id                = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:listener/net/prod-keyserver-lb-3a8/b386cfa05af63d6b/e5607c95c34a4423" -> (known after apply)
      ~ load_balancer_arn = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:loadbalancer/net/prod-keyserver-lb-3a8/b386cfa05af63d6b" # forces replacement -> (known after apply) # forces replacement
      - tags              = {} -> null
        # (5 unchanged attributes hidden)

      ~ default_action {
          ~ order            = 1 -> (known after apply)
          ~ target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/prod-keyserver-4e6/0de87e574afd3da4" -> (known after apply)
            # (1 unchanged attribute hidden)
        }
    }

  # module.ecs.aws_lb_target_group.target_group must be replaced
+/- resource "aws_lb_target_group" "target_group" {
      ~ arn                                = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/prod-keyserver-4e6/0de87e574afd3da4" -> (known after apply)
      ~ arn_suffix                         = "targetgroup/prod-keyserver-4e6/0de87e574afd3da4" -> (known after apply)
      ~ id                                 = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/prod-keyserver-4e6/0de87e574afd3da4" -> (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      ~ name                               = "prod-keyserver-4e6" -> (known after apply)
      ~ preserve_client_ip                 = "false" -> (known after apply)
      + protocol_version                   = (known after apply)
      - tags                               = {} -> null
      ~ vpc_id                             = "vpc-0de9380f8679bfa0d" # forces replacement -> (known after apply) # forces replacement
        # (9 unchanged attributes hidden)

      ~ health_check {
          ~ matcher             = "200-399" -> (known after apply)
          ~ timeout             = 6 -> (known after apply)
            # (7 unchanged attributes hidden)
        }

      - stickiness {
          - cookie_duration = 0 -> null
          - enabled         = false -> null
          - type            = "source_ip" -> null
        }
    }

  # module.ecs.aws_route53_record.dns_load_balancer will be updated in-place
  ~ resource "aws_route53_record" "dns_load_balancer" {
        id      = "Z098781520DYMYC4P6VDC_keys.walletconnect.com_A"
        name    = "keys.walletconnect.com"
        # (5 unchanged attributes hidden)

      - alias {
          - evaluate_target_health = true -> null
          - name                   = "prod-keyserver-lb-3a8-b386cfa05af63d6b.elb.eu-central-1.amazonaws.com" -> null
          - zone_id                = "Z3F0SRJ5LGBH90" -> null
        }
      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # module.ecs.aws_security_group.tls_ingess will be created
  + resource "aws_security_group" "tls_ingess" {
      + arn                    = (known after apply)
      + description            = "Allow tls ingress from everywhere"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 443
            },
        ]
      + name                   = "prod_keyserver-tls-ingress"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.ecs.aws_security_group.vpc_app_ingress will be created
  + resource "aws_security_group" "vpc_app_ingress" {
      + arn                    = (known after apply)
      + description            = "Allow app port ingress from vpc"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = ""
              + from_port        = 8080
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 8080
            },
        ]
      + name                   = "prod_keyserver-vpc-ingress-to-app"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = "prod-keyserver-keystore-docdb-primary-cluster"
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "prod-keyserver-keystore-docdb-primary-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 0
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_replica_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_replica_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = "prod-keyserver-keystore-docdb-primary-cluster"
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "prod-keyserver-keystore-docdb-replica-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 1
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.o11y.data.jsonnet_file.dashboard will be read during apply
  # (config refers to values not yet known)
 <= data "jsonnet_file" "dashboard" {
      + ext_str  = {
          + "cloudwatch_uid"   = "P2kGF7Q4k"
          + "dashboard_title"  = "prod - keyserver"
          + "dashboard_uid"    = "prod-keyserver"
          + "docdb_cluster_id" = "prod-keyserver-keystore-docdb-primary-cluster"
          + "ecs_service_name" = "prod_keyserver-service"
          + "environment"      = "prod"
          + "load_balancer"    = (known after apply)
          + "notifications"    = jsonencode(
                [
                  + {
                      + uid = "NNOynGwVz"
                    },
                ]
            )
          + "prometheus_uid"   = "3EqgoK64k"
          + "target_group"     = (known after apply)
        }
      + id       = (known after apply)
      + rendered = (known after apply)
      + source   = "monitoring/dashboard.jsonnet"
    }

  # module.o11y.grafana_dashboard.main will be updated in-place
  ~ resource "grafana_dashboard" "main" {
      ~ config_json  = jsonencode(
            {
              - __inputs      = []
              - __requires    = []
              - annotations   = {
                  - list = [
                      - {
                          - builtIn    = 1
                          - datasource = "-- Grafana --"
                          - enable     = true
                          - hide       = true
                          - iconColor  = "rgba(0, 211, 255, 1)"
                          - name       = "Annotations & Alerts"
                          - showIn     = 0
                          - target     = {
                              - limit    = 100
                              - matchAny = false
                              - tags     = []
                              - type     = "dashboard"
                            }
                          - type       = "dashboard"
                        },
                    ]
                }
              - editable      = true
              - gnetId        = null
              - graphTooltip  = 1
              - hideControls  = false
              - links         = []
              - liveNow       = false
              - panels        = [
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "CPU_Avg",
                                          - "25m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "max"
                                    }
                                  - type      = "query"
                                },
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "Mem_Avg",
                                          - "25m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "max"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "25m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver App CPU/Memory"
                          - name                = "prod Keyserver App CPU/Memory alert"
                          - noDataState         = "alerting"
                          - notifications       = []
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 30
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 50
                                        },
                                    ]
                                }
                              - unit       = "percent"
                            }
                          - overrides = [
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                            ]
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 0
                          - y = 0
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "CPU (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "CPU (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                          - {
                              - alias            = "Memory (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "MemoryUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "Mem_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "Memory (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "MemoryUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "Mem_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "App CPU/Memory"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 5
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 12
                          - y = 0
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "Hosts Count"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {}
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "HealthyHostCount"
                              - metricQueryType  = 1
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - sql              = {
                                  - from   = {
                                      - property = {
                                          - name = "AWS/NetworkELB"
                                          - type = "string"
                                        }
                                      - type     = "property"
                                    }
                                  - select = {
                                      - name       = "MAX"
                                      - parameters = [
                                          - {
                                              - name = "HealthyHostCount"
                                              - type = "functionParameter"
                                            },
                                        ]
                                      - type       = "function"
                                    }
                                  - where  = {
                                      - expressions = [
                                          - {
                                              - operator = {
                                                  - name  = "="
                                                  - value = "net/prod-keyserver-lb-3a8/b386cfa05af63d6b"
                                                }
                                              - property = {
                                                  - name = "LoadBalancer"
                                                  - type = "string"
                                                }
                                              - type     = "operator"
                                            },
                                        ]
                                      - type        = "and"
                                    }
                                }
                              - sqlExpression    = "SELECT MAX(HealthyHostCount) FROM \"AWS/NetworkELB\" WHERE LoadBalancer = 'net/prod-keyserver-lb-3a8/b386cfa05af63d6b'"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "Healthy Hosts"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 100
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 0
                          - y = 8
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "LB-0"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - LoadBalancer = "net/prod-keyserver-lb-3a8/b386cfa05af63d6b"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "ActiveFlowCount_TLS"
                              - metricQueryType  = 0
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                        ]
                      - title         = "Active NLB Flows"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = "When the NLB has connection failures to the targets then these jump. We for instance had this when we had a too low file descriptor limit."
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 250
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 80
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 12
                          - y = 8
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "LB-0"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - LoadBalancer = "net/prod-keyserver-lb-3a8/b386cfa05af63d6b"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "TCP_Target_Reset_Count"
                              - metricQueryType  = 0
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - statistic        = "Sum"
                            },
                        ]
                      - title         = "NLB Target Resets"
                      - type          = "timeseries"
                    },
                  - {
                      - content     = "# DocumentDB"
                      - datasource  = null
                      - gridPos     = {
                          - h = 4
                          - w = 24
                          - x = 0
                          - y = 16
                        }
                      - mode        = "markdown"
                      - title       = ""
                      - transparent = true
                      - type        = "text"
                    },
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "CPU_Max",
                                          - "5m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "avg"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "5m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver DocumentDB CPU alert"
                          - name                = "prod Keyserver DocumentDB CPU alert"
                          - noDataState         = "alerting"
                          - notifications       = [
                              - {
                                  - uid = "NNOynGwVz"
                                },
                            ]
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 30
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 50
                                        },
                                    ]
                                }
                              - unit       = "percent"
                            }
                          - overrides = [
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                            ]
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 8
                          - x = 0
                          - y = 20
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "CPU (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/DocDB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "CPU (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/DocDB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "CPU Utilization"
                      - type          = "timeseries"
                    },
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 4000000000,
                                        ]
                                      - type   = "lt"
                                    }
                                  - operator  = {
                                      - type = "and"
                                    }
                                  - query     = {
                                      - params = [
                                          - "Mem_Avg",
                                          - "5m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "min"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "5m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver DocumentDB Freeable Memory"
                          - name                = "prod Keyserver DocumentDB Freeable Memory Alert"
                          - noDataState         = "alerting"
                          - notifications       = [
                              - {
                                  - uid = "NNOynGwVz"
                                },
                            ]
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 16000000000
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - steps = [
                                      - {
                                          - color = "red"
                                          - value = null
                                        },
                                      - {
                                          - color = "green"
                                          - value = 4000000000
                                        },
                 
...

Action: pull_request

@xav xav temporarily deployed to infra/prod August 7, 2023 22:11 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 7, 2023 22:19 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 7, 2023 22:31 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/staging August 7, 2023 22:31 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/99c1ce8b-febf-4f3e-b969-6628dbe06c25/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"
        name                               = "prod_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "prod_keyserver" -> (known after apply)
      ~ revision                 = 13 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.remove_me.aws_docdb_cluster.docdb_primary will be created
  + resource "aws_docdb_cluster" "docdb_primary" {
      + apply_immediately               = (known after apply)
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 1
      + cluster_identifier              = "prod-keyserver-remove-me-keystore-docdb-primary-cluster"
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + db_cluster_parameter_group_name = (known after apply)
      + db_subnet_group_name            = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + deletion_protection             = true
      + enabled_cloudwatch_logs_exports = [
          + "audit",
        ]
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = (known after apply)
      + master_password                 = (sensitive value)
      + master_username                 = "keyserver"
      + port                            = 27017
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = (known after apply)
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = true
      + storage_encrypted               = true
      + tags_all                        = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_security_group_ids          = (known after apply)
    }

  # module.remove_me.aws_docdb_cluster_instance.docdb_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = (known after apply)
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "prod-keyserver-remove-me-keystore-docdb-primary-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 0
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.remove_me.aws_docdb_cluster_instance.docdb_replica_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_replica_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = (known after apply)
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "prod-keyserver-remove-me-keystore-docdb-replica-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 1
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.remove_me.aws_docdb_subnet_group.private_subnets will be created
  + resource "aws_docdb_subnet_group" "private_subnets" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-01553f6b707909828",
          + "subnet-0b8b6aa2510b76442",
          + "subnet-0bf55ab3d71610ce4",
        ]
      + tags_all    = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_kms_key.docdb_encryption will be created
  + resource "aws_kms_key" "docdb_encryption" {
      + arn                                = (known after apply)
      + bypass_policy_lockout_safety_check = false
      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"
      + description                        = (known after apply)
      + enable_key_rotation                = true
      + id                                 = (known after apply)
      + is_enabled                         = true
      + key_id                             = (known after apply)
      + key_usage                          = "ENCRYPT_DECRYPT"
      + multi_region                       = (known after apply)
      + policy                             = (known after apply)
      + tags_all                           = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_secretsmanager_secret.master_password will be created
  + resource "aws_secretsmanager_secret" "master_password" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = "prod-keyserver-remove-me-keystore-docdb-master-password"
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + rotation_enabled               = (known after apply)
      + rotation_lambda_arn            = (known after apply)
      + tags_all                       = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_secretsmanager_secret_version.master_password will be created
  + resource "aws_secretsmanager_secret_version" "master_password" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.remove_me.aws_security_group.service_security_group will be created
  + resource "aws_security_group" "service_security_group" {
      + arn                    = (known after apply)
      + description            = "Allow ingress from the application"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
      + name                   = "prod-keyserver-remove-me-keystore-docdb-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "prod"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = "vpc-05b5a769e77dfe4c3"
    }

  # module.remove_me.random_password.master_password will be created
  + resource "random_password" "master_password" {
      + bcrypt_hash = (sensitive value)
      + id          = (known after apply)
      + length      = 16
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (sensitive value)
      + special     = false
      + upper       = true
    }

Plan: 10 to add, 2 to change, 1 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  + create%0A  ~ update in-place%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"%0A        name                               = "prod_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "prod_keyserver" -> (known after apply)%0A      ~ revision                 = 13 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster.docdb_primary will be created%0A  + resource "aws_docdb_cluster" "docdb_primary" {%0A      + apply_immediately               = (known after apply)%0A      + arn                             = (known after apply)%0A      + availability_zones              = (known after apply)%0A      + backup_retention_period         = 1%0A      + cluster_identifier              = "prod-keyserver-remove-me-keystore-docdb-primary-cluster"%0A      + cluster_identifier_prefix       = (known after apply)%0A      + cluster_members                 = (known after apply)%0A      + cluster_resource_id             = (known after apply)%0A      + db_cluster_parameter_group_name = (known after apply)%0A      + db_subnet_group_name            = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + deletion_protection             = true%0A      + enabled_cloudwatch_logs_exports = [%0A          + "audit",%0A        ]%0A      + endpoint                        = (known after apply)%0A      + engine                          = "docdb"%0A      + engine_version                  = (known after apply)%0A      + hosted_zone_id                  = (known after apply)%0A      + id                              = (known after apply)%0A      + kms_key_id                      = (known after apply)%0A      + master_password                 = (sensitive value)%0A      + master_username                 = "keyserver"%0A      + port                            = 27017%0A      + preferred_backup_window         = (known after apply)%0A      + preferred_maintenance_window    = (known after apply)%0A      + reader_endpoint                 = (known after apply)%0A      + skip_final_snapshot             = true%0A      + storage_encrypted               = true%0A      + tags_all                        = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "prod"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_security_group_ids          = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster_instance.docdb_instances[0] will be created%0A  + resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      + apply_immediately            = (known after apply)%0A      + arn                          = (known after apply)%0A      + auto_minor_version_upgrade   = true%0A      + availability_zone            = (known after apply)%0A      + ca_cert_identifier           = (known after apply)%0A      + cluster_identifier           = (known after apply)%0A      + db_subnet_group_name         = (known after apply)%0A      + dbi_resource_id              = (known after apply)%0A      + endpoint                     = (known after apply)%0A      + engine                       = "docdb"%0A      + engine_version               = (known after apply)%0A      + id                           = (known after apply)%0A      + identifier                   = "prod-keyserver-remove-me-keystore-docdb-primary-instance-0"%0A      + identifier_prefix            = (known after apply)%0A      + instance_class               = "db.r6g.large"%0A      + kms_key_id                   = (known after apply)%0A      + port                         = (known after apply)%0A      + preferred_backup_window      = (known after apply)%0A      + preferred_maintenance_window = (known after apply)%0A      + promotion_tier               = 0%0A      + publicly_accessible          = (known after apply)%0A      + storage_encrypted            = (known after apply)%0A      + tags_all                     = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "prod"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + writer                       = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster_instance.docdb_replica_instances[0] will be created%0A  + resource "aws_docdb_cluster_instance" "docdb_replica_instances" {%0A      + apply_immediately            = (known after apply)%0A      + arn                          = (known after apply)%0A      + auto_minor_version_upgrade   = true%0A      + availability_zone            = (known after apply)%0A      + ca_cert_identifier           = (known after apply)%0A      + cluster_identifier           = (known after apply)%0A      + db_subnet_group_name         = (known after apply)%0A      + dbi_resource_id              = (known after apply)%0A      + endpoint                     = (known after apply)%0A      + engine                       = "docdb"%0A      + engine_version               = (known after apply)%0A      + id                           = (known after apply)%0A      + identifier                   = "prod-keyserver-remove-me-keystore-docdb-replica-instance-0"%0A      + identifier_prefix            = (known after apply)%0A      + instance_class               = "db.r6g.large"%0A      + kms_key_id                   = (known after apply)%0A      + port                         = (known after apply)%0A      + preferred_backup_window      = (known after apply)%0A      + preferred_maintenance_window = (known after apply)%0A      + promotion_tier               = 1%0A      + publicly_accessible          = (known after apply)%0A      + storage_encrypted            = (known after apply)%0A      + tags_all                     = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "prod"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + writer                       = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_subnet_group.private_subnets will be created%0A  + resource "aws_docdb_subnet_group" "private_subnets" {%0A      + arn         = (known after apply)%0A      + description = "Managed by Terraform"%0A      + id          = (known after apply)%0A      + name        = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + name_prefix = (known after apply)%0A      + subnet_ids  = [%0A          + "subnet-01553f6b707909828",%0A          + "subnet-0b8b6aa2510b76442",%0A          + "subnet-0bf55ab3d71610ce4",%0A        ]%0A      + tags_all    = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "prod"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_kms_key.docdb_encryption will be created%0A  + resource "aws_kms_key" "docdb_encryption" {%0A      + arn                                = (known after apply)%0A      + bypass_policy_lockout_safety_check = false%0A      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"%0A      + description                        = (known after apply)%0A      + enable_key_rotation                = true%0A      + id                                 = (known after apply)%0A      + is_enabled                         = true%0A      + key_id                             = (known after apply)%0A      + key_usage                          = "ENCRYPT_DECRYPT"%0A      + multi_region                       = (known after apply)%0A      + policy                             = (known after apply)%0A      + tags_all                           = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "prod"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_secretsmanager_secret.master_password will be created%0A  + resource "aws_secretsmanager_secret" "master_password" {%0A      + arn                            = (known after apply)%0A      + force_overwrite_replica_secret = false%0A      + id                             = (known after apply)%0A      + name                           = "prod-keyserver-remove-me-keystore-docdb-master-password"%0A      + name_prefix                    = (known after apply)%0A      + policy                         = (known after apply)%0A      + recovery_window_in_days        = 30%0A      + rotation_enabled               = (known after apply)%0A      + rotation_lambda_arn            = (known after apply)%0A      + tags_all                       = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "prod"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_secretsmanager_secret_version.master_password will be created%0A  + resource "aws_secretsmanager_secret_version" "master_password" {%0A      + arn            = (known after apply)%0A      + id             = (known after apply)%0A      + secret_id      = (known after apply)%0A      + secret_string  = (sensitive value)%0A      + version_id     = (known after apply)%0A      + version_stages = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_security_group.service_security_group will be created%0A  + resource "aws_security_group" "service_security_group" {%0A      + arn                    = (known after apply)%0A      + description            = "Allow ingress from the application"%0A      + egress                 = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      + id                     = (known after apply)%0A      + ingress                = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A      + name                   = "prod-keyserver-remove-me-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      + owner_id               = (known after apply)%0A      + revoke_rules_on_delete = false%0A      + tags_all               = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "prod"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_id                 = "vpc-05b5a769e77dfe4c3"%0A    }%0A%0A  # module.remove_me.random_password.master_password will be created%0A  + resource "random_password" "master_password" {%0A      + bcrypt_hash = (sensitive value)%0A      + id          = (known after apply)%0A      + length      = 16%0A      + lower       = true%0A      + min_lower   = 0%0A      + min_numeric = 0%0A      + min_special = 0%0A      + min_upper   = 0%0A      + number      = true%0A      + numeric     = true%0A      + result      = (sensitive value)%0A      + special     = false%0A      + upper       = true%0A    }%0A%0APlan: 10 to add, 2 to change, 1 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/da09576c-d7e5-42ae-893e-b2137f839170/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"
        name                               = "staging_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging_keyserver" -> (known after apply)
      ~ revision                 = 61 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be updated in-place
  ~ resource "aws_docdb_cluster" "docdb_primary" {
      ~ deletion_protection             = false -> true
        id                              = "staging-keyserver-keystore-docdb-primary-cluster"
        tags                            = {}
      ~ vpc_security_group_ids          = [
          - "sg-01de29cd9149d5d29",
        ] -> (known after apply)
        # (23 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place
  ~ resource "aws_docdb_subnet_group" "private_subnets" {
        id          = "staging-keyserver-keystore-docdb-private-subnet-group"
        name        = "staging-keyserver-keystore-docdb-private-subnet-group"
      ~ subnet_ids  = [
          - "subnet-0851c91f1a82ece18",
          - "subnet-0f59998ee3eeb6b29",
          - "subnet-0fe665bde6c07d332",
          + "subnet-006f9fc131af3565e",
          + "subnet-05894f2d41c0e8b45",
          + "subnet-06557bf48886434f1",
        ]
        tags        = {}
        # (3 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_security_group.service_security_group must be replaced
-/+ resource "aws_security_group" "service_security_group" {
      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)
      ~ egress                 = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow outbound traffic from the DocDB cluster"
              - from_port        = 0
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "-1"
              - security_groups  = []
              - self             = false
              - to_port          = 0
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)
      ~ ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow inbound traffic to the DocDB cluster"
              - from_port        = 27017
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 27017
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
        name                   = "staging-keyserver-keystore-docdb-service"
      + name_prefix            = (known after apply)
      ~ owner_id               = "898587786287" -> (known after apply)
      - tags                   = {} -> null
      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement
        # (3 unchanged attributes hidden)
    }

  # module.remove_me.aws_docdb_cluster.docdb_primary will be created
  + resource "aws_docdb_cluster" "docdb_primary" {
      + apply_immediately               = (known after apply)
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 1
      + cluster_identifier              = "staging-keyserver-remove-me-keystore-docdb-primary-cluster"
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + db_cluster_parameter_group_name = (known after apply)
      + db_subnet_group_name            = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + deletion_protection             = true
      + enabled_cloudwatch_logs_exports = [
          + "audit",
        ]
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = (known after apply)
      + master_password                 = (sensitive value)
      + master_username                 = "keyserver"
      + port                            = 27017
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = (known after apply)
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = true
      + storage_encrypted               = true
      + tags_all                        = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_security_group_ids          = (known after apply)
    }

  # module.remove_me.aws_docdb_cluster_instance.docdb_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = (known after apply)
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "staging-keyserver-remove-me-keystore-docdb-primary-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 0
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.remove_me.aws_docdb_subnet_group.private_subnets will be created
  + resource "aws_docdb_subnet_group" "private_subnets" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-0851c91f1a82ece18",
          + "subnet-0f59998ee3eeb6b29",
          + "subnet-0fe665bde6c07d332",
        ]
      + tags_all    = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_kms_key.docdb_encryption will be created
  + resource "aws_kms_key" "docdb_encryption" {
      + arn                                = (known after apply)
      + bypass_policy_lockout_safety_check = false
      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"
      + description                        = (known after apply)
      + enable_key_rotation                = true
      + id                                 = (known after apply)
      + is_enabled                         = true
      + key_id                             = (known after apply)
      + key_usage                          = "ENCRYPT_DECRYPT"
      + multi_region                       = (known after apply)
      + policy                             = (known after apply)
      + tags_all                           = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_secretsmanager_secret.master_password will be created
  + resource "aws_secretsmanager_secret" "master_password" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = "staging-keyserver-remove-me-keystore-docdb-master-password"
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + rotation_enabled               = (known after apply)
      + rotation_lambda_arn            = (known after apply)
      + tags_all                       = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_secretsmanager_secret_version.master_password will be created
  + resource "aws_secretsmanager_secret_version" "master_password" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.remove_me.aws_security_group.service_security_group will be created
  + resource "aws_security_group" "service_security_group" {
      + arn                    = (known after apply)
      + description            = "Allow ingress from the application"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
      + name                   = "staging-keyserver-remove-me-keystore-docdb-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = "vpc-08d4ffa8940e11aa5"
    }

  # module.remove_me.random_password.master_password will be created
  + resource "random_password" "master_password" {
      + bcrypt_hash = (sensitive value)
      + id          = (known after apply)
      + length      = 16
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (sensitive value)
      + special     = false
      + upper       = true
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed
  # (because aws_cloudwatch_log_group.main is not in configuration)
  - resource "aws_cloudwatch_log_group" "main" {
      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - retention_in_days = 7 -> null
      - tags              = {} -> null
      - tags_all          = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed
  # (because aws_cloudwatch_metric_alarm.main is not in configuration)
  - resource "aws_cloudwatch_metric_alarm" "main" {
      - actions_enabled           = true -> null
      - alarm_actions             = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null
      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null
      - comparison_operator       = "GreaterThanThreshold" -> null
      - datapoints_to_alarm       = 0 -> null
      - dimensions                = {
          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"
        } -> null
      - evaluation_periods        = 1 -> null
      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null
      - insufficient_data_actions = [] -> null
      - metric_name               = "CPUUtilization" -> null
      - namespace                 = "AWS/DocDB" -> null
      - ok_actions                = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - period                    = 300 -> null
      - statistic                 = "Average" -> null
      - tags                      = {} -> null
      - tags_all                  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - threshold                 = 80 -> null
      - treat_missing_data        = "missing" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed
  # (because aws_iam_policy.lambda is not in configuration)
  - resource "aws_iam_policy" "lambda" {
      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"
                    },
                  - {
                      - Action   = [
                          - "rds:DescribeDBInstances",
                          - "rds:DescribeDBClusters",
                          - "rds:CreateDBInstance",
                          - "rds:DeleteDBInstance",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:rds:eu-central-1:898587786287:*",
                        ]
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null
      - tags      = {} -> null
      - tags_all  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed
  # (because aws_iam_role.lambda is not in configuration)
  - resource "aws_iam_role" "lambda" {
      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2023-08-07T15:13:40Z" -> null
      - force_detach_policies = false -> null
      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null

      - inline_policy {}
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed
  # (because aws_iam_role_policy_attachment.lambda is not in configuration)
  - resource "aws_iam_role_policy_attachment" "lambda" {
      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null
      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed
  # (because aws_lambda_function.main is not in configuration)
  - resource "aws_lambda_function" "main" {
      - architectures                  = [
          - "x86_64",
        ] -> null
      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null
      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null
      - handler                        = "index.handler" -> null
      - id                             = "staging-keyserver-docdb-autoscaling" -> null
      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null
      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 128 -> null
      - package_type                   = "Zip" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - runtime                        = "python3.9" -> null
      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null
      - source_code_size               = 1933 -> null
      - tags                           = {} -> null
      - tags_all                       = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - timeout                        = 3 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"
              - "max_capacity"       = "6"
              - "min_capacity"       = "0"
            } -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed
  # (because aws_lambda_permission.sns is not in configuration)
  - resource "aws_lambda_permission" "sns" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - id            = "AllowSubscriptionToSNS" -> null
      - principal     = "sns.amazonaws.com" -> null
      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - statement_id  = "AllowSubscriptionToSNS" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed
  # (because aws_sns_topic.main is not in configuration)
  - resource "aws_sns_topic" "main" {
      - application_success_feedback_sample_rate = 0 -> null
      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - content_based_deduplication              = false -> null
      - fifo_topic                               = false -> null
      - firehose_success_feedback_sample_rate    = 0 -> null
      - http_success_feedback_sample_rate        = 0 -> null
      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - lambda_success_feedback_sample_rate      = 0 -> null
      - name                                     = "staging-keyserver-docdb-autoscaling" -> null
      - owner                                    = "898587786287" -> null
      - policy                                   = jsonencode(
            {
              - Id        = "__default_policy_ID"
              - Statement = [
                  - {
                      - Action    = [
                          - "SNS:GetTopicAttributes",
                          - "SNS:SetTopicAttributes",
                          - "SNS:AddPermission",
                          - "SNS:RemovePermission",
                          - "SNS:DeleteTopic",
                          - "SNS:Subscribe",
                          - "SNS:ListSubscriptionsByTopic",
                          - "SNS:Publish",
                        ]
                      - Condition = {
                          - StringEquals = {
                              - "AWS:SourceOwner" = "898587786287"
                            }
                        }
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"
                      - Sid       = "__default_statement_ID"
                    },
                ]
              - Version   = "2008-10-17"
            }
        ) -> null
      - sqs_success_feedback_sample_rate         = 0 -> null
      - tags                                     = {} -> null
      - tags_all                                 = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed
  # (because aws_sns_topic_subscription.main is not in configuration)
  - resource "aws_sns_topic_subscription" "main" {
      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - confirmation_timeout_in_minutes = 1 -> null
      - confirmation_was_authenticated  = true -> null
      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - endpoint_auto_confirms          = false -> null
      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - owner_id                        = "898587786287" -> null
      - pending_confirmation            = false -> null
      - protocol                        = "lambda" -> null
      - raw_message_delivery            = false -> null
      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
    }

Plan: 10 to add, 4 to change, 11 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  + create%0A  ~ update in-place%0A  - destroy%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"%0A        name                               = "staging_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "staging_keyserver" -> (known after apply)%0A      ~ revision                 = 61 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be updated in-place%0A  ~ resource "aws_docdb_cluster" "docdb_primary" {%0A      ~ deletion_protection             = false -> true%0A        id                              = "staging-keyserver-keystore-docdb-primary-cluster"%0A        tags                            = {}%0A      ~ vpc_security_group_ids          = [%0A          - "sg-01de29cd9149d5d29",%0A        ] -> (known after apply)%0A        # (23 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place%0A  ~ resource "aws_docdb_subnet_group" "private_subnets" {%0A        id          = "staging-keyserver-keystore-docdb-private-subnet-group"%0A        name        = "staging-keyserver-keystore-docdb-private-subnet-group"%0A      ~ subnet_ids  = [%0A          - "subnet-0851c91f1a82ece18",%0A          - "subnet-0f59998ee3eeb6b29",%0A          - "subnet-0fe665bde6c07d332",%0A          + "subnet-006f9fc131af3565e",%0A          + "subnet-05894f2d41c0e8b45",%0A          + "subnet-06557bf48886434f1",%0A        ]%0A        tags        = {}%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_security_group.service_security_group must be replaced%0A-/+ resource "aws_security_group" "service_security_group" {%0A      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ egress                 = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow outbound traffic from the DocDB cluster"%0A              - from_port        = 0%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "-1"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 0%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ ingress                = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow inbound traffic to the DocDB cluster"%0A              - from_port        = 27017%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "tcp"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 27017%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A        name                   = "staging-keyserver-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      ~ owner_id               = "898587786287" -> (known after apply)%0A      - tags                   = {} -> null%0A      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster.docdb_primary will be created%0A  + resource "aws_docdb_cluster" "docdb_primary" {%0A      + apply_immediately               = (known after apply)%0A      + arn                             = (known after apply)%0A      + availability_zones              = (known after apply)%0A      + backup_retention_period         = 1%0A      + cluster_identifier              = "staging-keyserver-remove-me-keystore-docdb-primary-cluster"%0A      + cluster_identifier_prefix       = (known after apply)%0A      + cluster_members                 = (known after apply)%0A      + cluster_resource_id             = (known after apply)%0A      + db_cluster_parameter_group_name = (known after apply)%0A      + db_subnet_group_name            = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + deletion_protection             = true%0A      + enabled_cloudwatch_logs_exports = [%0A          + "audit",%0A        ]%0A      + endpoint                        = (known after apply)%0A      + engine                          = "docdb"%0A      + engine_version                  = (known after apply)%0A      + hosted_zone_id                  = (known after apply)%0A      + id                              = (known after apply)%0A      + kms_key_id                      = (known after apply)%0A      + master_password                 = (sensitive value)%0A      + master_username                 = "keyserver"%0A      + port                            = 27017%0A      + preferred_backup_window         = (known after apply)%0A      + preferred_maintenance_window    = (known after apply)%0A      + reader_endpoint                 = (known after apply)%0A      + skip_final_snapshot             = true%0A      + storage_encrypted               = true%0A      + tags_all                        = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_security_group_ids          = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster_instance.docdb_instances[0] will be created%0A  + resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      + apply_immediately            = (known after apply)%0A      + arn                          = (known after apply)%0A      + auto_minor_version_upgrade   = true%0A      + availability_zone            = (known after apply)%0A      + ca_cert_identifier           = (known after apply)%0A      + cluster_identifier           = (known after apply)%0A      + db_subnet_group_name         = (known after apply)%0A      + dbi_resource_id              = (known after apply)%0A      + endpoint                     = (known after apply)%0A      + engine                       = "docdb"%0A      + engine_version               = (known after apply)%0A      + id                           = (known after apply)%0A      + identifier                   = "staging-keyserver-remove-me-keystore-docdb-primary-instance-0"%0A      + identifier_prefix            = (known after apply)%0A      + instance_class               = "db.r6g.large"%0A      + kms_key_id                   = (known after apply)%0A      + port                         = (known after apply)%0A      + preferred_backup_window      = (known after apply)%0A      + preferred_maintenance_window = (known after apply)%0A      + promotion_tier               = 0%0A      + publicly_accessible          = (known after apply)%0A      + storage_encrypted            = (known after apply)%0A      + tags_all                     = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + writer                       = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_subnet_group.private_subnets will be created%0A  + resource "aws_docdb_subnet_group" "private_subnets" {%0A      + arn         = (known after apply)%0A      + description = "Managed by Terraform"%0A      + id          = (known after apply)%0A      + name        = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + name_prefix = (known after apply)%0A      + subnet_ids  = [%0A          + "subnet-0851c91f1a82ece18",%0A          + "subnet-0f59998ee3eeb6b29",%0A          + "subnet-0fe665bde6c07d332",%0A        ]%0A      + tags_all    = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_kms_key.docdb_encryption will be created%0A  + resource "aws_kms_key" "docdb_encryption" {%0A      + arn                                = (known after apply)%0A      + bypass_policy_lockout_safety_check = false%0A      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"%0A      + description                        = (known after apply)%0A      + enable_key_rotation                = true%0A      + id                                 = (known after apply)%0A      + is_enabled                         = true%0A      + key_id                             = (known after apply)%0A      + key_usage                          = "ENCRYPT_DECRYPT"%0A      + multi_region                       = (known after apply)%0A      + policy                             = (known after apply)%0A      + tags_all                           = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_secretsmanager_secret.master_password will be created%0A  + resource "aws_secretsmanager_secret" "master_password" {%0A      + arn                            = (known after apply)%0A      + force_overwrite_replica_secret = false%0A      + id                             = (known after apply)%0A      + name                           = "staging-keyserver-remove-me-keystore-docdb-master-password"%0A      + name_prefix                    = (known after apply)%0A      + policy                         = (known after apply)%0A      + recovery_window_in_days        = 30%0A      + rotation_enabled               = (known after apply)%0A      + rotation_lambda_arn            = (known after apply)%0A      + tags_all                       = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_secretsmanager_secret_version.master_password will be created%0A  + resource "aws_secretsmanager_secret_version" "master_password" {%0A      + arn            = (known after apply)%0A      + id             = (known after apply)%0A      + secret_id      = (known after apply)%0A      + secret_string  = (sensitive value)%0A      + version_id     = (known after apply)%0A      + version_stages = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_security_group.service_security_group will be created%0A  + resource "aws_security_group" "service_security_group" {%0A      + arn                    = (known after apply)%0A      + description            = "Allow ingress from the application"%0A      + egress                 = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      + id                     = (known after apply)%0A      + ingress                = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A      + name                   = "staging-keyserver-remove-me-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      + owner_id               = (known after apply)%0A      + revoke_rules_on_delete = false%0A      + tags_all               = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_id                 = "vpc-08d4ffa8940e11aa5"%0A    }%0A%0A  # module.remove_me.random_password.master_password will be created%0A  + resource "random_password" "master_password" {%0A      + bcrypt_hash = (sensitive value)%0A      + id          = (known after apply)%0A      + length      = 16%0A      + lower       = true%0A      + min_lower   = 0%0A      + min_numeric = 0%0A      + min_special = 0%0A      + min_upper   = 0%0A      + number      = true%0A      + numeric     = true%0A      + result      = (sensitive value)%0A      + special     = false%0A      + upper       = true%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed%0A  # (because aws_cloudwatch_log_group.main is not in configuration)%0A  - resource "aws_cloudwatch_log_group" "main" {%0A      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - retention_in_days = 7 -> null%0A      - tags              = {} -> null%0A      - tags_all          = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed%0A  # (because aws_cloudwatch_metric_alarm.main is not in configuration)%0A  - resource "aws_cloudwatch_metric_alarm" "main" {%0A      - actions_enabled           = true -> null%0A      - alarm_actions             = [%0A          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",%0A        ] -> null%0A      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null%0A      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null%0A      - comparison_operator       = "GreaterThanThreshold" -> null%0A      - datapoints_to_alarm       = 0 -> null%0A      - dimensions                = {%0A          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A        } -> null%0A      - evaluation_periods        = 1 -> null%0A      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null%0A      - insufficient_data_actions = [] -> null%0A      - metric_name               = "CPUUtilization" -> null%0A      - namespace                 = "AWS/DocDB" -> null%0A      - ok_actions                = [%0A          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",%0A        ] -> null%0A      - period                    = 300 -> null%0A      - statistic                 = "Average" -> null%0A      - tags                      = {} -> null%0A      - tags_all                  = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - threshold                 = 80 -> null%0A      - treat_missing_data        = "missing" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed%0A  # (because aws_iam_policy.lambda is not in configuration)%0A  - resource "aws_iam_policy" "lambda" {%0A      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - path      = "/" -> null%0A      - policy    = jsonencode(%0A            {%0A              - Statement = [%0A                  - {%0A                      - Action   = [%0A                          - "logs:CreateLogStream",%0A                          - "logs:CreateLogGroup",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"%0A                    },%0A                  - {%0A                      - Action   = [%0A                          - "logs:PutLogEvents",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"%0A                    },%0A                  - {%0A                      - Action   = [%0A                          - "rds:DescribeDBInstances",%0A                          - "rds:DescribeDBClusters",%0A                          - "rds:CreateDBInstance",%0A                          - "rds:DeleteDBInstance",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = [%0A                          - "arn:aws:rds:eu-central-1:898587786287:*",%0A                        ]%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null%0A      - tags      = {} -> null%0A      - tags_all  = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed%0A  # (because aws_iam_role.lambda is not in configuration)%0A  - resource "aws_iam_role" "lambda" {%0A      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - assume_role_policy    = jsonencode(%0A            {%0A              - Statement = [%0A                  - {%0A                      - Action    = "sts:AssumeRole"%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - Service = "lambda.amazonaws.com"%0A                        }%0A                      - Sid       = ""%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - create_date           = "2023-08-07T15:13:40Z" -> null%0A      - force_detach_policies = false -> null%0A      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - managed_policy_arns   = [%0A          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",%0A        ] -> null%0A      - max_session_duration  = 3600 -> null%0A      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - path                  = "/" -> null%0A      - tags                  = {} -> null%0A      - tags_all              = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null%0A%0A      - inline_policy {}%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed%0A  # (because aws_iam_role_policy_attachment.lambda is not in configuration)%0A  - resource "aws_iam_role_policy_attachment" "lambda" {%0A      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null%0A      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed%0A  # (because aws_lambda_function.main is not in configuration)%0A  - resource "aws_lambda_function" "main" {%0A      - architectures                  = [%0A          - "x86_64",%0A        ] -> null%0A      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null%0A      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null%0A      - handler                        = "index.handler" -> null%0A      - id                             = "staging-keyserver-docdb-autoscaling" -> null%0A      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null%0A      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null%0A      - layers                         = [] -> null%0A      - memory_size                    = 128 -> null%0A      - package_type                   = "Zip" -> null%0A      - publish                        = false -> null%0A      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null%0A      - reserved_concurrent_executions = -1 -> null%0A      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - runtime                        = "python3.9" -> null%0A      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null%0A      - source_code_size               = 1933 -> null%0A      - tags                           = {} -> null%0A      - tags_all                       = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - timeout                        = 3 -> null%0A      - version                        = "$LATEST" -> null%0A%0A      - environment {%0A          - variables = {%0A              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A              - "max_capacity"       = "6"%0A              - "min_capacity"       = "0"%0A            } -> null%0A        }%0A%0A      - tracing_config {%0A          - mode = "PassThrough" -> null%0A        }%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed%0A  # (because aws_lambda_permission.sns is not in configuration)%0A  - resource "aws_lambda_permission" "sns" {%0A      - action        = "lambda:InvokeFunction" -> null%0A      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - id            = "AllowSubscriptionToSNS" -> null%0A      - principal     = "sns.amazonaws.com" -> null%0A      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - statement_id  = "AllowSubscriptionToSNS" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed%0A  # (because aws_sns_topic.main is not in configuration)%0A  - resource "aws_sns_topic" "main" {%0A      - application_success_feedback_sample_rate = 0 -> null%0A      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - content_based_deduplication              = false -> null%0A      - fifo_topic                               = false -> null%0A      - firehose_success_feedback_sample_rate    = 0 -> null%0A      - http_success_feedback_sample_rate        = 0 -> null%0A      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - lambda_success_feedback_sample_rate      = 0 -> null%0A      - name                                     = "staging-keyserver-docdb-autoscaling" -> null%0A      - owner                                    = "898587786287" -> null%0A      - policy                                   = jsonencode(%0A            {%0A              - Id        = "__default_policy_ID"%0A              - Statement = [%0A                  - {%0A                      - Action    = [%0A                          - "SNS:GetTopicAttributes",%0A                          - "SNS:SetTopicAttributes",%0A                          - "SNS:AddPermission",%0A                          - "SNS:RemovePermission",%0A                          - "SNS:DeleteTopic",%0A                          - "SNS:Subscribe",%0A                          - "SNS:ListSubscriptionsByTopic",%0A                          - "SNS:Publish",%0A                        ]%0A                      - Condition = {%0A                          - StringEquals = {%0A                              - "AWS:SourceOwner" = "898587786287"%0A                            }%0A                        }%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - AWS = "*"%0A                        }%0A                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"%0A                      - Sid       = "__default_statement_ID"%0A                    },%0A                ]%0A              - Version   = "2008-10-17"%0A            }%0A        ) -> null%0A      - sqs_success_feedback_sample_rate         = 0 -> null%0A      - tags                                     = {} -> null%0A      - tags_all                                 = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed%0A  # (because aws_sns_topic_subscription.main is not in configuration)%0A  - resource "aws_sns_topic_subscription" "main" {%0A      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null%0A      - confirmation_timeout_in_minutes = 1 -> null%0A      - confirmation_was_authenticated  = true -> null%0A      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - endpoint_auto_confirms          = false -> null%0A      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null%0A      - owner_id                        = "898587786287" -> null%0A      - pending_confirmation            = false -> null%0A      - protocol                        = "lambda" -> null%0A      - raw_message_delivery            = false -> null%0A      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A    }%0A%0APlan: 10 to add, 4 to change, 11 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@xav xav temporarily deployed to infra/prod August 7, 2023 22:32 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 7, 2023 23:09 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/staging August 7, 2023 23:09 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/57ee8b23-08e5-4387-bae0-c3afcfd162ec/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"
        name                               = "prod_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "prod_keyserver" -> (known after apply)
      ~ revision                 = 13 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 2 to change, 1 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  ~ update in-place%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"%0A        name                               = "prod_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "prod_keyserver" -> (known after apply)%0A      ~ revision                 = 13 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0APlan: 1 to add, 2 to change, 1 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/63ca1785-c969-418e-8fe6-fead6ebf2230/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"
        name                               = "staging_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging_keyserver" -> (known after apply)
      ~ revision                 = 61 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be updated in-place
  ~ resource "aws_docdb_cluster" "docdb_primary" {
      ~ deletion_protection             = false -> true
        id                              = "staging-keyserver-keystore-docdb-primary-cluster"
        tags                            = {}
      ~ vpc_security_group_ids          = [
          - "sg-01de29cd9149d5d29",
        ] -> (known after apply)
        # (23 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place
  ~ resource "aws_docdb_subnet_group" "private_subnets" {
        id          = "staging-keyserver-keystore-docdb-private-subnet-group"
        name        = "staging-keyserver-keystore-docdb-private-subnet-group"
      ~ subnet_ids  = [
          - "subnet-0851c91f1a82ece18",
          - "subnet-0f59998ee3eeb6b29",
          - "subnet-0fe665bde6c07d332",
          + "subnet-006f9fc131af3565e",
          + "subnet-05894f2d41c0e8b45",
          + "subnet-06557bf48886434f1",
        ]
        tags        = {}
        # (3 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_security_group.service_security_group must be replaced
-/+ resource "aws_security_group" "service_security_group" {
      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)
      ~ egress                 = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow outbound traffic from the DocDB cluster"
              - from_port        = 0
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "-1"
              - security_groups  = []
              - self             = false
              - to_port          = 0
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)
      ~ ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow inbound traffic to the DocDB cluster"
              - from_port        = 27017
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 27017
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
        name                   = "staging-keyserver-keystore-docdb-service"
      + name_prefix            = (known after apply)
      ~ owner_id               = "898587786287" -> (known after apply)
      - tags                   = {} -> null
      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement
        # (3 unchanged attributes hidden)
    }

  # module.remove_me.aws_docdb_cluster.docdb_primary will be created
  + resource "aws_docdb_cluster" "docdb_primary" {
      + apply_immediately               = (known after apply)
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 1
      + cluster_identifier              = "staging-keyserver-remove-me-keystore-docdb-primary-cluster"
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + db_cluster_parameter_group_name = (known after apply)
      + db_subnet_group_name            = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + deletion_protection             = true
      + enabled_cloudwatch_logs_exports = [
          + "audit",
        ]
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = (known after apply)
      + master_password                 = (sensitive value)
      + master_username                 = "keyserver"
      + port                            = 27017
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = (known after apply)
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = true
      + storage_encrypted               = true
      + tags_all                        = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_security_group_ids          = (known after apply)
    }

  # module.remove_me.aws_docdb_cluster_instance.docdb_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = (known after apply)
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "staging-keyserver-remove-me-keystore-docdb-primary-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 0
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.remove_me.aws_docdb_subnet_group.private_subnets will be created
  + resource "aws_docdb_subnet_group" "private_subnets" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-0851c91f1a82ece18",
          + "subnet-0f59998ee3eeb6b29",
          + "subnet-0fe665bde6c07d332",
        ]
      + tags_all    = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_kms_key.docdb_encryption will be created
  + resource "aws_kms_key" "docdb_encryption" {
      + arn                                = (known after apply)
      + bypass_policy_lockout_safety_check = false
      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"
      + description                        = (known after apply)
      + enable_key_rotation                = true
      + id                                 = (known after apply)
      + is_enabled                         = true
      + key_id                             = (known after apply)
      + key_usage                          = "ENCRYPT_DECRYPT"
      + multi_region                       = (known after apply)
      + policy                             = (known after apply)
      + tags_all                           = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_secretsmanager_secret.master_password will be created
  + resource "aws_secretsmanager_secret" "master_password" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = "staging-keyserver-remove-me-keystore-docdb-master-password"
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + rotation_enabled               = (known after apply)
      + rotation_lambda_arn            = (known after apply)
      + tags_all                       = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_secretsmanager_secret_version.master_password will be created
  + resource "aws_secretsmanager_secret_version" "master_password" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.remove_me.aws_security_group.service_security_group will be created
  + resource "aws_security_group" "service_security_group" {
      + arn                    = (known after apply)
      + description            = "Allow ingress from the application"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
      + name                   = "staging-keyserver-remove-me-keystore-docdb-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = "vpc-08d4ffa8940e11aa5"
    }

  # module.remove_me.random_password.master_password will be created
  + resource "random_password" "master_password" {
      + bcrypt_hash = (sensitive value)
      + id          = (known after apply)
      + length      = 16
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (sensitive value)
      + special     = false
      + upper       = true
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed
  # (because aws_cloudwatch_log_group.main is not in configuration)
  - resource "aws_cloudwatch_log_group" "main" {
      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - retention_in_days = 7 -> null
      - tags              = {} -> null
      - tags_all          = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed
  # (because aws_cloudwatch_metric_alarm.main is not in configuration)
  - resource "aws_cloudwatch_metric_alarm" "main" {
      - actions_enabled           = true -> null
      - alarm_actions             = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null
      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null
      - comparison_operator       = "GreaterThanThreshold" -> null
      - datapoints_to_alarm       = 0 -> null
      - dimensions                = {
          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"
        } -> null
      - evaluation_periods        = 1 -> null
      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null
      - insufficient_data_actions = [] -> null
      - metric_name               = "CPUUtilization" -> null
      - namespace                 = "AWS/DocDB" -> null
      - ok_actions                = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - period                    = 300 -> null
      - statistic                 = "Average" -> null
      - tags                      = {} -> null
      - tags_all                  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - threshold                 = 80 -> null
      - treat_missing_data        = "missing" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed
  # (because aws_iam_policy.lambda is not in configuration)
  - resource "aws_iam_policy" "lambda" {
      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"
                    },
                  - {
                      - Action   = [
                          - "rds:DescribeDBInstances",
                          - "rds:DescribeDBClusters",
                          - "rds:CreateDBInstance",
                          - "rds:DeleteDBInstance",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:rds:eu-central-1:898587786287:*",
                        ]
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null
      - tags      = {} -> null
      - tags_all  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed
  # (because aws_iam_role.lambda is not in configuration)
  - resource "aws_iam_role" "lambda" {
      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2023-08-07T15:13:40Z" -> null
      - force_detach_policies = false -> null
      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null

      - inline_policy {}
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed
  # (because aws_iam_role_policy_attachment.lambda is not in configuration)
  - resource "aws_iam_role_policy_attachment" "lambda" {
      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null
      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed
  # (because aws_lambda_function.main is not in configuration)
  - resource "aws_lambda_function" "main" {
      - architectures                  = [
          - "x86_64",
        ] -> null
      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null
      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null
      - handler                        = "index.handler" -> null
      - id                             = "staging-keyserver-docdb-autoscaling" -> null
      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null
      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 128 -> null
      - package_type                   = "Zip" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - runtime                        = "python3.9" -> null
      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null
      - source_code_size               = 1933 -> null
      - tags                           = {} -> null
      - tags_all                       = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - timeout                        = 3 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"
              - "max_capacity"       = "6"
              - "min_capacity"       = "0"
            } -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed
  # (because aws_lambda_permission.sns is not in configuration)
  - resource "aws_lambda_permission" "sns" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - id            = "AllowSubscriptionToSNS" -> null
      - principal     = "sns.amazonaws.com" -> null
      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - statement_id  = "AllowSubscriptionToSNS" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed
  # (because aws_sns_topic.main is not in configuration)
  - resource "aws_sns_topic" "main" {
      - application_success_feedback_sample_rate = 0 -> null
      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - content_based_deduplication              = false -> null
      - fifo_topic                               = false -> null
      - firehose_success_feedback_sample_rate    = 0 -> null
      - http_success_feedback_sample_rate        = 0 -> null
      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - lambda_success_feedback_sample_rate      = 0 -> null
      - name                                     = "staging-keyserver-docdb-autoscaling" -> null
      - owner                                    = "898587786287" -> null
      - policy                                   = jsonencode(
            {
              - Id        = "__default_policy_ID"
              - Statement = [
                  - {
                      - Action    = [
                          - "SNS:GetTopicAttributes",
                          - "SNS:SetTopicAttributes",
                          - "SNS:AddPermission",
                          - "SNS:RemovePermission",
                          - "SNS:DeleteTopic",
                          - "SNS:Subscribe",
                          - "SNS:ListSubscriptionsByTopic",
                          - "SNS:Publish",
                        ]
                      - Condition = {
                          - StringEquals = {
                              - "AWS:SourceOwner" = "898587786287"
                            }
                        }
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"
                      - Sid       = "__default_statement_ID"
                    },
                ]
              - Version   = "2008-10-17"
            }
        ) -> null
      - sqs_success_feedback_sample_rate         = 0 -> null
      - tags                                     = {} -> null
      - tags_all                                 = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed
  # (because aws_sns_topic_subscription.main is not in configuration)
  - resource "aws_sns_topic_subscription" "main" {
      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - confirmation_timeout_in_minutes = 1 -> null
      - confirmation_was_authenticated  = true -> null
      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - endpoint_auto_confirms          = false -> null
      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - owner_id                        = "898587786287" -> null
      - pending_confirmation            = false -> null
      - protocol                        = "lambda" -> null
      - raw_message_delivery            = false -> null
      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
    }

Plan: 10 to add, 4 to change, 11 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  + create%0A  ~ update in-place%0A  - destroy%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"%0A        name                               = "staging_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "staging_keyserver" -> (known after apply)%0A      ~ revision                 = 61 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be updated in-place%0A  ~ resource "aws_docdb_cluster" "docdb_primary" {%0A      ~ deletion_protection             = false -> true%0A        id                              = "staging-keyserver-keystore-docdb-primary-cluster"%0A        tags                            = {}%0A      ~ vpc_security_group_ids          = [%0A          - "sg-01de29cd9149d5d29",%0A        ] -> (known after apply)%0A        # (23 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place%0A  ~ resource "aws_docdb_subnet_group" "private_subnets" {%0A        id          = "staging-keyserver-keystore-docdb-private-subnet-group"%0A        name        = "staging-keyserver-keystore-docdb-private-subnet-group"%0A      ~ subnet_ids  = [%0A          - "subnet-0851c91f1a82ece18",%0A          - "subnet-0f59998ee3eeb6b29",%0A          - "subnet-0fe665bde6c07d332",%0A          + "subnet-006f9fc131af3565e",%0A          + "subnet-05894f2d41c0e8b45",%0A          + "subnet-06557bf48886434f1",%0A        ]%0A        tags        = {}%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_security_group.service_security_group must be replaced%0A-/+ resource "aws_security_group" "service_security_group" {%0A      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ egress                 = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow outbound traffic from the DocDB cluster"%0A              - from_port        = 0%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "-1"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 0%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ ingress                = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow inbound traffic to the DocDB cluster"%0A              - from_port        = 27017%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "tcp"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 27017%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A        name                   = "staging-keyserver-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      ~ owner_id               = "898587786287" -> (known after apply)%0A      - tags                   = {} -> null%0A      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster.docdb_primary will be created%0A  + resource "aws_docdb_cluster" "docdb_primary" {%0A      + apply_immediately               = (known after apply)%0A      + arn                             = (known after apply)%0A      + availability_zones              = (known after apply)%0A      + backup_retention_period         = 1%0A      + cluster_identifier              = "staging-keyserver-remove-me-keystore-docdb-primary-cluster"%0A      + cluster_identifier_prefix       = (known after apply)%0A      + cluster_members                 = (known after apply)%0A      + cluster_resource_id             = (known after apply)%0A      + db_cluster_parameter_group_name = (known after apply)%0A      + db_subnet_group_name            = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + deletion_protection             = true%0A      + enabled_cloudwatch_logs_exports = [%0A          + "audit",%0A        ]%0A      + endpoint                        = (known after apply)%0A      + engine                          = "docdb"%0A      + engine_version                  = (known after apply)%0A      + hosted_zone_id                  = (known after apply)%0A      + id                              = (known after apply)%0A      + kms_key_id                      = (known after apply)%0A      + master_password                 = (sensitive value)%0A      + master_username                 = "keyserver"%0A      + port                            = 27017%0A      + preferred_backup_window         = (known after apply)%0A      + preferred_maintenance_window    = (known after apply)%0A      + reader_endpoint                 = (known after apply)%0A      + skip_final_snapshot             = true%0A      + storage_encrypted               = true%0A      + tags_all                        = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_security_group_ids          = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster_instance.docdb_instances[0] will be created%0A  + resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      + apply_immediately            = (known after apply)%0A      + arn                          = (known after apply)%0A      + auto_minor_version_upgrade   = true%0A      + availability_zone            = (known after apply)%0A      + ca_cert_identifier           = (known after apply)%0A      + cluster_identifier           = (known after apply)%0A      + db_subnet_group_name         = (known after apply)%0A      + dbi_resource_id              = (known after apply)%0A      + endpoint                     = (known after apply)%0A      + engine                       = "docdb"%0A      + engine_version               = (known after apply)%0A      + id                           = (known after apply)%0A      + identifier                   = "staging-keyserver-remove-me-keystore-docdb-primary-instance-0"%0A      + identifier_prefix            = (known after apply)%0A      + instance_class               = "db.r6g.large"%0A      + kms_key_id                   = (known after apply)%0A      + port                         = (known after apply)%0A      + preferred_backup_window      = (known after apply)%0A      + preferred_maintenance_window = (known after apply)%0A      + promotion_tier               = 0%0A      + publicly_accessible          = (known after apply)%0A      + storage_encrypted            = (known after apply)%0A      + tags_all                     = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + writer                       = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_subnet_group.private_subnets will be created%0A  + resource "aws_docdb_subnet_group" "private_subnets" {%0A      + arn         = (known after apply)%0A      + description = "Managed by Terraform"%0A      + id          = (known after apply)%0A      + name        = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + name_prefix = (known after apply)%0A      + subnet_ids  = [%0A          + "subnet-0851c91f1a82ece18",%0A          + "subnet-0f59998ee3eeb6b29",%0A          + "subnet-0fe665bde6c07d332",%0A        ]%0A      + tags_all    = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_kms_key.docdb_encryption will be created%0A  + resource "aws_kms_key" "docdb_encryption" {%0A      + arn                                = (known after apply)%0A      + bypass_policy_lockout_safety_check = false%0A      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"%0A      + description                        = (known after apply)%0A      + enable_key_rotation                = true%0A      + id                                 = (known after apply)%0A      + is_enabled                         = true%0A      + key_id                             = (known after apply)%0A      + key_usage                          = "ENCRYPT_DECRYPT"%0A      + multi_region                       = (known after apply)%0A      + policy                             = (known after apply)%0A      + tags_all                           = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_secretsmanager_secret.master_password will be created%0A  + resource "aws_secretsmanager_secret" "master_password" {%0A      + arn                            = (known after apply)%0A      + force_overwrite_replica_secret = false%0A      + id                             = (known after apply)%0A      + name                           = "staging-keyserver-remove-me-keystore-docdb-master-password"%0A      + name_prefix                    = (known after apply)%0A      + policy                         = (known after apply)%0A      + recovery_window_in_days        = 30%0A      + rotation_enabled               = (known after apply)%0A      + rotation_lambda_arn            = (known after apply)%0A      + tags_all                       = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_secretsmanager_secret_version.master_password will be created%0A  + resource "aws_secretsmanager_secret_version" "master_password" {%0A      + arn            = (known after apply)%0A      + id             = (known after apply)%0A      + secret_id      = (known after apply)%0A      + secret_string  = (sensitive value)%0A      + version_id     = (known after apply)%0A      + version_stages = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_security_group.service_security_group will be created%0A  + resource "aws_security_group" "service_security_group" {%0A      + arn                    = (known after apply)%0A      + description            = "Allow ingress from the application"%0A      + egress                 = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      + id                     = (known after apply)%0A      + ingress                = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A      + name                   = "staging-keyserver-remove-me-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      + owner_id               = (known after apply)%0A      + revoke_rules_on_delete = false%0A      + tags_all               = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_id                 = "vpc-08d4ffa8940e11aa5"%0A    }%0A%0A  # module.remove_me.random_password.master_password will be created%0A  + resource "random_password" "master_password" {%0A      + bcrypt_hash = (sensitive value)%0A      + id          = (known after apply)%0A      + length      = 16%0A      + lower       = true%0A      + min_lower   = 0%0A      + min_numeric = 0%0A      + min_special = 0%0A      + min_upper   = 0%0A      + number      = true%0A      + numeric     = true%0A      + result      = (sensitive value)%0A      + special     = false%0A      + upper       = true%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed%0A  # (because aws_cloudwatch_log_group.main is not in configuration)%0A  - resource "aws_cloudwatch_log_group" "main" {%0A      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - retention_in_days = 7 -> null%0A      - tags              = {} -> null%0A      - tags_all          = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed%0A  # (because aws_cloudwatch_metric_alarm.main is not in configuration)%0A  - resource "aws_cloudwatch_metric_alarm" "main" {%0A      - actions_enabled           = true -> null%0A      - alarm_actions             = [%0A          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",%0A        ] -> null%0A      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null%0A      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null%0A      - comparison_operator       = "GreaterThanThreshold" -> null%0A      - datapoints_to_alarm       = 0 -> null%0A      - dimensions                = {%0A          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A        } -> null%0A      - evaluation_periods        = 1 -> null%0A      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null%0A      - insufficient_data_actions = [] -> null%0A      - metric_name               = "CPUUtilization" -> null%0A      - namespace                 = "AWS/DocDB" -> null%0A      - ok_actions                = [%0A          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",%0A        ] -> null%0A      - period                    = 300 -> null%0A      - statistic                 = "Average" -> null%0A      - tags                      = {} -> null%0A      - tags_all                  = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - threshold                 = 80 -> null%0A      - treat_missing_data        = "missing" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed%0A  # (because aws_iam_policy.lambda is not in configuration)%0A  - resource "aws_iam_policy" "lambda" {%0A      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - path      = "/" -> null%0A      - policy    = jsonencode(%0A            {%0A              - Statement = [%0A                  - {%0A                      - Action   = [%0A                          - "logs:CreateLogStream",%0A                          - "logs:CreateLogGroup",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"%0A                    },%0A                  - {%0A                      - Action   = [%0A                          - "logs:PutLogEvents",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"%0A                    },%0A                  - {%0A                      - Action   = [%0A                          - "rds:DescribeDBInstances",%0A                          - "rds:DescribeDBClusters",%0A                          - "rds:CreateDBInstance",%0A                          - "rds:DeleteDBInstance",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = [%0A                          - "arn:aws:rds:eu-central-1:898587786287:*",%0A                        ]%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null%0A      - tags      = {} -> null%0A      - tags_all  = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed%0A  # (because aws_iam_role.lambda is not in configuration)%0A  - resource "aws_iam_role" "lambda" {%0A      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - assume_role_policy    = jsonencode(%0A            {%0A              - Statement = [%0A                  - {%0A                      - Action    = "sts:AssumeRole"%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - Service = "lambda.amazonaws.com"%0A                        }%0A                      - Sid       = ""%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - create_date           = "2023-08-07T15:13:40Z" -> null%0A      - force_detach_policies = false -> null%0A      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - managed_policy_arns   = [%0A          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",%0A        ] -> null%0A      - max_session_duration  = 3600 -> null%0A      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - path                  = "/" -> null%0A      - tags                  = {} -> null%0A      - tags_all              = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null%0A%0A      - inline_policy {}%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed%0A  # (because aws_iam_role_policy_attachment.lambda is not in configuration)%0A  - resource "aws_iam_role_policy_attachment" "lambda" {%0A      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null%0A      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed%0A  # (because aws_lambda_function.main is not in configuration)%0A  - resource "aws_lambda_function" "main" {%0A      - architectures                  = [%0A          - "x86_64",%0A        ] -> null%0A      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null%0A      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null%0A      - handler                        = "index.handler" -> null%0A      - id                             = "staging-keyserver-docdb-autoscaling" -> null%0A      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null%0A      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null%0A      - layers                         = [] -> null%0A      - memory_size                    = 128 -> null%0A      - package_type                   = "Zip" -> null%0A      - publish                        = false -> null%0A      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null%0A      - reserved_concurrent_executions = -1 -> null%0A      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - runtime                        = "python3.9" -> null%0A      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null%0A      - source_code_size               = 1933 -> null%0A      - tags                           = {} -> null%0A      - tags_all                       = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - timeout                        = 3 -> null%0A      - version                        = "$LATEST" -> null%0A%0A      - environment {%0A          - variables = {%0A              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A              - "max_capacity"       = "6"%0A              - "min_capacity"       = "0"%0A            } -> null%0A        }%0A%0A      - tracing_config {%0A          - mode = "PassThrough" -> null%0A        }%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed%0A  # (because aws_lambda_permission.sns is not in configuration)%0A  - resource "aws_lambda_permission" "sns" {%0A      - action        = "lambda:InvokeFunction" -> null%0A      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - id            = "AllowSubscriptionToSNS" -> null%0A      - principal     = "sns.amazonaws.com" -> null%0A      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - statement_id  = "AllowSubscriptionToSNS" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed%0A  # (because aws_sns_topic.main is not in configuration)%0A  - resource "aws_sns_topic" "main" {%0A      - application_success_feedback_sample_rate = 0 -> null%0A      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - content_based_deduplication              = false -> null%0A      - fifo_topic                               = false -> null%0A      - firehose_success_feedback_sample_rate    = 0 -> null%0A      - http_success_feedback_sample_rate        = 0 -> null%0A      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - lambda_success_feedback_sample_rate      = 0 -> null%0A      - name                                     = "staging-keyserver-docdb-autoscaling" -> null%0A      - owner                                    = "898587786287" -> null%0A      - policy                                   = jsonencode(%0A            {%0A              - Id        = "__default_policy_ID"%0A              - Statement = [%0A                  - {%0A                      - Action    = [%0A                          - "SNS:GetTopicAttributes",%0A                          - "SNS:SetTopicAttributes",%0A                          - "SNS:AddPermission",%0A                          - "SNS:RemovePermission",%0A                          - "SNS:DeleteTopic",%0A                          - "SNS:Subscribe",%0A                          - "SNS:ListSubscriptionsByTopic",%0A                          - "SNS:Publish",%0A                        ]%0A                      - Condition = {%0A                          - StringEquals = {%0A                              - "AWS:SourceOwner" = "898587786287"%0A                            }%0A                        }%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - AWS = "*"%0A                        }%0A                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"%0A                      - Sid       = "__default_statement_ID"%0A                    },%0A                ]%0A              - Version   = "2008-10-17"%0A            }%0A        ) -> null%0A      - sqs_success_feedback_sample_rate         = 0 -> null%0A      - tags                                     = {} -> null%0A      - tags_all                                 = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed%0A  # (because aws_sns_topic_subscription.main is not in configuration)%0A  - resource "aws_sns_topic_subscription" "main" {%0A      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null%0A      - confirmation_timeout_in_minutes = 1 -> null%0A      - confirmation_was_authenticated  = true -> null%0A      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - endpoint_auto_confirms          = false -> null%0A      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null%0A      - owner_id                        = "898587786287" -> null%0A      - pending_confirmation            = false -> null%0A      - protocol                        = "lambda" -> null%0A      - raw_message_delivery            = false -> null%0A      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A    }%0A%0APlan: 10 to add, 4 to change, 11 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@xav xav temporarily deployed to infra/prod August 7, 2023 23:10 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/staging August 7, 2023 23:21 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 7, 2023 23:21 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 7, 2023 23:21 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/db1776c4-e498-444d-b2ad-0c7fbe825c0f/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"
        name                               = "staging_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging_keyserver" -> (known after apply)
      ~ revision                 = 61 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be updated in-place
  ~ resource "aws_docdb_cluster" "docdb_primary" {
      ~ deletion_protection             = false -> true
        id                              = "staging-keyserver-keystore-docdb-primary-cluster"
        tags                            = {}
      ~ vpc_security_group_ids          = [
          - "sg-01de29cd9149d5d29",
        ] -> (known after apply)
        # (23 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place
  ~ resource "aws_docdb_subnet_group" "private_subnets" {
        id          = "staging-keyserver-keystore-docdb-private-subnet-group"
        name        = "staging-keyserver-keystore-docdb-private-subnet-group"
      ~ subnet_ids  = [
          - "subnet-0851c91f1a82ece18",
          - "subnet-0f59998ee3eeb6b29",
          - "subnet-0fe665bde6c07d332",
          + "subnet-006f9fc131af3565e",
          + "subnet-05894f2d41c0e8b45",
          + "subnet-06557bf48886434f1",
        ]
        tags        = {}
        # (3 unchanged attributes hidden)
    }

  # module.keystore_docdb.aws_security_group.service_security_group must be replaced
-/+ resource "aws_security_group" "service_security_group" {
      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)
      ~ egress                 = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow outbound traffic from the DocDB cluster"
              - from_port        = 0
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "-1"
              - security_groups  = []
              - self             = false
              - to_port          = 0
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)
      ~ ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow inbound traffic to the DocDB cluster"
              - from_port        = 27017
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 27017
            },
          + {
              + cidr_blocks      = [
                  + "10.192.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
        name                   = "staging-keyserver-keystore-docdb-service"
      + name_prefix            = (known after apply)
      ~ owner_id               = "898587786287" -> (known after apply)
      - tags                   = {} -> null
      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement
        # (3 unchanged attributes hidden)
    }

  # module.remove_me.aws_docdb_cluster.docdb_primary will be created
  + resource "aws_docdb_cluster" "docdb_primary" {
      + apply_immediately               = (known after apply)
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 1
      + cluster_identifier              = "staging-keyserver-remove-me-keystore-docdb-primary-cluster"
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + db_cluster_parameter_group_name = (known after apply)
      + db_subnet_group_name            = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + deletion_protection             = true
      + enabled_cloudwatch_logs_exports = [
          + "audit",
        ]
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = (known after apply)
      + master_password                 = (sensitive value)
      + master_username                 = "keyserver"
      + port                            = 27017
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = (known after apply)
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = true
      + storage_encrypted               = true
      + tags_all                        = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_security_group_ids          = (known after apply)
    }

  # module.remove_me.aws_docdb_cluster_instance.docdb_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = (known after apply)
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "staging-keyserver-remove-me-keystore-docdb-primary-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 0
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.remove_me.aws_docdb_subnet_group.private_subnets will be created
  + resource "aws_docdb_subnet_group" "private_subnets" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-0851c91f1a82ece18",
          + "subnet-0f59998ee3eeb6b29",
          + "subnet-0fe665bde6c07d332",
        ]
      + tags_all    = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_kms_key.docdb_encryption will be created
  + resource "aws_kms_key" "docdb_encryption" {
      + arn                                = (known after apply)
      + bypass_policy_lockout_safety_check = false
      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"
      + description                        = (known after apply)
      + enable_key_rotation                = true
      + id                                 = (known after apply)
      + is_enabled                         = true
      + key_id                             = (known after apply)
      + key_usage                          = "ENCRYPT_DECRYPT"
      + multi_region                       = (known after apply)
      + policy                             = (known after apply)
      + tags_all                           = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_secretsmanager_secret.master_password will be created
  + resource "aws_secretsmanager_secret" "master_password" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = "staging-keyserver-remove-me-keystore-docdb-master-password"
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + rotation_enabled               = (known after apply)
      + rotation_lambda_arn            = (known after apply)
      + tags_all                       = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.remove_me.aws_secretsmanager_secret_version.master_password will be created
  + resource "aws_secretsmanager_secret_version" "master_password" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.remove_me.aws_security_group.service_security_group will be created
  + resource "aws_security_group" "service_security_group" {
      + arn                    = (known after apply)
      + description            = "Allow ingress from the application"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
      + name                   = "staging-keyserver-remove-me-keystore-docdb-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = "vpc-08d4ffa8940e11aa5"
    }

  # module.remove_me.random_password.master_password will be created
  + resource "random_password" "master_password" {
      + bcrypt_hash = (sensitive value)
      + id          = (known after apply)
      + length      = 16
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (sensitive value)
      + special     = false
      + upper       = true
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed
  # (because aws_cloudwatch_log_group.main is not in configuration)
  - resource "aws_cloudwatch_log_group" "main" {
      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - retention_in_days = 7 -> null
      - tags              = {} -> null
      - tags_all          = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed
  # (because aws_cloudwatch_metric_alarm.main is not in configuration)
  - resource "aws_cloudwatch_metric_alarm" "main" {
      - actions_enabled           = true -> null
      - alarm_actions             = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null
      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null
      - comparison_operator       = "GreaterThanThreshold" -> null
      - datapoints_to_alarm       = 0 -> null
      - dimensions                = {
          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"
        } -> null
      - evaluation_periods        = 1 -> null
      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null
      - insufficient_data_actions = [] -> null
      - metric_name               = "CPUUtilization" -> null
      - namespace                 = "AWS/DocDB" -> null
      - ok_actions                = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - period                    = 300 -> null
      - statistic                 = "Average" -> null
      - tags                      = {} -> null
      - tags_all                  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - threshold                 = 80 -> null
      - treat_missing_data        = "missing" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed
  # (because aws_iam_policy.lambda is not in configuration)
  - resource "aws_iam_policy" "lambda" {
      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"
                    },
                  - {
                      - Action   = [
                          - "rds:DescribeDBInstances",
                          - "rds:DescribeDBClusters",
                          - "rds:CreateDBInstance",
                          - "rds:DeleteDBInstance",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:rds:eu-central-1:898587786287:*",
                        ]
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null
      - tags      = {} -> null
      - tags_all  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed
  # (because aws_iam_role.lambda is not in configuration)
  - resource "aws_iam_role" "lambda" {
      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2023-08-07T15:13:40Z" -> null
      - force_detach_policies = false -> null
      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null

      - inline_policy {}
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed
  # (because aws_iam_role_policy_attachment.lambda is not in configuration)
  - resource "aws_iam_role_policy_attachment" "lambda" {
      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null
      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed
  # (because aws_lambda_function.main is not in configuration)
  - resource "aws_lambda_function" "main" {
      - architectures                  = [
          - "x86_64",
        ] -> null
      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null
      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null
      - handler                        = "index.handler" -> null
      - id                             = "staging-keyserver-docdb-autoscaling" -> null
      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null
      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 128 -> null
      - package_type                   = "Zip" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - runtime                        = "python3.9" -> null
      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null
      - source_code_size               = 1933 -> null
      - tags                           = {} -> null
      - tags_all                       = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - timeout                        = 3 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"
              - "max_capacity"       = "6"
              - "min_capacity"       = "0"
            } -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed
  # (because aws_lambda_permission.sns is not in configuration)
  - resource "aws_lambda_permission" "sns" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - id            = "AllowSubscriptionToSNS" -> null
      - principal     = "sns.amazonaws.com" -> null
      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - statement_id  = "AllowSubscriptionToSNS" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed
  # (because aws_sns_topic.main is not in configuration)
  - resource "aws_sns_topic" "main" {
      - application_success_feedback_sample_rate = 0 -> null
      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - content_based_deduplication              = false -> null
      - fifo_topic                               = false -> null
      - firehose_success_feedback_sample_rate    = 0 -> null
      - http_success_feedback_sample_rate        = 0 -> null
      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - lambda_success_feedback_sample_rate      = 0 -> null
      - name                                     = "staging-keyserver-docdb-autoscaling" -> null
      - owner                                    = "898587786287" -> null
      - policy                                   = jsonencode(
            {
              - Id        = "__default_policy_ID"
              - Statement = [
                  - {
                      - Action    = [
                          - "SNS:GetTopicAttributes",
                          - "SNS:SetTopicAttributes",
                          - "SNS:AddPermission",
                          - "SNS:RemovePermission",
                          - "SNS:DeleteTopic",
                          - "SNS:Subscribe",
                          - "SNS:ListSubscriptionsByTopic",
                          - "SNS:Publish",
                        ]
                      - Condition = {
                          - StringEquals = {
                              - "AWS:SourceOwner" = "898587786287"
                            }
                        }
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"
                      - Sid       = "__default_statement_ID"
                    },
                ]
              - Version   = "2008-10-17"
            }
        ) -> null
      - sqs_success_feedback_sample_rate         = 0 -> null
      - tags                                     = {} -> null
      - tags_all                                 = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed
  # (because aws_sns_topic_subscription.main is not in configuration)
  - resource "aws_sns_topic_subscription" "main" {
      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - confirmation_timeout_in_minutes = 1 -> null
      - confirmation_was_authenticated  = true -> null
      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - endpoint_auto_confirms          = false -> null
      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - owner_id                        = "898587786287" -> null
      - pending_confirmation            = false -> null
      - protocol                        = "lambda" -> null
      - raw_message_delivery            = false -> null
      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
    }

Plan: 10 to add, 4 to change, 11 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  + create%0A  ~ update in-place%0A  - destroy%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"%0A        name                               = "staging_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "staging_keyserver" -> (known after apply)%0A      ~ revision                 = 61 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be updated in-place%0A  ~ resource "aws_docdb_cluster" "docdb_primary" {%0A      ~ deletion_protection             = false -> true%0A        id                              = "staging-keyserver-keystore-docdb-primary-cluster"%0A        tags                            = {}%0A      ~ vpc_security_group_ids          = [%0A          - "sg-01de29cd9149d5d29",%0A        ] -> (known after apply)%0A        # (23 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be updated in-place%0A  ~ resource "aws_docdb_subnet_group" "private_subnets" {%0A        id          = "staging-keyserver-keystore-docdb-private-subnet-group"%0A        name        = "staging-keyserver-keystore-docdb-private-subnet-group"%0A      ~ subnet_ids  = [%0A          - "subnet-0851c91f1a82ece18",%0A          - "subnet-0f59998ee3eeb6b29",%0A          - "subnet-0fe665bde6c07d332",%0A          + "subnet-006f9fc131af3565e",%0A          + "subnet-05894f2d41c0e8b45",%0A          + "subnet-06557bf48886434f1",%0A        ]%0A        tags        = {}%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.keystore_docdb.aws_security_group.service_security_group must be replaced%0A-/+ resource "aws_security_group" "service_security_group" {%0A      ~ arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ egress                 = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow outbound traffic from the DocDB cluster"%0A              - from_port        = 0%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "-1"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 0%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      ~ id                     = "sg-01de29cd9149d5d29" -> (known after apply)%0A      ~ ingress                = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow inbound traffic to the DocDB cluster"%0A              - from_port        = 27017%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "tcp"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 27017%0A            },%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.192.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A        name                   = "staging-keyserver-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      ~ owner_id               = "898587786287" -> (known after apply)%0A      - tags                   = {} -> null%0A      ~ vpc_id                 = "vpc-08d4ffa8940e11aa5" -> "vpc-09dce0b23af575478" # forces replacement%0A        # (3 unchanged attributes hidden)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster.docdb_primary will be created%0A  + resource "aws_docdb_cluster" "docdb_primary" {%0A      + apply_immediately               = (known after apply)%0A      + arn                             = (known after apply)%0A      + availability_zones              = (known after apply)%0A      + backup_retention_period         = 1%0A      + cluster_identifier              = "staging-keyserver-remove-me-keystore-docdb-primary-cluster"%0A      + cluster_identifier_prefix       = (known after apply)%0A      + cluster_members                 = (known after apply)%0A      + cluster_resource_id             = (known after apply)%0A      + db_cluster_parameter_group_name = (known after apply)%0A      + db_subnet_group_name            = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + deletion_protection             = true%0A      + enabled_cloudwatch_logs_exports = [%0A          + "audit",%0A        ]%0A      + endpoint                        = (known after apply)%0A      + engine                          = "docdb"%0A      + engine_version                  = (known after apply)%0A      + hosted_zone_id                  = (known after apply)%0A      + id                              = (known after apply)%0A      + kms_key_id                      = (known after apply)%0A      + master_password                 = (sensitive value)%0A      + master_username                 = "keyserver"%0A      + port                            = 27017%0A      + preferred_backup_window         = (known after apply)%0A      + preferred_maintenance_window    = (known after apply)%0A      + reader_endpoint                 = (known after apply)%0A      + skip_final_snapshot             = true%0A      + storage_encrypted               = true%0A      + tags_all                        = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_security_group_ids          = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_cluster_instance.docdb_instances[0] will be created%0A  + resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      + apply_immediately            = (known after apply)%0A      + arn                          = (known after apply)%0A      + auto_minor_version_upgrade   = true%0A      + availability_zone            = (known after apply)%0A      + ca_cert_identifier           = (known after apply)%0A      + cluster_identifier           = (known after apply)%0A      + db_subnet_group_name         = (known after apply)%0A      + dbi_resource_id              = (known after apply)%0A      + endpoint                     = (known after apply)%0A      + engine                       = "docdb"%0A      + engine_version               = (known after apply)%0A      + id                           = (known after apply)%0A      + identifier                   = "staging-keyserver-remove-me-keystore-docdb-primary-instance-0"%0A      + identifier_prefix            = (known after apply)%0A      + instance_class               = "db.r6g.large"%0A      + kms_key_id                   = (known after apply)%0A      + port                         = (known after apply)%0A      + preferred_backup_window      = (known after apply)%0A      + preferred_maintenance_window = (known after apply)%0A      + promotion_tier               = 0%0A      + publicly_accessible          = (known after apply)%0A      + storage_encrypted            = (known after apply)%0A      + tags_all                     = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + writer                       = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_docdb_subnet_group.private_subnets will be created%0A  + resource "aws_docdb_subnet_group" "private_subnets" {%0A      + arn         = (known after apply)%0A      + description = "Managed by Terraform"%0A      + id          = (known after apply)%0A      + name        = "staging-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + name_prefix = (known after apply)%0A      + subnet_ids  = [%0A          + "subnet-0851c91f1a82ece18",%0A          + "subnet-0f59998ee3eeb6b29",%0A          + "subnet-0fe665bde6c07d332",%0A        ]%0A      + tags_all    = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_kms_key.docdb_encryption will be created%0A  + resource "aws_kms_key" "docdb_encryption" {%0A      + arn                                = (known after apply)%0A      + bypass_policy_lockout_safety_check = false%0A      + customer_master_key_spec           = "SYMMETRIC_DEFAULT"%0A      + description                        = (known after apply)%0A      + enable_key_rotation                = true%0A      + id                                 = (known after apply)%0A      + is_enabled                         = true%0A      + key_id                             = (known after apply)%0A      + key_usage                          = "ENCRYPT_DECRYPT"%0A      + multi_region                       = (known after apply)%0A      + policy                             = (known after apply)%0A      + tags_all                           = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_secretsmanager_secret.master_password will be created%0A  + resource "aws_secretsmanager_secret" "master_password" {%0A      + arn                            = (known after apply)%0A      + force_overwrite_replica_secret = false%0A      + id                             = (known after apply)%0A      + name                           = "staging-keyserver-remove-me-keystore-docdb-master-password"%0A      + name_prefix                    = (known after apply)%0A      + policy                         = (known after apply)%0A      + recovery_window_in_days        = 30%0A      + rotation_enabled               = (known after apply)%0A      + rotation_lambda_arn            = (known after apply)%0A      + tags_all                       = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.remove_me.aws_secretsmanager_secret_version.master_password will be created%0A  + resource "aws_secretsmanager_secret_version" "master_password" {%0A      + arn            = (known after apply)%0A      + id             = (known after apply)%0A      + secret_id      = (known after apply)%0A      + secret_string  = (sensitive value)%0A      + version_id     = (known after apply)%0A      + version_stages = (known after apply)%0A    }%0A%0A  # module.remove_me.aws_security_group.service_security_group will be created%0A  + resource "aws_security_group" "service_security_group" {%0A      + arn                    = (known after apply)%0A      + description            = "Allow ingress from the application"%0A      + egress                 = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      + id                     = (known after apply)%0A      + ingress                = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A      + name                   = "staging-keyserver-remove-me-keystore-docdb-service"%0A      + name_prefix            = (known after apply)%0A      + owner_id               = (known after apply)%0A      + revoke_rules_on_delete = false%0A      + tags_all               = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_id                 = "vpc-08d4ffa8940e11aa5"%0A    }%0A%0A  # module.remove_me.random_password.master_password will be created%0A  + resource "random_password" "master_password" {%0A      + bcrypt_hash = (sensitive value)%0A      + id          = (known after apply)%0A      + length      = 16%0A      + lower       = true%0A      + min_lower   = 0%0A      + min_numeric = 0%0A      + min_special = 0%0A      + min_upper   = 0%0A      + number      = true%0A      + numeric     = true%0A      + result      = (sensitive value)%0A      + special     = false%0A      + upper       = true%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed%0A  # (because aws_cloudwatch_log_group.main is not in configuration)%0A  - resource "aws_cloudwatch_log_group" "main" {%0A      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null%0A      - retention_in_days = 7 -> null%0A      - tags              = {} -> null%0A      - tags_all          = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed%0A  # (because aws_cloudwatch_metric_alarm.main is not in configuration)%0A  - resource "aws_cloudwatch_metric_alarm" "main" {%0A      - actions_enabled           = true -> null%0A      - alarm_actions             = [%0A          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",%0A        ] -> null%0A      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null%0A      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null%0A      - comparison_operator       = "GreaterThanThreshold" -> null%0A      - datapoints_to_alarm       = 0 -> null%0A      - dimensions                = {%0A          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A        } -> null%0A      - evaluation_periods        = 1 -> null%0A      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null%0A      - insufficient_data_actions = [] -> null%0A      - metric_name               = "CPUUtilization" -> null%0A      - namespace                 = "AWS/DocDB" -> null%0A      - ok_actions                = [%0A          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",%0A        ] -> null%0A      - period                    = 300 -> null%0A      - statistic                 = "Average" -> null%0A      - tags                      = {} -> null%0A      - tags_all                  = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - threshold                 = 80 -> null%0A      - treat_missing_data        = "missing" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed%0A  # (because aws_iam_policy.lambda is not in configuration)%0A  - resource "aws_iam_policy" "lambda" {%0A      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - path      = "/" -> null%0A      - policy    = jsonencode(%0A            {%0A              - Statement = [%0A                  - {%0A                      - Action   = [%0A                          - "logs:CreateLogStream",%0A                          - "logs:CreateLogGroup",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"%0A                    },%0A                  - {%0A                      - Action   = [%0A                          - "logs:PutLogEvents",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"%0A                    },%0A                  - {%0A                      - Action   = [%0A                          - "rds:DescribeDBInstances",%0A                          - "rds:DescribeDBClusters",%0A                          - "rds:CreateDBInstance",%0A                          - "rds:DeleteDBInstance",%0A                        ]%0A                      - Effect   = "Allow"%0A                      - Resource = [%0A                          - "arn:aws:rds:eu-central-1:898587786287:*",%0A                        ]%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null%0A      - tags      = {} -> null%0A      - tags_all  = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed%0A  # (because aws_iam_role.lambda is not in configuration)%0A  - resource "aws_iam_role" "lambda" {%0A      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - assume_role_policy    = jsonencode(%0A            {%0A              - Statement = [%0A                  - {%0A                      - Action    = "sts:AssumeRole"%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - Service = "lambda.amazonaws.com"%0A                        }%0A                      - Sid       = ""%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - create_date           = "2023-08-07T15:13:40Z" -> null%0A      - force_detach_policies = false -> null%0A      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - managed_policy_arns   = [%0A          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",%0A        ] -> null%0A      - max_session_duration  = 3600 -> null%0A      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - path                  = "/" -> null%0A      - tags                  = {} -> null%0A      - tags_all              = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null%0A%0A      - inline_policy {}%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed%0A  # (because aws_iam_role_policy_attachment.lambda is not in configuration)%0A  - resource "aws_iam_role_policy_attachment" "lambda" {%0A      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null%0A      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null%0A      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed%0A  # (because aws_lambda_function.main is not in configuration)%0A  - resource "aws_lambda_function" "main" {%0A      - architectures                  = [%0A          - "x86_64",%0A        ] -> null%0A      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null%0A      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null%0A      - handler                        = "index.handler" -> null%0A      - id                             = "staging-keyserver-docdb-autoscaling" -> null%0A      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null%0A      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null%0A      - layers                         = [] -> null%0A      - memory_size                    = 128 -> null%0A      - package_type                   = "Zip" -> null%0A      - publish                        = false -> null%0A      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null%0A      - reserved_concurrent_executions = -1 -> null%0A      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null%0A      - runtime                        = "python3.9" -> null%0A      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null%0A      - source_code_size               = 1933 -> null%0A      - tags                           = {} -> null%0A      - tags_all                       = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - timeout                        = 3 -> null%0A      - version                        = "$LATEST" -> null%0A%0A      - environment {%0A          - variables = {%0A              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"%0A              - "max_capacity"       = "6"%0A              - "min_capacity"       = "0"%0A            } -> null%0A        }%0A%0A      - tracing_config {%0A          - mode = "PassThrough" -> null%0A        }%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed%0A  # (because aws_lambda_permission.sns is not in configuration)%0A  - resource "aws_lambda_permission" "sns" {%0A      - action        = "lambda:InvokeFunction" -> null%0A      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - id            = "AllowSubscriptionToSNS" -> null%0A      - principal     = "sns.amazonaws.com" -> null%0A      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - statement_id  = "AllowSubscriptionToSNS" -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed%0A  # (because aws_sns_topic.main is not in configuration)%0A  - resource "aws_sns_topic" "main" {%0A      - application_success_feedback_sample_rate = 0 -> null%0A      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - content_based_deduplication              = false -> null%0A      - fifo_topic                               = false -> null%0A      - firehose_success_feedback_sample_rate    = 0 -> null%0A      - http_success_feedback_sample_rate        = 0 -> null%0A      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A      - lambda_success_feedback_sample_rate      = 0 -> null%0A      - name                                     = "staging-keyserver-docdb-autoscaling" -> null%0A      - owner                                    = "898587786287" -> null%0A      - policy                                   = jsonencode(%0A            {%0A              - Id        = "__default_policy_ID"%0A              - Statement = [%0A                  - {%0A                      - Action    = [%0A                          - "SNS:GetTopicAttributes",%0A                          - "SNS:SetTopicAttributes",%0A                          - "SNS:AddPermission",%0A                          - "SNS:RemovePermission",%0A                          - "SNS:DeleteTopic",%0A                          - "SNS:Subscribe",%0A                          - "SNS:ListSubscriptionsByTopic",%0A                          - "SNS:Publish",%0A                        ]%0A                      - Condition = {%0A                          - StringEquals = {%0A                              - "AWS:SourceOwner" = "898587786287"%0A                            }%0A                        }%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - AWS = "*"%0A                        }%0A                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"%0A                      - Sid       = "__default_statement_ID"%0A                    },%0A                ]%0A              - Version   = "2008-10-17"%0A            }%0A        ) -> null%0A      - sqs_success_feedback_sample_rate         = 0 -> null%0A      - tags                                     = {} -> null%0A      - tags_all                                 = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed%0A  # (because aws_sns_topic_subscription.main is not in configuration)%0A  - resource "aws_sns_topic_subscription" "main" {%0A      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null%0A      - confirmation_timeout_in_minutes = 1 -> null%0A      - confirmation_was_authenticated  = true -> null%0A      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null%0A      - endpoint_auto_confirms          = false -> null%0A      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null%0A      - owner_id                        = "898587786287" -> null%0A      - pending_confirmation            = false -> null%0A      - protocol                        = "lambda" -> null%0A      - raw_message_delivery            = false -> null%0A      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null%0A    }%0A%0APlan: 10 to add, 4 to change, 11 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@github-actions
Copy link
Contributor

github-actions bot commented Aug 7, 2023

Show Plan 

[command]/home/runner/work/_temp/4b284eb0-12fc-40e0-a7f1-29a989035ed5/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"
        name                               = "prod_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "prod_keyserver" -> (known after apply)
      ~ revision                 = 13 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 2 to change, 1 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  ~ update in-place%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"%0A        name                               = "prod_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:13" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "prod_keyserver" -> (known after apply)%0A      ~ revision                 = 13 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0APlan: 1 to add, 2 to change, 1 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@xav xav temporarily deployed to infra/prod August 7, 2023 23:22 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 8, 2023 19:36 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/staging August 8, 2023 19:36 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Aug 8, 2023

Show Plan 

[command]/home/runner/work/_temp/cc277dfe-10a5-40be-8e5f-732fd496655a/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"
        name                               = "staging_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging_keyserver" -> (known after apply)
      ~ revision                 = 61 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.keystore.aws_docdb_cluster.docdb will be created
  + resource "aws_docdb_cluster" "docdb" {
      + apply_immediately               = (known after apply)
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 1
      + cluster_identifier              = "prod-keyserver-keystore-primary-cluster"
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + db_cluster_parameter_group_name = (known after apply)
      + db_subnet_group_name            = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + deletion_protection             = true
      + enabled_cloudwatch_logs_exports = [
          + "audit",
        ]
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = "arn:aws:kms:eu-central-1:898587786287:key/8807d3bb-5005-48c3-bc18-fe5c1a8a7279"
      + master_password                 = (sensitive value)
      + master_username                 = "keyserver"
      + port                            = 27017
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = (known after apply)
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = true
      + storage_encrypted               = true
      + tags_all                        = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_security_group_ids          = (known after apply)
    }

  # module.keystore.aws_docdb_cluster_instance.docdb_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = (known after apply)
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "staging-keyserver-keystore-docdb-primary-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 0
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.keystore.aws_docdb_subnet_group.private_subnets will be created
  + resource "aws_docdb_subnet_group" "private_subnets" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-0851c91f1a82ece18",
          + "subnet-0f59998ee3eeb6b29",
          + "subnet-0fe665bde6c07d332",
        ]
      + tags_all    = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.keystore.aws_secretsmanager_secret.master_password will be created
  + resource "aws_secretsmanager_secret" "master_password" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = "staging-keyserver-keystore-docdb-master-password"
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + rotation_enabled               = (known after apply)
      + rotation_lambda_arn            = (known after apply)
      + tags_all                       = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.keystore.aws_secretsmanager_secret_version.master_password will be created
  + resource "aws_secretsmanager_secret_version" "master_password" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.keystore.aws_security_group.service_security_group will be created
  + resource "aws_security_group" "service_security_group" {
      + arn                    = (known after apply)
      + description            = "Allow ingress from the application"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
      + name                   = "staging-keyserver-keystore-docdb"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = "vpc-08d4ffa8940e11aa5"
    }

  # module.keystore.random_password.master_password will be created
  + resource "random_password" "master_password" {
      + bcrypt_hash = (sensitive value)
      + id          = (known after apply)
      + length      = 16
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (sensitive value)
      + special     = false
      + upper       = true
    }

  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be destroyed
  # (because aws_docdb_cluster.docdb_primary is not in configuration)
  - resource "aws_docdb_cluster" "docdb_primary" {
      - arn                             = "arn:aws:rds:eu-central-1:898587786287:cluster:staging-keyserver-keystore-docdb-primary-cluster" -> null
      - availability_zones              = [
          - "eu-central-1a",
          - "eu-central-1b",
          - "eu-central-1c",
        ] -> null
      - backup_retention_period         = 1 -> null
      - cluster_identifier              = "staging-keyserver-keystore-docdb-primary-cluster" -> null
      - cluster_members                 = [
          - "staging-keyserver-keystore-docdb-primary-instance-0",
        ] -> null
      - cluster_resource_id             = "cluster-IHQNJWC63NKRELS7LEYFYOE5KE" -> null
      - db_cluster_parameter_group_name = "default.docdb5.0" -> null
      - db_subnet_group_name            = "staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - deletion_protection             = false -> null
      - enabled_cloudwatch_logs_exports = [
          - "audit",
        ] -> null
      - endpoint                        = "staging-keyserver-keystore-docdb-primary-cluster.cluster-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null
      - engine                          = "docdb" -> null
      - engine_version                  = "5.0.0" -> null
      - hosted_zone_id                  = "Z1ZKU8ZZR6T7FW" -> null
      - id                              = "staging-keyserver-keystore-docdb-primary-cluster" -> null
      - kms_key_id                      = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - master_password                 = (sensitive value) -> null
      - master_username                 = "keyserver" -> null
      - port                            = 27017 -> null
      - preferred_backup_window         = "22:12-22:42" -> null
      - preferred_maintenance_window    = "sat:21:17-sat:21:47" -> null
      - reader_endpoint                 = "staging-keyserver-keystore-docdb-primary-cluster.cluster-ro-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null
      - skip_final_snapshot             = true -> null
      - storage_encrypted               = true -> null
      - tags                            = {} -> null
      - tags_all                        = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - vpc_security_group_ids          = [
          - "sg-01de29cd9149d5d29",
        ] -> null
    }

  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_instances[0] will be destroyed
  # (because aws_docdb_cluster_instance.docdb_instances is not in configuration)
  - resource "aws_docdb_cluster_instance" "docdb_instances" {
      - arn                          = "arn:aws:rds:eu-central-1:898587786287:db:staging-keyserver-keystore-docdb-primary-instance-0" -> null
      - auto_minor_version_upgrade   = true -> null
      - availability_zone            = "eu-central-1c" -> null
      - ca_cert_identifier           = "rds-ca-2019" -> null
      - cluster_identifier           = "staging-keyserver-keystore-docdb-primary-cluster" -> null
      - db_subnet_group_name         = "staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - dbi_resource_id              = "db-GF34S7DWNQQBQUS4WCMKJKNQSA" -> null
      - endpoint                     = "staging-keyserver-keystore-docdb-primary-instance-0.cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null
      - engine                       = "docdb" -> null
      - engine_version               = "5.0.0" -> null
      - id                           = "staging-keyserver-keystore-docdb-primary-instance-0" -> null
      - identifier                   = "staging-keyserver-keystore-docdb-primary-instance-0" -> null
      - instance_class               = "db.r6g.large" -> null
      - kms_key_id                   = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - port                         = 27017 -> null
      - preferred_backup_window      = "22:12-22:42" -> null
      - preferred_maintenance_window = "fri:02:49-fri:03:19" -> null
      - promotion_tier               = 0 -> null
      - publicly_accessible          = false -> null
      - storage_encrypted            = true -> null
      - tags                         = {} -> null
      - tags_all                     = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - writer                       = true -> null
    }

  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be destroyed
  # (because aws_docdb_subnet_group.private_subnets is not in configuration)
  - resource "aws_docdb_subnet_group" "private_subnets" {
      - arn         = "arn:aws:rds:eu-central-1:898587786287:subgrp:staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - description = "Managed by Terraform" -> null
      - id          = "staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - name        = "staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - subnet_ids  = [
          - "subnet-0851c91f1a82ece18",
          - "subnet-0f59998ee3eeb6b29",
          - "subnet-0fe665bde6c07d332",
        ] -> null
      - tags        = {} -> null
      - tags_all    = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.aws_kms_key.docdb_encryption will be destroyed
  # (because aws_kms_key.docdb_encryption is not in configuration)
  - resource "aws_kms_key" "docdb_encryption" {
      - arn                                = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - bypass_policy_lockout_safety_check = false -> null
      - customer_master_key_spec           = "SYMMETRIC_DEFAULT" -> null
      - enable_key_rotation                = true -> null
      - id                                 = "49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - is_enabled                         = true -> null
      - key_id                             = "49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - key_usage                          = "ENCRYPT_DECRYPT" -> null
      - multi_region                       = false -> null
      - policy                             = jsonencode(
            {
              - Id        = "key-default-1"
              - Statement = [
                  - {
                      - Action    = "kms:*"
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::898587786287:root"
                        }
                      - Resource  = "*"
                      - Sid       = "Enable IAM User Permissions"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - tags                               = {} -> null
      - tags_all                           = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.aws_secretsmanager_secret.master_password will be destroyed
  # (because aws_secretsmanager_secret.master_password is not in configuration)
  - resource "aws_secretsmanager_secret" "master_password" {
      - arn                            = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null
      - force_overwrite_replica_secret = false -> null
      - id                             = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null
      - name                           = "staging-keyserver-keystore-docdb-master-password" -> null
      - recovery_window_in_days        = 30 -> null
      - rotation_enabled               = false -> null
      - tags                           = {} -> null
      - tags_all                       = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.aws_secretsmanager_secret_version.master_password will be destroyed
  # (because aws_secretsmanager_secret_version.master_password is not in configuration)
  - resource "aws_secretsmanager_secret_version" "master_password" {
      - arn            = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null
      - id             = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj|C675B0DF-31BB-43CE-AD7A-E7C161999EAB" -> null
      - secret_id      = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null
      - secret_string  = (sensitive value) -> null
      - version_id     = "C675B0DF-31BB-43CE-AD7A-E7C161999EAB" -> null
      - version_stages = [
          - "AWSCURRENT",
        ] -> null
    }

  # module.keystore_docdb.aws_security_group.service_security_group will be destroyed
  # (because aws_security_group.service_security_group is not in configuration)
  - resource "aws_security_group" "service_security_group" {
      - arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> null
      - description            = "Allow ingress from the application" -> null
      - egress                 = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow outbound traffic from the DocDB cluster"
              - from_port        = 0
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "-1"
              - security_groups  = []
              - self             = false
              - to_port          = 0
            },
        ] -> null
      - id                     = "sg-01de29cd9149d5d29" -> null
      - ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow inbound traffic to the DocDB cluster"
              - from_port        = 27017
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 27017
            },
        ] -> null
      - name                   = "staging-keyserver-keystore-docdb-service" -> null
      - owner_id               = "898587786287" -> null
      - revoke_rules_on_delete = false -> null
      - tags                   = {} -> null
      - tags_all               = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - vpc_id                 = "vpc-08d4ffa8940e11aa5" -> null
    }

  # module.keystore_docdb.random_password.master_password will be destroyed
  # (because random_password.master_password is not in configuration)
  - resource "random_password" "master_password" {
      - bcrypt_hash = (sensitive value) -> null
      - id          = "none" -> null
      - length      = 16 -> null
      - lower       = true -> null
      - min_lower   = 0 -> null
      - min_numeric = 0 -> null
      - min_special = 0 -> null
      - min_upper   = 0 -> null
      - number      = true -> null
      - numeric     = true -> null
      - result      = (sensitive value) -> null
      - special     = false -> null
      - upper       = true -> null
    }

  # module.o11y.grafana_dashboard.main will be updated in-place
  ~ resource "grafana_dashboard" "main" {
      ~ config_json  = jsonencode(
          ~ {
              ~ panels        = [
                    # (4 unchanged elements hidden)
                    {
                        content     = "# DocumentDB"
                        datasource  = null
                        gridPos     = {
                            h = 4
                            w = 24
                            x = 0
                            y = 16
                        }
                        mode        = "markdown"
                        title       = ""
                        transparent = true
                        type        = "text"
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (10 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (11 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (10 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (12 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                ]
                tags          = []
                # (19 unchanged attributes hidden)
            }
        )
        id           = "staging-keyserver"
        # (7 unchanged attributes hidden)
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed
  # (because aws_cloudwatch_log_group.main is not in configuration)
  - resource "aws_cloudwatch_log_group" "main" {
      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - retention_in_days = 7 -> null
      - tags              = {} -> null
      - tags_all          = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed
  # (because aws_cloudwatch_metric_alarm.main is not in configuration)
  - resource "aws_cloudwatch_metric_alarm" "main" {
      - actions_enabled           = true -> null
      - alarm_actions             = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null
      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null
      - comparison_operator       = "GreaterThanThreshold" -> null
      - datapoints_to_alarm       = 0 -> null
      - dimensions                = {
          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"
        } -> null
      - evaluation_periods        = 1 -> null
      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null
      - insufficient_data_actions = [] -> null
      - metric_name               = "CPUUtilization" -> null
      - namespace                 = "AWS/DocDB" -> null
      - ok_actions                = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - period                    = 300 -> null
      - statistic                 = "Average" -> null
      - tags                      = {} -> null
      - tags_all                  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - threshold                 = 80 -> null
      - treat_missing_data        = "missing" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed
  # (because aws_iam_policy.lambda is not in configuration)
  - resource "aws_iam_policy" "lambda" {
      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"
                    },
                  - {
                      - Action   = [
                          - "rds:DescribeDBInstances",
                          - "rds:DescribeDBClusters",
                          - "rds:CreateDBInstance",
                          - "rds:DeleteDBInstance",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:rds:eu-central-1:898587786287:*",
                        ]
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null
      - tags      = {} -> null
      - tags_all  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed
  # (because aws_iam_role.lambda is not in configuration)
  - resource "aws_iam_role" "lambda" {
      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2023-08-07T15:13:40Z" -> null
      - force_detach_policies = false -> null
      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null

      - inline_policy {}
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed
  # (because aws_iam_role_policy_attachment.lambda is not in configuration)
  - resource "aws_iam_role_policy_attachment" "lambda" {
      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null
      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed
  # (because aws_lambda_function.main is not in configuration)
  - resource "aws_lambda_function" "main" {
      - architectures                  = [
          - "x86_64",
        ] -> null
      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null
      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null
      - handler                        = "index.handler" -> null
      - id                             = "staging-keyserver-docdb-autoscaling" -> null
      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null
      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 128 -> null
      - package_type                   = "Zip" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - runtime                        = "python3.9" -> null
      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null
      - source_code_size               = 1933 -> null
      - tags                           = {} -> null
      - tags_all                       = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - timeout                        = 3 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"
              - "max_capacity"       = "6"
              - "min_capacity"       = "0"
            } -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed
  # (because aws_lambda_permission.sns is not in configuration)
  - resource "aws_lambda_permission" "sns" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - id            = "AllowSubscriptionToSNS" -> null
      - principal     = "sns.amazonaws.com" -> null
      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - statement_id  = "AllowSubscriptionToSNS" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed
  # (because aws_sns_topic.main is not in configuration)
  - resource "aws_sns_topic" "main" {
      - application_success_feedback_sample_rate = 0 -> null
      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - content_based_deduplication              = false -> null
      - fifo_topic                               = false -> null
      - firehose_success_feedback_sample_rate    = 0 -> null
      - http_success_feedback_sample_rate        = 0 -> null
      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - lambda_success_feedback_sample_rate      = 0 -> null
      - name                                     = "staging-keyserver-docdb-autoscaling" -> null
      - owner                                    = "898587786287" -> null
      - policy                                   = jsonencode(
            {
              - Id        = "__default_policy_ID"
              - Statement = [
                  - {
                      - Action    = [
                          - "SNS:GetTopicAttributes",
                          - "SNS:SetTopicAttributes",
                          - "SNS:AddPermission",
                          - "SNS:RemovePermission",
                          - "SNS:DeleteTopic",
                          - "SNS:Subscribe",
                          - "SNS:ListSubscriptionsByTopic",
                          - "SNS:Publish",
                        ]
                      - Condition = {
                          - StringEquals = {
                              - "AWS:SourceOwner" = "898587786287"
                            }
                        }
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"
                      - Sid       = "__default_statement_ID"
                    },
                ]
              - Version   = "2008-10-17"
            }
        ) -> null
      - sqs_success_feedback_sample_rate         = 0 -> null
      - tags                                     = {} -> null
      - tags_all                                 = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed
  # (because aws_sns_topic_subscription.main is not in configuration)
  - resource "aws_sns_topic_subscription" "main" {
      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - confirmation_timeout_in_minutes = 1 -> null
      - confirmation_was_authenticated  = true -> null
      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - endpoint_auto_confirms          = false -> null
      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - owner_id                        = "898587786287" -> null
      - pending_confirmation            = false -> null
      - protocol                        = "lambda" -> null
      - raw_message_delivery            = false -> null
      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
    }

Plan: 8 to add, 3 to change, 18 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  + create%0A  ~ update in-place%0A  - destroy%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"%0A        name                               = "staging_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "staging_keyserver" -> (known after apply)%0A      ~ revision                 = 61 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.keystore.aws_docdb_cluster.docdb will be created%0A  + resource "aws_docdb_cluster" "docdb" {%0A      + apply_immediately               = (known after apply)%0A      + arn                             = (known after apply)%0A      + availability_zones              = (known after apply)%0A      + backup_retention_period         = 1%0A      + cluster_identifier              = "prod-keyserver-keystore-primary-cluster"%0A      + cluster_identifier_prefix       = (known after apply)%0A      + cluster_members                 = (known after apply)%0A      + cluster_resource_id             = (known after apply)%0A      + db_cluster_parameter_group_name = (known after apply)%0A      + db_subnet_group_name            = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + deletion_protection             = true%0A      + enabled_cloudwatch_logs_exports = [%0A          + "audit",%0A        ]%0A      + endpoint                        = (known after apply)%0A      + engine                          = "docdb"%0A      + engine_version                  = (known after apply)%0A      + hosted_zone_id                  = (known after apply)%0A      + id                              = (known after apply)%0A      + kms_key_id                      = "arn:aws:kms:eu-central-1:898587786287:key/8807d3bb-5005-48c3-bc18-fe5c1a8a7279"%0A      + master_password                 = (sensitive value)%0A      + master_username                 = "keyserver"%0A      + port                            = 27017%0A      + preferred_backup_window         = (known after apply)%0A      + preferred_maintenance_window    = (known after apply)%0A      + reader_endpoint                 = (known after apply)%0A      + skip_final_snapshot             = true%0A      + storage_encrypted               = true%0A      + tags_all                        = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_security_group_ids          = (known after apply)%0A    }%0A%0A  # module.keystore.aws_docdb_cluster_instance.docdb_instances[0] will be created%0A  + resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      + apply_immediately            = (known after apply)%0A      + arn                          = (known after apply)%0A      + auto_minor_version_upgrade   = true%0A      + availability_zone            = (known after apply)%0A      + ca_cert_identifier           = (known after apply)%0A      + cluster_identifier           = (known after apply)%0A      + db_subnet_group_name         = (known after apply)%0A      + dbi_resource_id              = (known after apply)%0A      + endpoint                     = (known after apply)%0A      + engine                       = "docdb"%0A      + engine_version               = (known after apply)%0A      + id                           = (known after apply)%0A      + identifier                   = "staging-keyserver-keystore-docdb-primary-instance-0"%0A      + identifier_prefix            = (known after apply)%0A      + instance_class               = "db.r6g.large"%0A      + kms_key_id                   = (known after apply)%0A      + port                         = (known after apply)%0A      + preferred_backup_window      = (known after apply)%0A      + preferred_maintenance_window = (known after apply)%0A      + promotion_tier               = 0%0A      + publicly_accessible          = (known after apply)%0A      + storage_encrypted            = (known after apply)%0A      + tags_all                     = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + writer                       = (known after apply)%0A    }%0A%0A  # module.keystore.aws_docdb_subnet_group.private_subnets will be created%0A  + resource "aws_docdb_subnet_group" "private_subnets" {%0A      + arn         = (known after apply)%0A      + description = "Managed by Terraform"%0A      + id          = (known after apply)%0A      + name        = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + name_prefix = (known after apply)%0A      + subnet_ids  = [%0A          + "subnet-0851c91f1a82ece18",%0A          + "subnet-0f59998ee3eeb6b29",%0A          + "subnet-0fe665bde6c07d332",%0A        ]%0A      + tags_all    = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.keystore.aws_secretsmanager_secret.master_password will be created%0A  + resource "aws_secretsmanager_secret" "master_password" {%0A      + arn                            = (known after apply)%0A      + force_overwrite_replica_secret = false%0A      + id                             = (known after apply)%0A      + name                           = "staging-keyserver-keystore-docdb-master-password"%0A      + name_prefix                    = (known after apply)%0A      + policy                         = (known after apply)%0A      + recovery_window_in_days        = 30%0A      + rotation_enabled               = (known after apply)%0A      + rotation_lambda_arn            = (known after apply)%0A      + tags_all                       = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.keystore.aws_secretsmanager_secret_version.master_password will be created%0A  + resource "aws_secretsmanager_secret_version" "master_password" {%0A      + arn            = (known after apply)%0A      + id             = (known after apply)%0A      + secret_id      = (known after apply)%0A      + secret_string  = (sensitive value)%0A      + version_id     = (known after apply)%0A      + version_stages = (known after apply)%0A    }%0A%0A  # module.keystore.aws_security_group.service_security_group will be created%0A  + resource "aws_security_group" "service_security_group" {%0A      + arn                    = (known after apply)%0A      + description            = "Allow ingress from the application"%0A      + egress                 = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      + id                     = (known after apply)%0A      + ingress                = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A      + name                   = "staging-keyserver-keystore-docdb"%0A      + name_prefix            = (known after apply)%0A      + owner_id               = (known after apply)%0A      + revoke_rules_on_delete = false%0A      + tags_all               = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_id                 = "vpc-08d4ffa8940e11aa5"%0A    }%0A%0A  # module.keystore.random_password.master_password will be created%0A  + resource "random_password" "master_password" {%0A      + bcrypt_hash = (sensitive value)%0A      + id          = (known after apply)%0A      + length      = 16%0A      + lower       = true%0A      + min_lower   = 0%0A      + min_numeric = 0%0A      + min_special = 0%0A      + min_upper   = 0%0A      + number      = true%0A      + numeric     = true%0A      + result      = (sensitive value)%0A      + special     = false%0A      + upper       = true%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be destroyed%0A  # (because aws_docdb_cluster.docdb_primary is not in configuration)%0A  - resource "aws_docdb_cluster" "docdb_primary" {%0A      - arn                             = "arn:aws:rds:eu-central-1:898587786287:cluster:staging-keyserver-keystore-docdb-primary-cluster" -> null%0A      - availability_zones              = [%0A          - "eu-central-1a",%0A          - "eu-central-1b",%0A          - "eu-central-1c",%0A        ] -> null%0A      - backup_retention_period         = 1 -> null%0A      - cluster_identifier              = "staging-keyserver-keystore-docdb-primary-cluster" -> null%0A      - cluster_members                 = [%0A          - "staging-keyserver-keystore-docdb-primary-instance-0",%0A        ] -> null%0A      - cluster_resource_id             = "cluster-IHQNJWC63NKRELS7LEYFYOE5KE" -> null%0A      - db_cluster_parameter_group_name = "default.docdb5.0" -> null%0A      - db_subnet_group_name            = "staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - deletion_protection             = false -> null%0A      - enabled_cloudwatch_logs_exports = [%0A          - "audit",%0A        ] -> null%0A      - endpoint                        = "staging-keyserver-keystore-docdb-primary-cluster.cluster-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null%0A      - engine                          = "docdb" -> null%0A      - engine_version                  = "5.0.0" -> null%0A      - hosted_zone_id                  = "Z1ZKU8ZZR6T7FW" -> null%0A      - id                              = "staging-keyserver-keystore-docdb-primary-cluster" -> null%0A      - kms_key_id                      = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - master_password                 = (sensitive value) -> null%0A      - master_username                 = "keyserver" -> null%0A      - port                            = 27017 -> null%0A      - preferred_backup_window         = "22:12-22:42" -> null%0A      - preferred_maintenance_window    = "sat:21:17-sat:21:47" -> null%0A      - reader_endpoint                 = "staging-keyserver-keystore-docdb-primary-cluster.cluster-ro-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null%0A      - skip_final_snapshot             = true -> null%0A      - storage_encrypted               = true -> null%0A      - tags                            = {} -> null%0A      - tags_all                        = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - vpc_security_group_ids          = [%0A          - "sg-01de29cd9149d5d29",%0A        ] -> null%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_instances[0] will be destroyed%0A  # (because aws_docdb_cluster_instance.docdb_instances is not in configuration)%0A  - resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      - arn                          = "arn:aws:rds:eu-central-1:898587786287:db:staging-keyserver-keystore-docdb-primary-instance-0" -> null%0A      - auto_minor_version_upgrade   = true -> null%0A      - availability_zone            = "eu-central-1c" -> null%0A      - ca_cert_identifier           = "rds-ca-2019" -> null%0A      - cluster_identifier           = "staging-keyserver-keystore-docdb-primary-cluster" -> null%0A      - db_subnet_group_name         = "staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - dbi_resource_id              = "db-GF34S7DWNQQBQUS4WCMKJKNQSA" -> null%0A      - endpoint                     = "staging-keyserver-keystore-docdb-primary-instance-0.cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null%0A      - engine                       = "docdb" -> null%0A      - engine_version               = "5.0.0" -> null%0A      - id                           = "staging-keyserver-keystore-docdb-primary-instance-0" -> null%0A      - identifier                   = "staging-keyserver-keystore-docdb-primary-instance-0" -> null%0A      - instance_class               = "db.r6g.large" -> null%0A      - kms_key_id                   = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - port                         = 27017 -> null%0A      - preferred_backup_window      = "22:12-22:42" -> null%0A      - preferred_maintenance_window = "fri:02:49-fri:03:19" -> null%0A      - promotion_tier               = 0 -> null%0A      - publicly_accessible          = false -> null%0A      - storage_encrypted            = true -> null%0A      - tags                         = {} -> null%0A      - tags_all                     = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - writer                       = true -> null%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be destroyed%0A  # (because aws_docdb_subnet_group.private_subnets is not in configuration)%0A  - resource "aws_docdb_subnet_group" "private_subnets" {%0A      - arn         = "arn:aws:rds:eu-central-1:898587786287:subgrp:staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - description = "Managed by Terraform" -> null%0A      - id          = "staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - name        = "staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - subnet_ids  = [%0A          - "subnet-0851c91f1a82ece18",%0A          - "subnet-0f59998ee3eeb6b29",%0A          - "subnet-0fe665bde6c07d332",%0A        ] -> null%0A      - tags        = {} -> null%0A      - tags_all    = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.aws_kms_key.docdb_encryption will be destroyed%0A  # (because aws_kms_key.docdb_encryption is not in configuration)%0A  - resource "aws_kms_key" "docdb_encryption" {%0A      - arn                                = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - bypass_policy_lockout_safety_check = false -> null%0A      - customer_master_key_spec           = "SYMMETRIC_DEFAULT" -> null%0A      - enable_key_rotation                = true -> null%0A      - id                                 = "49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - is_enabled                         = true -> null%0A      - key_id                             = "49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - key_usage                          = "ENCRYPT_DECRYPT" -> null%0A      - multi_region                       = false -> null%0A      - policy                             = jsonencode(%0A            {%0A              - Id        = "key-default-1"%0A              - Statement = [%0A                  - {%0A                      - Action    = "kms:*"%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - AWS = "arn:aws:iam::898587786287:root"%0A                        }%0A                      - Resource  = "*"%0A                      - Sid       = "Enable IAM User Permissions"%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - tags                               = {} -> null%0A      - tags_all                           = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.aws_secretsmanager_secret.master_password will be destroyed%0A  # (because aws_secretsmanager_secret.master_password is not in configuration)%0A  - resource "aws_secretsmanager_secret" "master_password" {%0A      - arn                            = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null%0A      - force_overwrite_replica_secret = false -> null%0A      - id                             = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null%0A      - name                           = "staging-keyserver-keystore-docdb-master-password" -> null%0A      - recovery_window_in_days        = 30 -> null%0A      - rotation_enabled               = false -> null%0A      - tags                           = {} -> null%0A      - tags_all                       = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.aws_secretsmanager_secret_version.master_password will be destroyed%0A  # (because aws_secretsmanager_secret_version.master_password is not in configuration)%0A  - resource "aws_secretsmanager_secret_version" "master_password" {%0A      - arn            = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null%0A      - id             = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj|C675B0DF-31BB-43CE-AD7A-E7C161999EAB" -> null%0A      - secret_id      = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null%0A      - secret_string  = (sensitive value) -> null%0A      - version_id     = "C675B0DF-31BB-43CE-AD7A-E7C161999EAB" -> null%0A      - version_stages = [%0A          - "AWSCURRENT",%0A        ] -> null%0A    }%0A%0A  # module.keystore_docdb.aws_security_group.service_security_group will be destroyed%0A  # (because aws_security_group.service_security_group is not in configuration)%0A  - resource "aws_security_group" "service_security_group" {%0A      - arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> null%0A      - description            = "Allow ingress from the application" -> null%0A      - egress                 = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow outbound traffic from the DocDB cluster"%0A              - from_port        = 0%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "-1"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 0%0A            },%0A        ] -> null%0A      - id                     = "sg-01de29cd9149d5d29" -> null%0A      - ingress                = [%0A          - {%0A              - cidr_blocks    
...

Action: pull_request

@github-actions
Copy link
Contributor

github-actions bot commented Aug 8, 2023

Show Plan 

[command]/home/runner/work/_temp/2ca879d8-f680-4e6a-81a5-23c848f5d521/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"
        name                               = "prod_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:14" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:14" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "prod_keyserver" -> (known after apply)
      ~ revision                 = 14 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.o11y.grafana_dashboard.main will be updated in-place
  ~ resource "grafana_dashboard" "main" {
      ~ config_json  = jsonencode(
          ~ {
              ~ panels        = [
                    # (4 unchanged elements hidden)
                    {
                        content     = "# DocumentDB"
                        datasource  = null
                        gridPos     = {
                            h = 4
                            w = 24
                            x = 0
                            y = 16
                        }
                        mode        = "markdown"
                        title       = ""
                        transparent = true
                        type        = "text"
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (10 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (11 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (10 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (12 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                ]
                tags          = []
                # (19 unchanged attributes hidden)
            }
        )
        id           = "prod-keyserver"
        # (7 unchanged attributes hidden)
    }

Plan: 1 to add, 3 to change, 1 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  ~ update in-place%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"%0A        name                               = "prod_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:14" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:14" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "prod_keyserver" -> (known after apply)%0A      ~ revision                 = 14 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.o11y.grafana_dashboard.main will be updated in-place%0A  ~ resource "grafana_dashboard" "main" {%0A      ~ config_json  = jsonencode(%0A          ~ {%0A              ~ panels        = [%0A                    # (4 unchanged elements hidden)%0A                    {%0A                        content     = "# DocumentDB"%0A                        datasource  = null%0A                        gridPos     = {%0A                            h = 4%0A                            w = 24%0A                            x = 0%0A                            y = 16%0A                        }%0A                        mode        = "markdown"%0A                        title       = ""%0A                        transparent = true%0A                        type        = "text"%0A                    },%0A                  ~ {%0A                      ~ targets       = [%0A                          ~ {%0A                              ~ dimensions       = {%0A                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"%0A                                }%0A                                # (13 unchanged attributes hidden)%0A                            },%0A                          ~ {%0A                              ~ dimensions       = {%0A                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"%0A                                }%0A                                # (13 unchanged attributes hidden)%0A                            },%0A                        ]%0A                        # (10 unchanged attributes hidden)%0A                    },%0A                  ~ {%0A                      ~ targets       = [%0A                          ~ {%0A                              ~ dimensions       = {%0A                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"%0A                                }%0A                                # (13 unchanged attributes hidden)%0A                            },%0A                          ~ {%0A                              ~ dimensions       = {%0A                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"%0A                                }%0A                                # (13 unchanged attributes hidden)%0A                            },%0A                        ]%0A                        # (11 unchanged attributes hidden)%0A                    },%0A                  ~ {%0A                      ~ targets       = [%0A                          ~ {%0A                              ~ dimensions       = {%0A                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"%0A                                }%0A                                # (13 unchanged attributes hidden)%0A                            },%0A                        ]%0A                        # (9 unchanged attributes hidden)%0A                    },%0A                  ~ {%0A                      ~ targets       = [%0A                          ~ {%0A                              ~ dimensions       = {%0A                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"%0A                                }%0A                                # (13 unchanged attributes hidden)%0A                            },%0A                        ]%0A                        # (10 unchanged attributes hidden)%0A                    },%0A                  ~ {%0A                      ~ targets       = [%0A                          ~ {%0A                              ~ dimensions       = {%0A                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"%0A                                }%0A                                # (12 unchanged attributes hidden)%0A                            },%0A                        ]%0A                        # (9 unchanged attributes hidden)%0A                    },%0A                  ~ {%0A                      ~ targets       = [%0A                          ~ {%0A                              ~ dimensions       = {%0A                                  ~ DBClusterIdentifier = "prod-keyserver-keystore-docdb-primary-cluster" -> "module.keystore_docdb.cluster_id"%0A                                }%0A                                # (13 unchanged attributes hidden)%0A                            },%0A                        ]%0A                        # (9 unchanged attributes hidden)%0A                    },%0A                ]%0A                tags          = []%0A                # (19 unchanged attributes hidden)%0A            }%0A        )%0A        id           = "prod-keyserver"%0A        # (7 unchanged attributes hidden)%0A    }%0A%0APlan: 1 to add, 3 to change, 1 to destroy.%0A
::debug::stderr: 
::debug::exitcode: 0

Action: pull_request

@xav xav changed the title fix: use new VPC in docdb, don't remove old networking resources fix: use new VPC in docdb Aug 8, 2023
@xav xav temporarily deployed to infra/prod August 8, 2023 19:39 — with GitHub Actions Inactive
@xav xav requested a review from Elyniss August 8, 2023 19:41
@xav xav temporarily deployed to infra/staging August 9, 2023 07:08 — with GitHub Actions Inactive
@xav xav temporarily deployed to infra/prod August 9, 2023 07:08 — with GitHub Actions Inactive
@github-actions
Copy link
Contributor

github-actions bot commented Aug 9, 2023

Show Plan 

[command]/home/runner/work/_temp/b7f80a09-670e-4eef-9972-d45a3d4353d4/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"
        name                               = "staging_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "staging_keyserver" -> (known after apply)
      ~ revision                 = 61 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.keystore.aws_docdb_cluster.docdb will be created
  + resource "aws_docdb_cluster" "docdb" {
      + apply_immediately               = (known after apply)
      + arn                             = (known after apply)
      + availability_zones              = (known after apply)
      + backup_retention_period         = 1
      + cluster_identifier              = "prod-keyserver-keystore-primary-cluster"
      + cluster_identifier_prefix       = (known after apply)
      + cluster_members                 = (known after apply)
      + cluster_resource_id             = (known after apply)
      + db_cluster_parameter_group_name = (known after apply)
      + db_subnet_group_name            = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + deletion_protection             = true
      + enabled_cloudwatch_logs_exports = [
          + "audit",
        ]
      + endpoint                        = (known after apply)
      + engine                          = "docdb"
      + engine_version                  = (known after apply)
      + hosted_zone_id                  = (known after apply)
      + id                              = (known after apply)
      + kms_key_id                      = "arn:aws:kms:eu-central-1:898587786287:key/8807d3bb-5005-48c3-bc18-fe5c1a8a7279"
      + master_password                 = (sensitive value)
      + master_username                 = "keyserver"
      + port                            = 27017
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = (known after apply)
      + reader_endpoint                 = (known after apply)
      + skip_final_snapshot             = true
      + storage_encrypted               = true
      + tags_all                        = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_security_group_ids          = (known after apply)
    }

  # module.keystore.aws_docdb_cluster_instance.docdb_instances[0] will be created
  + resource "aws_docdb_cluster_instance" "docdb_instances" {
      + apply_immediately            = (known after apply)
      + arn                          = (known after apply)
      + auto_minor_version_upgrade   = true
      + availability_zone            = (known after apply)
      + ca_cert_identifier           = (known after apply)
      + cluster_identifier           = (known after apply)
      + db_subnet_group_name         = (known after apply)
      + dbi_resource_id              = (known after apply)
      + endpoint                     = (known after apply)
      + engine                       = "docdb"
      + engine_version               = (known after apply)
      + id                           = (known after apply)
      + identifier                   = "staging-keyserver-keystore-docdb-primary-instance-0"
      + identifier_prefix            = (known after apply)
      + instance_class               = "db.r6g.large"
      + kms_key_id                   = (known after apply)
      + port                         = (known after apply)
      + preferred_backup_window      = (known after apply)
      + preferred_maintenance_window = (known after apply)
      + promotion_tier               = 0
      + publicly_accessible          = (known after apply)
      + storage_encrypted            = (known after apply)
      + tags_all                     = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + writer                       = (known after apply)
    }

  # module.keystore.aws_docdb_subnet_group.private_subnets will be created
  + resource "aws_docdb_subnet_group" "private_subnets" {
      + arn         = (known after apply)
      + description = "Managed by Terraform"
      + id          = (known after apply)
      + name        = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"
      + name_prefix = (known after apply)
      + subnet_ids  = [
          + "subnet-0851c91f1a82ece18",
          + "subnet-0f59998ee3eeb6b29",
          + "subnet-0fe665bde6c07d332",
        ]
      + tags_all    = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.keystore.aws_secretsmanager_secret.master_password will be created
  + resource "aws_secretsmanager_secret" "master_password" {
      + arn                            = (known after apply)
      + force_overwrite_replica_secret = false
      + id                             = (known after apply)
      + name                           = "staging-keyserver-keystore-docdb-master-password"
      + name_prefix                    = (known after apply)
      + policy                         = (known after apply)
      + recovery_window_in_days        = 30
      + rotation_enabled               = (known after apply)
      + rotation_lambda_arn            = (known after apply)
      + tags_all                       = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
    }

  # module.keystore.aws_secretsmanager_secret_version.master_password will be created
  + resource "aws_secretsmanager_secret_version" "master_password" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # module.keystore.aws_security_group.service_security_group will be created
  + resource "aws_security_group" "service_security_group" {
      + arn                    = (known after apply)
      + description            = "Allow ingress from the application"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow outbound traffic from the DocDB cluster"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "10.0.0.0/16",
                ]
              + description      = "Allow inbound traffic to the DocDB cluster"
              + from_port        = 27017
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 27017
            },
        ]
      + name                   = "staging-keyserver-keystore-docdb"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "Application"      = "keyserver"
          + "Env"              = "staging"
          + "EnvironmentGroup" = "walletconnect"
          + "Name"             = "keyserver"
          + "ProvisionedBy"    = "Terraform"
        }
      + vpc_id                 = "vpc-08d4ffa8940e11aa5"
    }

  # module.keystore.random_password.master_password will be created
  + resource "random_password" "master_password" {
      + bcrypt_hash = (sensitive value)
      + id          = (known after apply)
      + length      = 16
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (sensitive value)
      + special     = false
      + upper       = true
    }

  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be destroyed
  # (because aws_docdb_cluster.docdb_primary is not in configuration)
  - resource "aws_docdb_cluster" "docdb_primary" {
      - arn                             = "arn:aws:rds:eu-central-1:898587786287:cluster:staging-keyserver-keystore-docdb-primary-cluster" -> null
      - availability_zones              = [
          - "eu-central-1a",
          - "eu-central-1b",
          - "eu-central-1c",
        ] -> null
      - backup_retention_period         = 1 -> null
      - cluster_identifier              = "staging-keyserver-keystore-docdb-primary-cluster" -> null
      - cluster_members                 = [
          - "staging-keyserver-keystore-docdb-primary-instance-0",
        ] -> null
      - cluster_resource_id             = "cluster-IHQNJWC63NKRELS7LEYFYOE5KE" -> null
      - db_cluster_parameter_group_name = "default.docdb5.0" -> null
      - db_subnet_group_name            = "staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - deletion_protection             = false -> null
      - enabled_cloudwatch_logs_exports = [
          - "audit",
        ] -> null
      - endpoint                        = "staging-keyserver-keystore-docdb-primary-cluster.cluster-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null
      - engine                          = "docdb" -> null
      - engine_version                  = "5.0.0" -> null
      - hosted_zone_id                  = "Z1ZKU8ZZR6T7FW" -> null
      - id                              = "staging-keyserver-keystore-docdb-primary-cluster" -> null
      - kms_key_id                      = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - master_password                 = (sensitive value) -> null
      - master_username                 = "keyserver" -> null
      - port                            = 27017 -> null
      - preferred_backup_window         = "22:12-22:42" -> null
      - preferred_maintenance_window    = "sat:21:17-sat:21:47" -> null
      - reader_endpoint                 = "staging-keyserver-keystore-docdb-primary-cluster.cluster-ro-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null
      - skip_final_snapshot             = true -> null
      - storage_encrypted               = true -> null
      - tags                            = {} -> null
      - tags_all                        = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - vpc_security_group_ids          = [
          - "sg-01de29cd9149d5d29",
        ] -> null
    }

  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_instances[0] will be destroyed
  # (because aws_docdb_cluster_instance.docdb_instances is not in configuration)
  - resource "aws_docdb_cluster_instance" "docdb_instances" {
      - arn                          = "arn:aws:rds:eu-central-1:898587786287:db:staging-keyserver-keystore-docdb-primary-instance-0" -> null
      - auto_minor_version_upgrade   = true -> null
      - availability_zone            = "eu-central-1c" -> null
      - ca_cert_identifier           = "rds-ca-2019" -> null
      - cluster_identifier           = "staging-keyserver-keystore-docdb-primary-cluster" -> null
      - db_subnet_group_name         = "staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - dbi_resource_id              = "db-GF34S7DWNQQBQUS4WCMKJKNQSA" -> null
      - endpoint                     = "staging-keyserver-keystore-docdb-primary-instance-0.cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null
      - engine                       = "docdb" -> null
      - engine_version               = "5.0.0" -> null
      - id                           = "staging-keyserver-keystore-docdb-primary-instance-0" -> null
      - identifier                   = "staging-keyserver-keystore-docdb-primary-instance-0" -> null
      - instance_class               = "db.r6g.large" -> null
      - kms_key_id                   = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - port                         = 27017 -> null
      - preferred_backup_window      = "22:12-22:42" -> null
      - preferred_maintenance_window = "fri:02:49-fri:03:19" -> null
      - promotion_tier               = 0 -> null
      - publicly_accessible          = false -> null
      - storage_encrypted            = true -> null
      - tags                         = {} -> null
      - tags_all                     = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - writer                       = true -> null
    }

  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be destroyed
  # (because aws_docdb_subnet_group.private_subnets is not in configuration)
  - resource "aws_docdb_subnet_group" "private_subnets" {
      - arn         = "arn:aws:rds:eu-central-1:898587786287:subgrp:staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - description = "Managed by Terraform" -> null
      - id          = "staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - name        = "staging-keyserver-keystore-docdb-private-subnet-group" -> null
      - subnet_ids  = [
          - "subnet-0851c91f1a82ece18",
          - "subnet-0f59998ee3eeb6b29",
          - "subnet-0fe665bde6c07d332",
        ] -> null
      - tags        = {} -> null
      - tags_all    = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.aws_kms_key.docdb_encryption will be destroyed
  # (because aws_kms_key.docdb_encryption is not in configuration)
  - resource "aws_kms_key" "docdb_encryption" {
      - arn                                = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - bypass_policy_lockout_safety_check = false -> null
      - customer_master_key_spec           = "SYMMETRIC_DEFAULT" -> null
      - enable_key_rotation                = true -> null
      - id                                 = "49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - is_enabled                         = true -> null
      - key_id                             = "49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null
      - key_usage                          = "ENCRYPT_DECRYPT" -> null
      - multi_region                       = false -> null
      - policy                             = jsonencode(
            {
              - Id        = "key-default-1"
              - Statement = [
                  - {
                      - Action    = "kms:*"
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::898587786287:root"
                        }
                      - Resource  = "*"
                      - Sid       = "Enable IAM User Permissions"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - tags                               = {} -> null
      - tags_all                           = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.aws_secretsmanager_secret.master_password will be destroyed
  # (because aws_secretsmanager_secret.master_password is not in configuration)
  - resource "aws_secretsmanager_secret" "master_password" {
      - arn                            = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null
      - force_overwrite_replica_secret = false -> null
      - id                             = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null
      - name                           = "staging-keyserver-keystore-docdb-master-password" -> null
      - recovery_window_in_days        = 30 -> null
      - rotation_enabled               = false -> null
      - tags                           = {} -> null
      - tags_all                       = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.aws_secretsmanager_secret_version.master_password will be destroyed
  # (because aws_secretsmanager_secret_version.master_password is not in configuration)
  - resource "aws_secretsmanager_secret_version" "master_password" {
      - arn            = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null
      - id             = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj|C675B0DF-31BB-43CE-AD7A-E7C161999EAB" -> null
      - secret_id      = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null
      - secret_string  = (sensitive value) -> null
      - version_id     = "C675B0DF-31BB-43CE-AD7A-E7C161999EAB" -> null
      - version_stages = [
          - "AWSCURRENT",
        ] -> null
    }

  # module.keystore_docdb.aws_security_group.service_security_group will be destroyed
  # (because aws_security_group.service_security_group is not in configuration)
  - resource "aws_security_group" "service_security_group" {
      - arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> null
      - description            = "Allow ingress from the application" -> null
      - egress                 = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow outbound traffic from the DocDB cluster"
              - from_port        = 0
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "-1"
              - security_groups  = []
              - self             = false
              - to_port          = 0
            },
        ] -> null
      - id                     = "sg-01de29cd9149d5d29" -> null
      - ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.0.0.0/16",
                ]
              - description      = "Allow inbound traffic to the DocDB cluster"
              - from_port        = 27017
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 27017
            },
        ] -> null
      - name                   = "staging-keyserver-keystore-docdb-service" -> null
      - owner_id               = "898587786287" -> null
      - revoke_rules_on_delete = false -> null
      - tags                   = {} -> null
      - tags_all               = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - vpc_id                 = "vpc-08d4ffa8940e11aa5" -> null
    }

  # module.keystore_docdb.random_password.master_password will be destroyed
  # (because random_password.master_password is not in configuration)
  - resource "random_password" "master_password" {
      - bcrypt_hash = (sensitive value) -> null
      - id          = "none" -> null
      - length      = 16 -> null
      - lower       = true -> null
      - min_lower   = 0 -> null
      - min_numeric = 0 -> null
      - min_special = 0 -> null
      - min_upper   = 0 -> null
      - number      = true -> null
      - numeric     = true -> null
      - result      = (sensitive value) -> null
      - special     = false -> null
      - upper       = true -> null
    }

  # module.o11y.grafana_dashboard.main will be updated in-place
  ~ resource "grafana_dashboard" "main" {
      ~ config_json  = jsonencode(
          ~ {
              ~ panels        = [
                    # (4 unchanged elements hidden)
                    {
                        content     = "# DocumentDB"
                        datasource  = null
                        gridPos     = {
                            h = 4
                            w = 24
                            x = 0
                            y = 16
                        }
                        mode        = "markdown"
                        title       = ""
                        transparent = true
                        type        = "text"
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "prod-keyserver-keystore-primary-cluster"
                                }
                                # (13 unchanged attributes hidden)
                            },
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "prod-keyserver-keystore-primary-cluster"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (10 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "prod-keyserver-keystore-primary-cluster"
                                }
                                # (13 unchanged attributes hidden)
                            },
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "prod-keyserver-keystore-primary-cluster"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (11 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "prod-keyserver-keystore-primary-cluster"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "prod-keyserver-keystore-primary-cluster"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (10 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "prod-keyserver-keystore-primary-cluster"
                                }
                                # (12 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                  ~ {
                      ~ targets       = [
                          ~ {
                              ~ dimensions       = {
                                  ~ DBClusterIdentifier = "staging-keyserver-keystore-docdb-primary-cluster" -> "prod-keyserver-keystore-primary-cluster"
                                }
                                # (13 unchanged attributes hidden)
                            },
                        ]
                        # (9 unchanged attributes hidden)
                    },
                ]
                tags          = []
                # (19 unchanged attributes hidden)
            }
        )
        id           = "staging-keyserver"
        # (7 unchanged attributes hidden)
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_log_group.main will be destroyed
  # (because aws_cloudwatch_log_group.main is not in configuration)
  - resource "aws_cloudwatch_log_group" "main" {
      - arn               = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - id                = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - name              = "/aws/lambda/staging-keyserver-docdb-autoscaling" -> null
      - retention_in_days = 7 -> null
      - tags              = {} -> null
      - tags_all          = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_cloudwatch_metric_alarm.main[0] will be destroyed
  # (because aws_cloudwatch_metric_alarm.main is not in configuration)
  - resource "aws_cloudwatch_metric_alarm" "main" {
      - actions_enabled           = true -> null
      - alarm_actions             = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - alarm_name                = "staging-keyserver-docdb-autoscaling-0" -> null
      - arn                       = "arn:aws:cloudwatch:eu-central-1:898587786287:alarm:staging-keyserver-docdb-autoscaling-0" -> null
      - comparison_operator       = "GreaterThanThreshold" -> null
      - datapoints_to_alarm       = 0 -> null
      - dimensions                = {
          - "DBClusterIdentifier" = "staging-keyserver-keystore-docdb-primary-cluster"
        } -> null
      - evaluation_periods        = 1 -> null
      - id                        = "staging-keyserver-docdb-autoscaling-0" -> null
      - insufficient_data_actions = [] -> null
      - metric_name               = "CPUUtilization" -> null
      - namespace                 = "AWS/DocDB" -> null
      - ok_actions                = [
          - "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling",
        ] -> null
      - period                    = 300 -> null
      - statistic                 = "Average" -> null
      - tags                      = {} -> null
      - tags_all                  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - threshold                 = 80 -> null
      - treat_missing_data        = "missing" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_policy.lambda will be destroyed
  # (because aws_iam_policy.lambda is not in configuration)
  - resource "aws_iam_policy" "lambda" {
      - arn       = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - id        = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - name      = "staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - path      = "/" -> null
      - policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "logs:CreateLogStream",
                          - "logs:CreateLogGroup",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*"
                    },
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:eu-central-1:898587786287:log-group:/aws/lambda/staging-keyserver-docdb-autoscaling:*:*"
                    },
                  - {
                      - Action   = [
                          - "rds:DescribeDBInstances",
                          - "rds:DescribeDBClusters",
                          - "rds:CreateDBInstance",
                          - "rds:DeleteDBInstance",
                        ]
                      - Effect   = "Allow"
                      - Resource = [
                          - "arn:aws:rds:eu-central-1:898587786287:*",
                        ]
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id = "ANPA5COABPQXW45SOGJUG" -> null
      - tags      = {} -> null
      - tags_all  = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role.lambda will be destroyed
  # (because aws_iam_role.lambda is not in configuration)
  - resource "aws_iam_role" "lambda" {
      - arn                   = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - assume_role_policy    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "sts:AssumeRole"
                      - Effect    = "Allow"
                      - Principal = {
                          - Service = "lambda.amazonaws.com"
                        }
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - create_date           = "2023-08-07T15:13:40Z" -> null
      - force_detach_policies = false -> null
      - id                    = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - managed_policy_arns   = [
          - "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy",
        ] -> null
      - max_session_duration  = 3600 -> null
      - name                  = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - path                  = "/" -> null
      - tags                  = {} -> null
      - tags_all              = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - unique_id             = "AROA5COABPQXZV7K3BXPB" -> null

      - inline_policy {}
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_iam_role_policy_attachment.lambda will be destroyed
  # (because aws_iam_role_policy_attachment.lambda is not in configuration)
  - resource "aws_iam_role_policy_attachment" "lambda" {
      - id         = "staging-keyserver-docdb-autoscaling-eu-central-1-role-20230807151343820300000001" -> null
      - policy_arn = "arn:aws:iam::898587786287:policy/staging-keyserver-docdb-autoscaling-eu-central-1-policy" -> null
      - role       = "staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_function.main will be destroyed
  # (because aws_lambda_function.main is not in configuration)
  - resource "aws_lambda_function" "main" {
      - architectures                  = [
          - "x86_64",
        ] -> null
      - arn                            = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - filename                       = ".terraform/modules/keystore_docdb.docdb-autoscaling/.files/init.zip" -> null
      - function_name                  = "staging-keyserver-docdb-autoscaling" -> null
      - handler                        = "index.handler" -> null
      - id                             = "staging-keyserver-docdb-autoscaling" -> null
      - invoke_arn                     = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling/invocations" -> null
      - last_modified                  = "2023-08-07T15:20:15.243+0000" -> null
      - layers                         = [] -> null
      - memory_size                    = 128 -> null
      - package_type                   = "Zip" -> null
      - publish                        = false -> null
      - qualified_arn                  = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling:$LATEST" -> null
      - reserved_concurrent_executions = -1 -> null
      - role                           = "arn:aws:iam::898587786287:role/staging-keyserver-docdb-autoscaling-eu-central-1-role" -> null
      - runtime                        = "python3.9" -> null
      - source_code_hash               = "iG52XIKJxJppt5z7sJPoMUh/OAaeKIZP/W0R0T4h3vQ=" -> null
      - source_code_size               = 1933 -> null
      - tags                           = {} -> null
      - tags_all                       = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
      - timeout                        = 3 -> null
      - version                        = "$LATEST" -> null

      - environment {
          - variables = {
              - "cluster_identifier" = "staging-keyserver-keystore-docdb-primary-cluster"
              - "max_capacity"       = "6"
              - "min_capacity"       = "0"
            } -> null
        }

      - tracing_config {
          - mode = "PassThrough" -> null
        }
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_lambda_permission.sns will be destroyed
  # (because aws_lambda_permission.sns is not in configuration)
  - resource "aws_lambda_permission" "sns" {
      - action        = "lambda:InvokeFunction" -> null
      - function_name = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - id            = "AllowSubscriptionToSNS" -> null
      - principal     = "sns.amazonaws.com" -> null
      - source_arn    = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - statement_id  = "AllowSubscriptionToSNS" -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic.main will be destroyed
  # (because aws_sns_topic.main is not in configuration)
  - resource "aws_sns_topic" "main" {
      - application_success_feedback_sample_rate = 0 -> null
      - arn                                      = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - content_based_deduplication              = false -> null
      - fifo_topic                               = false -> null
      - firehose_success_feedback_sample_rate    = 0 -> null
      - http_success_feedback_sample_rate        = 0 -> null
      - id                                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
      - lambda_success_feedback_sample_rate      = 0 -> null
      - name                                     = "staging-keyserver-docdb-autoscaling" -> null
      - owner                                    = "898587786287" -> null
      - policy                                   = jsonencode(
            {
              - Id        = "__default_policy_ID"
              - Statement = [
                  - {
                      - Action    = [
                          - "SNS:GetTopicAttributes",
                          - "SNS:SetTopicAttributes",
                          - "SNS:AddPermission",
                          - "SNS:RemovePermission",
                          - "SNS:DeleteTopic",
                          - "SNS:Subscribe",
                          - "SNS:ListSubscriptionsByTopic",
                          - "SNS:Publish",
                        ]
                      - Condition = {
                          - StringEquals = {
                              - "AWS:SourceOwner" = "898587786287"
                            }
                        }
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling"
                      - Sid       = "__default_statement_ID"
                    },
                ]
              - Version   = "2008-10-17"
            }
        ) -> null
      - sqs_success_feedback_sample_rate         = 0 -> null
      - tags                                     = {} -> null
      - tags_all                                 = {
          - "Application"      = "keyserver"
          - "Env"              = "staging"
          - "EnvironmentGroup" = "walletconnect"
          - "Name"             = "keyserver"
          - "ProvisionedBy"    = "Terraform"
        } -> null
    }

  # module.keystore_docdb.module.docdb-autoscaling.aws_sns_topic_subscription.main will be destroyed
  # (because aws_sns_topic_subscription.main is not in configuration)
  - resource "aws_sns_topic_subscription" "main" {
      - arn                             = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - confirmation_timeout_in_minutes = 1 -> null
      - confirmation_was_authenticated  = true -> null
      - endpoint                        = "arn:aws:lambda:eu-central-1:898587786287:function:staging-keyserver-docdb-autoscaling" -> null
      - endpoint_auto_confirms          = false -> null
      - id                              = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling:3f833700-eec4-4009-9d92-4f94f78d53c8" -> null
      - owner_id                        = "898587786287" -> null
      - pending_confirmation            = false -> null
      - protocol                        = "lambda" -> null
      - raw_message_delivery            = false -> null
      - topic_arn                       = "arn:aws:sns:eu-central-1:898587786287:staging-keyserver-docdb-autoscaling" -> null
    }

Plan: 8 to add, 3 to change, 18 to destroy.
::debug::Terraform exited with code 0.
::debug::stdout: %0ATerraform used the selected providers to generate the following execution%0Aplan. Resource actions are indicated with the following symbols:%0A  + create%0A  ~ update in-place%0A  - destroy%0A-/+ destroy and then create replacement%0A%0ATerraform will perform the following actions:%0A%0A  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place%0A  ~ resource "aws_appautoscaling_target" "ecs_target" {%0A        id                 = "service/staging_keyserver_cluster/staging_keyserver-service"%0A      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/staging_keyserver-ecs-scale-application"%0A        # (5 unchanged attributes hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_service.app_service will be updated in-place%0A  ~ resource "aws_ecs_service" "app_service" {%0A        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/staging_keyserver_cluster/staging_keyserver-service"%0A        name                               = "staging_keyserver-service"%0A        tags                               = {}%0A      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:62" -> (known after apply)%0A        # (14 unchanged attributes hidden)%0A%0A        # (4 unchanged blocks hidden)%0A    }%0A%0A  # module.ecs.aws_ecs_task_definition.app_task must be replaced%0A-/+ resource "aws_ecs_task_definition" "app_task" {%0A      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/staging_keyserver:61" -> (known after apply)%0A      ~ container_definitions    = (sensitive value) # forces replacement%0A      ~ id                       = "staging_keyserver" -> (known after apply)%0A      ~ revision                 = 61 -> (known after apply)%0A      - tags                     = {} -> null%0A        # (9 unchanged attributes hidden)%0A%0A        # (1 unchanged block hidden)%0A    }%0A%0A  # module.keystore.aws_docdb_cluster.docdb will be created%0A  + resource "aws_docdb_cluster" "docdb" {%0A      + apply_immediately               = (known after apply)%0A      + arn                             = (known after apply)%0A      + availability_zones              = (known after apply)%0A      + backup_retention_period         = 1%0A      + cluster_identifier              = "prod-keyserver-keystore-primary-cluster"%0A      + cluster_identifier_prefix       = (known after apply)%0A      + cluster_members                 = (known after apply)%0A      + cluster_resource_id             = (known after apply)%0A      + db_cluster_parameter_group_name = (known after apply)%0A      + db_subnet_group_name            = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + deletion_protection             = true%0A      + enabled_cloudwatch_logs_exports = [%0A          + "audit",%0A        ]%0A      + endpoint                        = (known after apply)%0A      + engine                          = "docdb"%0A      + engine_version                  = (known after apply)%0A      + hosted_zone_id                  = (known after apply)%0A      + id                              = (known after apply)%0A      + kms_key_id                      = "arn:aws:kms:eu-central-1:898587786287:key/8807d3bb-5005-48c3-bc18-fe5c1a8a7279"%0A      + master_password                 = (sensitive value)%0A      + master_username                 = "keyserver"%0A      + port                            = 27017%0A      + preferred_backup_window         = (known after apply)%0A      + preferred_maintenance_window    = (known after apply)%0A      + reader_endpoint                 = (known after apply)%0A      + skip_final_snapshot             = true%0A      + storage_encrypted               = true%0A      + tags_all                        = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_security_group_ids          = (known after apply)%0A    }%0A%0A  # module.keystore.aws_docdb_cluster_instance.docdb_instances[0] will be created%0A  + resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      + apply_immediately            = (known after apply)%0A      + arn                          = (known after apply)%0A      + auto_minor_version_upgrade   = true%0A      + availability_zone            = (known after apply)%0A      + ca_cert_identifier           = (known after apply)%0A      + cluster_identifier           = (known after apply)%0A      + db_subnet_group_name         = (known after apply)%0A      + dbi_resource_id              = (known after apply)%0A      + endpoint                     = (known after apply)%0A      + engine                       = "docdb"%0A      + engine_version               = (known after apply)%0A      + id                           = (known after apply)%0A      + identifier                   = "staging-keyserver-keystore-docdb-primary-instance-0"%0A      + identifier_prefix            = (known after apply)%0A      + instance_class               = "db.r6g.large"%0A      + kms_key_id                   = (known after apply)%0A      + port                         = (known after apply)%0A      + preferred_backup_window      = (known after apply)%0A      + preferred_maintenance_window = (known after apply)%0A      + promotion_tier               = 0%0A      + publicly_accessible          = (known after apply)%0A      + storage_encrypted            = (known after apply)%0A      + tags_all                     = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + writer                       = (known after apply)%0A    }%0A%0A  # module.keystore.aws_docdb_subnet_group.private_subnets will be created%0A  + resource "aws_docdb_subnet_group" "private_subnets" {%0A      + arn         = (known after apply)%0A      + description = "Managed by Terraform"%0A      + id          = (known after apply)%0A      + name        = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"%0A      + name_prefix = (known after apply)%0A      + subnet_ids  = [%0A          + "subnet-0851c91f1a82ece18",%0A          + "subnet-0f59998ee3eeb6b29",%0A          + "subnet-0fe665bde6c07d332",%0A        ]%0A      + tags_all    = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.keystore.aws_secretsmanager_secret.master_password will be created%0A  + resource "aws_secretsmanager_secret" "master_password" {%0A      + arn                            = (known after apply)%0A      + force_overwrite_replica_secret = false%0A      + id                             = (known after apply)%0A      + name                           = "staging-keyserver-keystore-docdb-master-password"%0A      + name_prefix                    = (known after apply)%0A      + policy                         = (known after apply)%0A      + recovery_window_in_days        = 30%0A      + rotation_enabled               = (known after apply)%0A      + rotation_lambda_arn            = (known after apply)%0A      + tags_all                       = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A    }%0A%0A  # module.keystore.aws_secretsmanager_secret_version.master_password will be created%0A  + resource "aws_secretsmanager_secret_version" "master_password" {%0A      + arn            = (known after apply)%0A      + id             = (known after apply)%0A      + secret_id      = (known after apply)%0A      + secret_string  = (sensitive value)%0A      + version_id     = (known after apply)%0A      + version_stages = (known after apply)%0A    }%0A%0A  # module.keystore.aws_security_group.service_security_group will be created%0A  + resource "aws_security_group" "service_security_group" {%0A      + arn                    = (known after apply)%0A      + description            = "Allow ingress from the application"%0A      + egress                 = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow outbound traffic from the DocDB cluster"%0A              + from_port        = 0%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "-1"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 0%0A            },%0A        ]%0A      + id                     = (known after apply)%0A      + ingress                = [%0A          + {%0A              + cidr_blocks      = [%0A                  + "10.0.0.0/16",%0A                ]%0A              + description      = "Allow inbound traffic to the DocDB cluster"%0A              + from_port        = 27017%0A              + ipv6_cidr_blocks = []%0A              + prefix_list_ids  = []%0A              + protocol         = "tcp"%0A              + security_groups  = []%0A              + self             = false%0A              + to_port          = 27017%0A            },%0A        ]%0A      + name                   = "staging-keyserver-keystore-docdb"%0A      + name_prefix            = (known after apply)%0A      + owner_id               = (known after apply)%0A      + revoke_rules_on_delete = false%0A      + tags_all               = {%0A          + "Application"      = "keyserver"%0A          + "Env"              = "staging"%0A          + "EnvironmentGroup" = "walletconnect"%0A          + "Name"             = "keyserver"%0A          + "ProvisionedBy"    = "Terraform"%0A        }%0A      + vpc_id                 = "vpc-08d4ffa8940e11aa5"%0A    }%0A%0A  # module.keystore.random_password.master_password will be created%0A  + resource "random_password" "master_password" {%0A      + bcrypt_hash = (sensitive value)%0A      + id          = (known after apply)%0A      + length      = 16%0A      + lower       = true%0A      + min_lower   = 0%0A      + min_numeric = 0%0A      + min_special = 0%0A      + min_upper   = 0%0A      + number      = true%0A      + numeric     = true%0A      + result      = (sensitive value)%0A      + special     = false%0A      + upper       = true%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster.docdb_primary will be destroyed%0A  # (because aws_docdb_cluster.docdb_primary is not in configuration)%0A  - resource "aws_docdb_cluster" "docdb_primary" {%0A      - arn                             = "arn:aws:rds:eu-central-1:898587786287:cluster:staging-keyserver-keystore-docdb-primary-cluster" -> null%0A      - availability_zones              = [%0A          - "eu-central-1a",%0A          - "eu-central-1b",%0A          - "eu-central-1c",%0A        ] -> null%0A      - backup_retention_period         = 1 -> null%0A      - cluster_identifier              = "staging-keyserver-keystore-docdb-primary-cluster" -> null%0A      - cluster_members                 = [%0A          - "staging-keyserver-keystore-docdb-primary-instance-0",%0A        ] -> null%0A      - cluster_resource_id             = "cluster-IHQNJWC63NKRELS7LEYFYOE5KE" -> null%0A      - db_cluster_parameter_group_name = "default.docdb5.0" -> null%0A      - db_subnet_group_name            = "staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - deletion_protection             = false -> null%0A      - enabled_cloudwatch_logs_exports = [%0A          - "audit",%0A        ] -> null%0A      - endpoint                        = "staging-keyserver-keystore-docdb-primary-cluster.cluster-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null%0A      - engine                          = "docdb" -> null%0A      - engine_version                  = "5.0.0" -> null%0A      - hosted_zone_id                  = "Z1ZKU8ZZR6T7FW" -> null%0A      - id                              = "staging-keyserver-keystore-docdb-primary-cluster" -> null%0A      - kms_key_id                      = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - master_password                 = (sensitive value) -> null%0A      - master_username                 = "keyserver" -> null%0A      - port                            = 27017 -> null%0A      - preferred_backup_window         = "22:12-22:42" -> null%0A      - preferred_maintenance_window    = "sat:21:17-sat:21:47" -> null%0A      - reader_endpoint                 = "staging-keyserver-keystore-docdb-primary-cluster.cluster-ro-cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null%0A      - skip_final_snapshot             = true -> null%0A      - storage_encrypted               = true -> null%0A      - tags                            = {} -> null%0A      - tags_all                        = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - vpc_security_group_ids          = [%0A          - "sg-01de29cd9149d5d29",%0A        ] -> null%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_cluster_instance.docdb_instances[0] will be destroyed%0A  # (because aws_docdb_cluster_instance.docdb_instances is not in configuration)%0A  - resource "aws_docdb_cluster_instance" "docdb_instances" {%0A      - arn                          = "arn:aws:rds:eu-central-1:898587786287:db:staging-keyserver-keystore-docdb-primary-instance-0" -> null%0A      - auto_minor_version_upgrade   = true -> null%0A      - availability_zone            = "eu-central-1c" -> null%0A      - ca_cert_identifier           = "rds-ca-2019" -> null%0A      - cluster_identifier           = "staging-keyserver-keystore-docdb-primary-cluster" -> null%0A      - db_subnet_group_name         = "staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - dbi_resource_id              = "db-GF34S7DWNQQBQUS4WCMKJKNQSA" -> null%0A      - endpoint                     = "staging-keyserver-keystore-docdb-primary-instance-0.cnkvjbadm57i.eu-central-1.docdb.amazonaws.com" -> null%0A      - engine                       = "docdb" -> null%0A      - engine_version               = "5.0.0" -> null%0A      - id                           = "staging-keyserver-keystore-docdb-primary-instance-0" -> null%0A      - identifier                   = "staging-keyserver-keystore-docdb-primary-instance-0" -> null%0A      - instance_class               = "db.r6g.large" -> null%0A      - kms_key_id                   = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - port                         = 27017 -> null%0A      - preferred_backup_window      = "22:12-22:42" -> null%0A      - preferred_maintenance_window = "fri:02:49-fri:03:19" -> null%0A      - promotion_tier               = 0 -> null%0A      - publicly_accessible          = false -> null%0A      - storage_encrypted            = true -> null%0A      - tags                         = {} -> null%0A      - tags_all                     = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A      - writer                       = true -> null%0A    }%0A%0A  # module.keystore_docdb.aws_docdb_subnet_group.private_subnets will be destroyed%0A  # (because aws_docdb_subnet_group.private_subnets is not in configuration)%0A  - resource "aws_docdb_subnet_group" "private_subnets" {%0A      - arn         = "arn:aws:rds:eu-central-1:898587786287:subgrp:staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - description = "Managed by Terraform" -> null%0A      - id          = "staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - name        = "staging-keyserver-keystore-docdb-private-subnet-group" -> null%0A      - subnet_ids  = [%0A          - "subnet-0851c91f1a82ece18",%0A          - "subnet-0f59998ee3eeb6b29",%0A          - "subnet-0fe665bde6c07d332",%0A        ] -> null%0A      - tags        = {} -> null%0A      - tags_all    = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.aws_kms_key.docdb_encryption will be destroyed%0A  # (because aws_kms_key.docdb_encryption is not in configuration)%0A  - resource "aws_kms_key" "docdb_encryption" {%0A      - arn                                = "arn:aws:kms:eu-central-1:898587786287:key/49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - bypass_policy_lockout_safety_check = false -> null%0A      - customer_master_key_spec           = "SYMMETRIC_DEFAULT" -> null%0A      - enable_key_rotation                = true -> null%0A      - id                                 = "49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - is_enabled                         = true -> null%0A      - key_id                             = "49f8d68a-cc29-477d-bdf4-7a9c3597566e" -> null%0A      - key_usage                          = "ENCRYPT_DECRYPT" -> null%0A      - multi_region                       = false -> null%0A      - policy                             = jsonencode(%0A            {%0A              - Id        = "key-default-1"%0A              - Statement = [%0A                  - {%0A                      - Action    = "kms:*"%0A                      - Effect    = "Allow"%0A                      - Principal = {%0A                          - AWS = "arn:aws:iam::898587786287:root"%0A                        }%0A                      - Resource  = "*"%0A                      - Sid       = "Enable IAM User Permissions"%0A                    },%0A                ]%0A              - Version   = "2012-10-17"%0A            }%0A        ) -> null%0A      - tags                               = {} -> null%0A      - tags_all                           = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.aws_secretsmanager_secret.master_password will be destroyed%0A  # (because aws_secretsmanager_secret.master_password is not in configuration)%0A  - resource "aws_secretsmanager_secret" "master_password" {%0A      - arn                            = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null%0A      - force_overwrite_replica_secret = false -> null%0A      - id                             = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null%0A      - name                           = "staging-keyserver-keystore-docdb-master-password" -> null%0A      - recovery_window_in_days        = 30 -> null%0A      - rotation_enabled               = false -> null%0A      - tags                           = {} -> null%0A      - tags_all                       = {%0A          - "Application"      = "keyserver"%0A          - "Env"              = "staging"%0A          - "EnvironmentGroup" = "walletconnect"%0A          - "Name"             = "keyserver"%0A          - "ProvisionedBy"    = "Terraform"%0A        } -> null%0A    }%0A%0A  # module.keystore_docdb.aws_secretsmanager_secret_version.master_password will be destroyed%0A  # (because aws_secretsmanager_secret_version.master_password is not in configuration)%0A  - resource "aws_secretsmanager_secret_version" "master_password" {%0A      - arn            = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null%0A      - id             = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj|C675B0DF-31BB-43CE-AD7A-E7C161999EAB" -> null%0A      - secret_id      = "arn:aws:secretsmanager:eu-central-1:898587786287:secret:staging-keyserver-keystore-docdb-master-password-T0pBKj" -> null%0A      - secret_string  = (sensitive value) -> null%0A      - version_id     = "C675B0DF-31BB-43CE-AD7A-E7C161999EAB" -> null%0A      - version_stages = [%0A          - "AWSCURRENT",%0A        ] -> null%0A    }%0A%0A  # module.keystore_docdb.aws_security_group.service_security_group will be destroyed%0A  # (because aws_security_group.service_security_group is not in configuration)%0A  - resource "aws_security_group" "service_security_group" {%0A      - arn                    = "arn:aws:ec2:eu-central-1:898587786287:security-group/sg-01de29cd9149d5d29" -> null%0A      - description            = "Allow ingress from the application" -> null%0A      - egress                 = [%0A          - {%0A              - cidr_blocks      = [%0A                  - "10.0.0.0/16",%0A                ]%0A              - description      = "Allow outbound traffic from the DocDB cluster"%0A              - from_port        = 0%0A              - ipv6_cidr_blocks = []%0A              - prefix_list_ids  = []%0A              - protocol         = "-1"%0A              - security_groups  = []%0A              - self             = false%0A              - to_port          = 0%0A            },%0A        ] -> null%0A      - id                     = "sg-01de29cd9149d5d29" -> null%0A      - ingress             
...

Action: pull_request

@github-actions
Copy link
Contributor

github-actions bot commented Aug 9, 2023

Show Plan 

[command]/home/runner/work/_temp/07e3e3d0-2ae3-42c7-9079-30ecd46fff59/terraform-bin -chdir=terraform show -no-color /tmp/plan.tfplan

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # module.ecs.aws_appautoscaling_target.ecs_target will be updated in-place
  ~ resource "aws_appautoscaling_target" "ecs_target" {
        id                 = "service/prod_keyserver_cluster/prod_keyserver-service"
      ~ role_arn           = "arn:aws:iam::898587786287:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService" -> "arn:aws:iam::898587786287:role/prod_keyserver-ecs-scale-application"
        # (5 unchanged attributes hidden)
    }

  # module.ecs.aws_ecs_service.app_service will be updated in-place
  ~ resource "aws_ecs_service" "app_service" {
        id                                 = "arn:aws:ecs:eu-central-1:898587786287:service/prod_keyserver_cluster/prod_keyserver-service"
        name                               = "prod_keyserver-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:14" -> (known after apply)
        # (14 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ecs.aws_ecs_task_definition.app_task must be replaced
-/+ resource "aws_ecs_task_definition" "app_task" {
      ~ arn                      = "arn:aws:ecs:eu-central-1:898587786287:task-definition/prod_keyserver:14" -> (known after apply)
      ~ container_definitions    = (sensitive value) # forces replacement
      ~ id                       = "prod_keyserver" -> (known after apply)
      ~ revision                 = 14 -> (known after apply)
      - tags                     = {} -> null
        # (9 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.keystore.aws_docdb_subnet_group.private_subnets will be updated in-place
  ~ resource "aws_docdb_subnet_group" "private_subnets" {
      ~ description = "DONT REMOVE, Used by Keyserver but renaming is not permitted" -> "Managed by Terraform"
        id          = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"
        name        = "prod-keyserver-remove-me-keystore-docdb-private-subnet-group"
        tags        = {}
        # (3 unchanged attributes hidden)
    }

  # module.o11y.data.jsonnet_file.dashboard will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "jsonnet_file" "dashboard" {
      + ext_str  = {
          + "cloudwatch_uid"   = "P2kGF7Q4k"
          + "dashboard_title"  = "prod - keyserver"
          + "dashboard_uid"    = "prod-keyserver"
          + "docdb_cluster_id" = "prod-keyserver-keystore-primary-cluster"
          + "ecs_service_name" = "prod_keyserver-service"
          + "environment"      = "prod"
          + "load_balancer"    = "net/prod-keyserver-lb-3ca/c9637dd8df9a5dfa"
          + "notifications"    = jsonencode(
                [
                  + {
                      + uid = "NNOynGwVz"
                    },
                ]
            )
          + "prometheus_uid"   = "3EqgoK64k"
          + "target_group"     = "arn:aws:elasticloadbalancing:eu-central-1:898587786287:targetgroup/prod-keyserver-d76/d64fcec4fa27098d"
        }
      + id       = (known after apply)
      + rendered = (known after apply)
      + source   = "monitoring/dashboard.jsonnet"
    }

  # module.o11y.grafana_dashboard.main will be updated in-place
  ~ resource "grafana_dashboard" "main" {
      ~ config_json  = jsonencode(
            {
              - __inputs      = []
              - __requires    = []
              - annotations   = {
                  - list = [
                      - {
                          - builtIn    = 1
                          - datasource = "-- Grafana --"
                          - enable     = true
                          - hide       = true
                          - iconColor  = "rgba(0, 211, 255, 1)"
                          - name       = "Annotations & Alerts"
                          - showIn     = 0
                          - target     = {
                              - limit    = 100
                              - matchAny = false
                              - tags     = []
                              - type     = "dashboard"
                            }
                          - type       = "dashboard"
                        },
                    ]
                }
              - editable      = true
              - gnetId        = null
              - graphTooltip  = 1
              - hideControls  = false
              - links         = []
              - liveNow       = false
              - panels        = [
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "CPU_Avg",
                                          - "25m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "max"
                                    }
                                  - type      = "query"
                                },
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "Mem_Avg",
                                          - "25m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "max"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "25m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver App CPU/Memory"
                          - name                = "prod Keyserver App CPU/Memory alert"
                          - noDataState         = "alerting"
                          - notifications       = []
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 30
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 50
                                        },
                                    ]
                                }
                              - unit       = "percent"
                            }
                          - overrides = [
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                            ]
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 0
                          - y = 0
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "CPU (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "CPU (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                          - {
                              - alias            = "Memory (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "MemoryUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "Mem_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "Memory (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - ServiceName = "prod_keyserver-service"
                                }
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "MemoryUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/ECS"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "Mem_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "App CPU/Memory"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 5
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 12
                          - y = 0
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "Hosts Count"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {}
                              - expression       = ""
                              - matchExact       = false
                              - metricEditorMode = 0
                              - metricName       = "HealthyHostCount"
                              - metricQueryType  = 1
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - sql              = {
                                  - from   = {
                                      - property = {
                                          - name = "AWS/NetworkELB"
                                          - type = "string"
                                        }
                                      - type     = "property"
                                    }
                                  - select = {
                                      - name       = "MAX"
                                      - parameters = [
                                          - {
                                              - name = "HealthyHostCount"
                                              - type = "functionParameter"
                                            },
                                        ]
                                      - type       = "function"
                                    }
                                  - where  = {
                                      - expressions = [
                                          - {
                                              - operator = {
                                                  - name  = "="
                                                  - value = "net/prod-keyserver-lb-3ca/c9637dd8df9a5dfa"
                                                }
                                              - property = {
                                                  - name = "LoadBalancer"
                                                  - type = "string"
                                                }
                                              - type     = "operator"
                                            },
                                        ]
                                      - type        = "and"
                                    }
                                }
                              - sqlExpression    = "SELECT MAX(HealthyHostCount) FROM \"AWS/NetworkELB\" WHERE LoadBalancer = 'net/prod-keyserver-lb-3ca/c9637dd8df9a5dfa'"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "Healthy Hosts"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 100
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 0
                          - y = 8
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "LB-0"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - LoadBalancer = "net/prod-keyserver-lb-3ca/c9637dd8df9a5dfa"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "ActiveFlowCount_TLS"
                              - metricQueryType  = 0
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                        ]
                      - title         = "Active NLB Flows"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = "When the NLB has connection failures to the targets then these jump. We for instance had this when we had a too low file descriptor limit."
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 250
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 80
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 12
                          - x = 12
                          - y = 8
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "LB-0"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - LoadBalancer = "net/prod-keyserver-lb-3ca/c9637dd8df9a5dfa"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "TCP_Target_Reset_Count"
                              - metricQueryType  = 0
                              - namespace        = "AWS/NetworkELB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - statistic        = "Sum"
                            },
                        ]
                      - title         = "NLB Target Resets"
                      - type          = "timeseries"
                    },
                  - {
                      - content     = "# DocumentDB"
                      - datasource  = null
                      - gridPos     = {
                          - h = 4
                          - w = 24
                          - x = 0
                          - y = 16
                        }
                      - mode        = "markdown"
                      - title       = ""
                      - transparent = true
                      - type        = "text"
                    },
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 50,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "or"
                                    }
                                  - query     = {
                                      - params = [
                                          - "CPU_Max",
                                          - "5m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "avg"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "5m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver DocumentDB CPU alert"
                          - name                = "prod Keyserver DocumentDB CPU alert"
                          - noDataState         = "alerting"
                          - notifications       = [
                              - {
                                  - uid = "NNOynGwVz"
                                },
                            ]
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 30
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 50
                                        },
                                    ]
                                }
                              - unit       = "percent"
                            }
                          - overrides = [
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "CPU_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "blue"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                            ]
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 8
                          - x = 0
                          - y = 20
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "CPU (Max)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - DBClusterIdentifier = "module.keystore_docdb.cluster_id"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/DocDB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Max"
                              - region           = "default"
                              - statistic        = "Maximum"
                            },
                          - {
                              - alias            = "CPU (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - DBClusterIdentifier = "module.keystore_docdb.cluster_id"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "CPUUtilization"
                              - metricQueryType  = 0
                              - namespace        = "AWS/DocDB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "CPU_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "CPU Utilization"
                      - type          = "timeseries"
                    },
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 4000000000,
                                        ]
                                      - type   = "lt"
                                    }
                                  - operator  = {
                                      - type = "and"
                                    }
                                  - query     = {
                                      - params = [
                                          - "Mem_Avg",
                                          - "5m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "min"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "5m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver DocumentDB Freeable Memory"
                          - name                = "prod Keyserver DocumentDB Freeable Memory Alert"
                          - noDataState         = "alerting"
                          - notifications       = [
                              - {
                                  - uid = "NNOynGwVz"
                                },
                            ]
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 16000000000
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - steps = [
                                      - {
                                          - color = "red"
                                          - value = null
                                        },
                                      - {
                                          - color = "green"
                                          - value = 4000000000
                                        },
                                    ]
                                }
                              - unit       = "decbytes"
                            }
                          - overrides = [
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Min"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "dark-purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Mem_Avg"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "purple"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                            ]
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 8
                          - x = 8
                          - y = 20
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "Freeable Memory (Min)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - DBClusterIdentifier = "module.keystore_docdb.cluster_id"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "FreeableMemory"
                              - metricQueryType  = 0
                              - namespace        = "AWS/DocDB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "Mem_Min"
                              - region           = "default"
                              - statistic        = "Minimum"
                            },
                          - {
                              - alias            = "Freeable Memory (Avg)"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - DBClusterIdentifier = "module.keystore_docdb.cluster_id"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "FreeableMemory"
                              - metricQueryType  = 0
                              - namespace        = "AWS/DocDB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "Mem_Avg"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                        ]
                      - thresholds    = [
                          - {
                              - colorMode = "critical"
                              - op        = "lt"
                              - value     = 4000000000
                              - visible   = true
                            },
                        ]
                      - title         = "Available Memory"
                      - type          = "timeseries"
                    },
                  - {
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "off"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                    ]
                                }
                            }
                          - overrides = []
                        }
                      - gridPos       = {
                          - h = 8
                          - w = 8
                          - x = 16
                          - y = 20
                        }
                      - links         = []
                      - options       = {
                          - legend  = {
                              - calcs       = []
                              - displayMode = "list"
                              - placement   = "bottom"
                            }
                          - tooltip = {
                              - mode = "multi"
                              - sort = "none"
                            }
                        }
                      - pluginVersion = "8.4.7"
                      - targets       = [
                          - {
                              - alias            = "Database Connections"
                              - datasource       = {
                                  - type = "cloudwatch"
                                  - uid  = "P2kGF7Q4k"
                                }
                              - dimensions       = {
                                  - DBClusterIdentifier = "module.keystore_docdb.cluster_id"
                                }
                              - expression       = ""
                              - matchExact       = true
                              - metricEditorMode = 0
                              - metricName       = "DatabaseConnections"
                              - metricQueryType  = 0
                              - namespace        = "AWS/DocDB"
                              - period           = "auto"
                              - queryMode        = "Metrics"
                              - refId            = "A"
                              - region           = "default"
                              - statistic        = "Average"
                            },
                        ]
                      - title         = "Database Connections"
                      - type          = "timeseries"
                    },
                  - {
                      - alert         = {
                          - alertRuleTags       = {}
                          - conditions          = [
                              - {
                                  - evaluator = {
                                      - params = [
                                          - 2,
                                        ]
                                      - type   = "gt"
                                    }
                                  - operator  = {
                                      - type = "and"
                                    }
                                  - query     = {
                                      - params = [
                                          - "Ops_Max",
                                          - "5m",
                                          - "now",
                                        ]
                                    }
                                  - reducer   = {
                                      - params = []
                                      - type   = "max"
                                    }
                                  - type      = "query"
                                },
                            ]
                          - executionErrorState = "alerting"
                          - for                 = "5m"
                          - frequency           = "1m"
                          - handler             = 1
                          - message             = "prod Keyserver DocumentDB LowMem Num Operations Throttled"
                          - name                = "prod Keyserver DocumentDB LowMem Num Operations Throttled Alert"
                          - noDataState         = "alerting"
                          - notifications       = [
                              - {
                                  - uid = "NNOynGwVz"
                                },
                            ]
                        }
                      - datasource    = {
                          - type = "cloudwatch"
                          - uid  = "P2kGF7Q4k"
                        }
                      - description   = null
                      - fieldConfig   = {
                          - defaults  = {
                              - color      = {
                                  - mode = "palette-classic"
                                }
                              - custom     = {
                                  - axisPlacement     = "auto"
                                  - axisSoftMax       = 10
                                  - axisSoftMin       = 0
                                  - barAlignment      = 0
                                  - drawStyle         = "line"
                                  - fillOpacity       = 0
                                  - gradientMode      = "none"
                                  - lineInterpolation = "linear"
                                  - lineWidth         = 1
                                  - pointSize         = 5
                                  - scaleDistribution = {
                                      - type = "linear"
                                    }
                                  - showPoints        = "auto"
                                  - spanNulls         = false
                                  - stacking          = {
                                      - group = "A"
                                      - mode  = "none"
                                    }
                                  - thresholdsStyle   = {
                                      - mode = "area"
                                    }
                                }
                              - mappings   = []
                              - thresholds = {
                                  - mode  = "absolute"
                                  - steps = [
                                      - {
                                          - color = "green"
                                          - value = null
                                        },
                                      - {
                                          - color = "red"
                                          - value = 2
                                        },
                                    ]
                                }
                            }
                          - overrides = [
                              - {
                                  - matcher    = {
                                      - id      = "byFrameRefID"
                                      - options = "Ops_Max"
                                    }
                                  - properties = [
                                      - {
                                          - id    = "color"
                                          - value = {
                                              - fixedColor = "red"
                                              - mode       = "fixed"
                                            }
                                        },
                                    ]
                                },
                            ]
                 
...

Action: pull_request

@xav xav temporarily deployed to infra/prod August 9, 2023 07:09 — with GitHub Actions Inactive
@Elyniss Elyniss merged commit 7128c0a into master Aug 18, 2023
@Elyniss Elyniss deleted the fix/docdb_net branch August 18, 2023 14:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Elyniss Elyniss Elyniss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix prod deploy
2 participants
@xav @Elyniss