-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update terraform aws to v5 #255
Conversation
Test init-fail❌ Terraform Init: Show Init resultsInitializing the backend...
Initializing provider plugins...
- Finding latest version of foo/bar...
Error: Failed to query available provider packages
Could not retrieve the list of available versions for provider foo/bar:
provider registry registry.terraform.io does not have a provider named
registry.terraform.io/foo/bar
All modules should specify their required_providers so that external
consumers will get the correct providers when using a module. To see which
modules are currently depending on foo/bar, run the following command:
terraform providers
Show Validate resultsError: Missing required provider
This configuration requires provider registry.terraform.io/foo/bar, but that
provider isn't available. You may be able to install it automatically by
running:
terraform init
Show planError: Inconsistent dependency lock file
The following dependency selections recorded in the lock file are
inconsistent with the current configuration:
- provider registry.terraform.io/foo/bar: required by this configuration but no version is selected
To make the initial dependency selections that will initialize the dependency
lock file, run:
terraform init
|
Test validate-fail✅ Terraform Init: Show Validate resultsError: Reference to undeclared input variable
on validate-fail.tf line 4, in resource "random_id" "foo":
4: foo = var.bar
An input variable with the name "bar" has not been declared. This variable
can be declared with a variable "bar" {} block.
Show planError: Reference to undeclared input variable
on validate-fail.tf line 4, in resource "random_id" "foo":
4: foo = var.bar
An input variable with the name "bar" has not been declared. This variable
can be declared with a variable "bar" {} block.
|
Test skip-plan✅ Terraform Init: |
Test skip-conftest✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
Warning: Duplicate required provider
on skip-conftest.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
|
Test invalid✅ Terraform Init: Show Validate resultsWarning: Duplicate required provider
on invalid.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
Error: Missing required argument
on invalid.tf line 11, in resource "random_id" "id":
11: resource "random_id" "id" {
The argument "byte_length" is required, but no definition was found.
Error: Unsupported argument
on invalid.tf line 12, in resource "random_id" "id":
12: muffin = "blueberry"
An argument named "muffin" is not expected here.
🧹 Format: run invalid.tf Show planWarning: Duplicate required provider
on invalid.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
Error: Missing required argument
on invalid.tf line 11, in resource "random_id" "id":
11: resource "random_id" "id" {
The argument "byte_length" is required, but no definition was found.
Error: Unsupported argument
on invalid.tf line 12, in resource "random_id" "id":
12: muffin = "blueberry"
An argument named "muffin" is not expected here.
|
Test changes✅ Terraform Init: Plan: 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ id = (known after apply)
Warning: Duplicate required provider
on changes.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest results18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions
|
Test format-error✅ Terraform Init: 🧹 Format: run format-error.tf Plan: 1 to add, 0 to change, 0 to destroy Show summary
Show planResource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# random_id.id will be created
+ resource "random_id" "id" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 8
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Warning: Duplicate required provider
on format-error.tf line 11:
11: resource "random_id" "id" {
Provider "registry.terraform.io/hashicorp/random" was implicitly required via
resource "random_id.id", but listed in required_providers as "test". Either
the local name in required_providers must match the resource name, or the
"test" provider must be assigned within the resource block.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest results18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions
|
Test conftest-deny✅ Terraform Init: Plan: 50 to add, 0 to change, 0 to destroy Show summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.rds.data.aws_iam_policy_document.read_connection_string will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "read_connection_string" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:GetResourcePolicy",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:ListSecretVersionIds",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
]
+ sid = "0"
}
+ statement {
+ actions = [
+ "secretsmanager:ListSecrets",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "1"
}
+ statement {
+ actions = [
+ "kms:Decrypt",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "2"
+ condition {
+ test = "StringEquals"
+ values = [
+ "secretsmanager.ca-central-1.amazonaws.com",
]
+ variable = "kms:ViaService"
}
}
}
# module.rds.aws_cloudwatch_log_group.log_exports["postgresql"] will be created
+ resource "aws_cloudwatch_log_group" "log_exports" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "/aws/rds/cluster/test-rds-cluster/postgresql"
+ name_prefix = (known after apply)
+ retention_in_days = 30
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
}
# module.rds.aws_cloudwatch_log_group.proxy will be created
+ resource "aws_cloudwatch_log_group" "proxy" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "/aws/rds/proxy/test-rds-proxy"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
}
# module.rds.aws_db_proxy.proxy will be created
+ resource "aws_db_proxy" "proxy" {
+ arn = (known after apply)
+ debug_logging = false
+ endpoint = (known after apply)
+ engine_family = "POSTGRESQL"
+ id = (known after apply)
+ idle_client_timeout = 1800
+ name = "test-rds-proxy"
+ require_tls = true
+ role_arn = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
+ vpc_subnet_ids = (known after apply)
+ auth {
+ auth_scheme = "SECRETS"
+ client_password_auth_type = (known after apply)
+ description = "The database connection string"
+ iam_auth = "DISABLED"
+ secret_arn = (known after apply)
}
}
# module.rds.aws_db_proxy_default_target_group.this will be created
+ resource "aws_db_proxy_default_target_group" "this" {
+ arn = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ id = (known after apply)
+ name = (known after apply)
+ connection_pool_config {
+ connection_borrow_timeout = (known after apply)
+ init_query = (known after apply)
+ max_connections_percent = (known after apply)
+ max_idle_connections_percent = (known after apply)
+ session_pinning_filters = (known after apply)
}
}
# module.rds.aws_db_proxy_target.target will be created
+ resource "aws_db_proxy_target" "target" {
+ db_cluster_identifier = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ endpoint = (known after apply)
+ id = (known after apply)
+ port = (known after apply)
+ rds_resource_id = (known after apply)
+ target_arn = (known after apply)
+ target_group_name = (known after apply)
+ tracked_cluster_id = (known after apply)
+ type = (known after apply)
}
# module.rds.aws_db_subnet_group.rds will be created
+ resource "aws_db_subnet_group" "rds" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ id = (known after apply)
+ name = "test-rds-subnet-group"
+ name_prefix = (known after apply)
+ subnet_ids = (known after apply)
+ supported_network_types = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.aws_iam_policy.read_connection_string will be created
+ resource "aws_iam_policy" "read_connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "test-rdsReadConnectionString"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = (known after apply)
+ policy_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_iam_role.rds_proxy will be created
+ resource "aws_iam_role" "rds_proxy" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "rds.amazonaws.com"
}
+ Sid = "RDSAssume"
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "test-rds_rds_proxy"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.rds.aws_iam_role_policy_attachment.read_connection_string will be created
+ resource "aws_iam_role_policy_attachment" "read_connection_string" {
+ id = (known after apply)
+ policy_arn = (known after apply)
+ role = "test-rds_rds_proxy"
}
# module.rds.aws_rds_cluster.cluster will be created
+ resource "aws_rds_cluster" "cluster" {
+ allocated_storage = (known after apply)
+ allow_major_version_upgrade = false
+ apply_immediately = false
+ arn = (known after apply)
+ availability_zones = (known after apply)
+ backtrack_window = 0
+ backup_retention_period = 7
+ cluster_identifier = "test-rds-cluster"
+ cluster_identifier_prefix = (known after apply)
+ cluster_members = (known after apply)
+ cluster_resource_id = (known after apply)
+ copy_tags_to_snapshot = true
+ database_name = "foo"
+ db_cluster_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ db_system_id = (known after apply)
+ deletion_protection = true
+ enable_global_write_forwarding = false
+ enable_http_endpoint = false
+ enabled_cloudwatch_logs_exports = [
+ "postgresql",
]
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_mode = "provisioned"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ final_snapshot_identifier = (known after apply)
+ hosted_zone_id = (known after apply)
+ iam_roles = (known after apply)
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ master_password = (sensitive value)
+ master_user_secret = (known after apply)
+ master_user_secret_kms_key_id = (known after apply)
+ master_username = "cal"
+ network_type = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = "07:00-09:00"
+ preferred_maintenance_window = "sun:06:00-sun:07:00"
+ reader_endpoint = (known after apply)
+ skip_final_snapshot = false
+ storage_encrypted = true
+ storage_type = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[0] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-0"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = false
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[1] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-1"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = false
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[2] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "13.3"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-2"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = false
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_secretsmanager_secret.connection_string will be created
+ resource "aws_secretsmanager_secret" "connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ replica {
+ kms_key_id = (known after apply)
+ last_accessed_date = (known after apply)
+ region = (known after apply)
+ status = (known after apply)
+ status_message = (known after apply)
}
}
# module.rds.aws_secretsmanager_secret.proxy_connection_string will be created
+ resource "aws_secretsmanager_secret" "proxy_connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ replica {
+ kms_key_id = (known after apply)
+ last_accessed_date = (known after apply)
+ region = (known after apply)
+ status = (known after apply)
+ status_message = (known after apply)
}
}
# module.rds.aws_secretsmanager_secret_version.connection_string will be created
+ resource "aws_secretsmanager_secret_version" "connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_secretsmanager_secret_version.proxy_connection_string will be created
+ resource "aws_secretsmanager_secret_version" "proxy_connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_security_group.rds_proxy will be created
+ resource "aws_security_group" "rds_proxy" {
+ arn = (known after apply)
+ description = "The Security group that allows communication between the proxy and the database"
+ egress = [
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 5432
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 5432
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 5432
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 5432
},
]
+ name = "test-rds_rds_proxy_sg"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.random_string.random will be created
+ resource "random_string" "random" {
+ id = (known after apply)
+ length = 6
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ numeric = true
+ result = (known after apply)
+ special = false
+ upper = false
}
# module.vpc.aws_default_network_acl.default will be created
+ resource "aws_default_network_acl" "default" {
+ arn = (known after apply)
+ default_network_acl_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_route_table.default will be created
+ resource "aws_default_route_table" "default" {
+ arn = (known after apply)
+ default_route_table_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ route = []
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_security_group.default will be created
+ resource "aws_default_security_group" "default" {
+ arn = (known after apply)
+ description = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_internet_gateway.gw will be created
+ resource "aws_internet_gateway" "gw" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_nat_gateway.nat_gw[0] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ip_addresses = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
}
# module.vpc.aws_nat_gateway.nat_gw[1] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ip_addresses = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-1"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-1"
+ "Terraform" = "true"
}
}
# module.vpc.aws_nat_gateway.nat_gw[2] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+... Show Conftest resultsFAIL - plan.json - main - Postgresql main password > 8 characters: ["module.rds.aws_rds_cluster.cluster"]
18 tests, 17 passed, 0 warnings, 1 failure, 0 exceptions
|
Test truncate-plan✅ Terraform Init: Plan: 50 to add, 0 to change, 0 to destroy Show summary
✂ Warning: plan has been truncated! See the full plan in the logs. Show planResource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# module.rds.data.aws_iam_policy_document.read_connection_string will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "read_connection_string" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "secretsmanager:DescribeSecret",
+ "secretsmanager:GetResourcePolicy",
+ "secretsmanager:GetSecretValue",
+ "secretsmanager:ListSecretVersionIds",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
]
+ sid = "0"
}
+ statement {
+ actions = [
+ "secretsmanager:ListSecrets",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "1"
}
+ statement {
+ actions = [
+ "kms:Decrypt",
]
+ effect = "Allow"
+ resources = [
+ "*",
]
+ sid = "2"
+ condition {
+ test = "StringEquals"
+ values = [
+ "secretsmanager.ca-central-1.amazonaws.com",
]
+ variable = "kms:ViaService"
}
}
}
# module.rds.aws_cloudwatch_log_group.log_exports["postgresql"] will be created
+ resource "aws_cloudwatch_log_group" "log_exports" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "/aws/rds/cluster/test-rds-cluster/postgresql"
+ name_prefix = (known after apply)
+ retention_in_days = 30
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
}
# module.rds.aws_cloudwatch_log_group.proxy will be created
+ resource "aws_cloudwatch_log_group" "proxy" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "/aws/rds/proxy/test-rds-proxy"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_proxy_logs"
+ "Terraform" = "true"
}
}
# module.rds.aws_db_proxy.proxy will be created
+ resource "aws_db_proxy" "proxy" {
+ arn = (known after apply)
+ debug_logging = false
+ endpoint = (known after apply)
+ engine_family = "POSTGRESQL"
+ id = (known after apply)
+ idle_client_timeout = 1800
+ name = "test-rds-proxy"
+ require_tls = true
+ role_arn = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-rds-proxy"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
+ vpc_subnet_ids = (known after apply)
+ auth {
+ auth_scheme = "SECRETS"
+ client_password_auth_type = (known after apply)
+ description = "The database connection string"
+ iam_auth = "DISABLED"
+ secret_arn = (known after apply)
}
}
# module.rds.aws_db_proxy_default_target_group.this will be created
+ resource "aws_db_proxy_default_target_group" "this" {
+ arn = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ id = (known after apply)
+ name = (known after apply)
+ connection_pool_config {
+ connection_borrow_timeout = (known after apply)
+ init_query = (known after apply)
+ max_connections_percent = (known after apply)
+ max_idle_connections_percent = (known after apply)
+ session_pinning_filters = (known after apply)
}
}
# module.rds.aws_db_proxy_target.target will be created
+ resource "aws_db_proxy_target" "target" {
+ db_cluster_identifier = (known after apply)
+ db_proxy_name = "test-rds-proxy"
+ endpoint = (known after apply)
+ id = (known after apply)
+ port = (known after apply)
+ rds_resource_id = (known after apply)
+ target_arn = (known after apply)
+ target_group_name = (known after apply)
+ tracked_cluster_id = (known after apply)
+ type = (known after apply)
}
# module.rds.aws_db_subnet_group.rds will be created
+ resource "aws_db_subnet_group" "rds" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ id = (known after apply)
+ name = "test-rds-subnet-group"
+ name_prefix = (known after apply)
+ subnet_ids = (known after apply)
+ supported_network_types = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-subnet-group"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.aws_iam_policy.read_connection_string will be created
+ resource "aws_iam_policy" "read_connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "test-rdsReadConnectionString"
+ name_prefix = (known after apply)
+ path = "/"
+ policy = (known after apply)
+ policy_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
}
# module.rds.aws_iam_role.rds_proxy will be created
+ resource "aws_iam_role" "rds_proxy" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "rds.amazonaws.com"
}
+ Sid = "RDSAssume"
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "test-rds_rds_proxy"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.rds.aws_iam_role_policy_attachment.read_connection_string will be created
+ resource "aws_iam_role_policy_attachment" "read_connection_string" {
+ id = (known after apply)
+ policy_arn = (known after apply)
+ role = "test-rds_rds_proxy"
}
# module.rds.aws_rds_cluster.cluster will be created
+ resource "aws_rds_cluster" "cluster" {
+ allocated_storage = (known after apply)
+ allow_major_version_upgrade = false
+ apply_immediately = false
+ arn = (known after apply)
+ availability_zones = (known after apply)
+ backtrack_window = 0
+ backup_retention_period = 7
+ cluster_identifier = "test-rds-cluster"
+ cluster_identifier_prefix = (known after apply)
+ cluster_members = (known after apply)
+ cluster_resource_id = (known after apply)
+ copy_tags_to_snapshot = true
+ database_name = "foo"
+ db_cluster_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ db_system_id = (known after apply)
+ deletion_protection = true
+ enable_global_write_forwarding = false
+ enable_http_endpoint = false
+ enabled_cloudwatch_logs_exports = [
+ "postgresql",
]
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_mode = "provisioned"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ final_snapshot_identifier = (known after apply)
+ hosted_zone_id = (known after apply)
+ iam_roles = (known after apply)
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ master_password = (sensitive value)
+ master_user_secret = (known after apply)
+ master_user_secret_kms_key_id = (known after apply)
+ master_username = "probably"
+ network_type = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = "07:00-09:00"
+ preferred_maintenance_window = "sun:06:00-sun:07:00"
+ reader_endpoint = (known after apply)
+ skip_final_snapshot = false
+ storage_encrypted = true
+ storage_type = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-cluster"
+ "Terraform" = "true"
}
+ vpc_security_group_ids = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[0] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-0"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = false
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-0"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[1] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-1"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = false
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-1"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_rds_cluster_instance.instances[2] will be created
+ resource "aws_rds_cluster_instance" "instances" {
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = (known after apply)
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "test-rds-subnet-group"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "14.5"
+ engine_version_actual = (known after apply)
+ id = (known after apply)
+ identifier = "test-rds-instance-2"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ network_type = (known after apply)
+ performance_insights_enabled = true
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = (known after apply)
+ promotion_tier = 0
+ publicly_accessible = false
+ storage_encrypted = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds-instance-2"
+ "Terraform" = "true"
}
+ writer = (known after apply)
}
# module.rds.aws_secretsmanager_secret.connection_string will be created
+ resource "aws_secretsmanager_secret" "connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ replica {
+ kms_key_id = (known after apply)
+ last_accessed_date = (known after apply)
+ region = (known after apply)
+ status = (known after apply)
+ status_message = (known after apply)
}
}
# module.rds.aws_secretsmanager_secret.proxy_connection_string will be created
+ resource "aws_secretsmanager_secret" "proxy_connection_string" {
+ arn = (known after apply)
+ force_overwrite_replica_secret = false
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ policy = (known after apply)
+ recovery_window_in_days = 30
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
}
+ replica {
+ kms_key_id = (known after apply)
+ last_accessed_date = (known after apply)
+ region = (known after apply)
+ status = (known after apply)
+ status_message = (known after apply)
}
}
# module.rds.aws_secretsmanager_secret_version.connection_string will be created
+ resource "aws_secretsmanager_secret_version" "connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_secretsmanager_secret_version.proxy_connection_string will be created
+ resource "aws_secretsmanager_secret_version" "proxy_connection_string" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
# module.rds.aws_security_group.rds_proxy will be created
+ resource "aws_security_group" "rds_proxy" {
+ arn = (known after apply)
+ description = "The Security group that allows communication between the proxy and the database"
+ egress = [
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 5432
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 5432
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 5432
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = true
+ to_port = 5432
},
]
+ name = "test-rds_rds_proxy_sg"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "test-rds_rds_proxy_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.rds.random_string.random will be created
+ resource "random_string" "random" {
+ id = (known after apply)
+ length = 6
+ lower = true
+ min_lower = 0
+ min_numeric = 0
+ min_special = 0
+ min_upper = 0
+ number = true
+ numeric = true
+ result = (known after apply)
+ special = false
+ upper = false
}
# module.vpc.aws_default_network_acl.default will be created
+ resource "aws_default_network_acl" "default" {
+ arn = (known after apply)
+ default_network_acl_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_nacl"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_route_table.default will be created
+ resource "aws_default_route_table" "default" {
+ arn = (known after apply)
+ default_route_table_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ route = []
+ tags = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Terraform" = "true"
+ "name" = "vpc_default_route_table"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_default_security_group.default will be created
+ resource "aws_default_security_group" "default" {
+ arn = (known after apply)
+ description = (known after apply)
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_default_sg"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_internet_gateway.gw will be created
+ resource "aws_internet_gateway" "gw" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc_internet_gateway"
+ "Terraform" = "true"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_nat_gateway.nat_gw[0] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ip_addresses = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-0"
+ "Terraform" = "true"
}
}
# module.vpc.aws_nat_gateway.nat_gw[1] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ip_address_count = (known after apply)
+ secondary_private_ip_addresses = (known after apply)
+ subnet_id = (known after apply)
+ tags = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-1"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "cal"
+ "Name" = "vpc-natgw-1"
+ "Terraform" = "true"
}
}
# module.vpc.aws_nat_gateway.nat_gw[2] will be created
+ resource "aws_nat_gateway" "nat_gw" {
+ association_id = (known after apply)
+ connectivity_type = "private"
+ id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip = (known after apply)
+ public_ip = (known after apply)
... Show Conftest results18 tests, 18 passed, 0 warnings, 0 failures, 0 exceptions
|
This PR contains the following updates:
~> 4.15
->~> 5.0
Review
Release Notes
hashicorp/terraform-provider-aws (aws)
v5.22.0
Compare Source
FEATURES:
aws_media_convert_queue
(#27075)aws_elasticsearch_vpc_endpoint
(#33925)aws_msk_replicator
(#33973)ENHANCEMENTS:
self_service_portal_url
attribute (#34007)name_prefix
argument (#33852)name_prefix
argument (#33852)name_prefix
argument (#33852)name_prefix
argument (#33852)cluster_identifier_prefix
argument (#33852)identifier_prefix
argument (#33852)name_prefix
argument (#33852)name_prefix
argument (#33852)self_service_portal_url
attribute (#34007)name_prefix
argument (#33852)name_prefix
argument (#33852)name_prefix
argument (#33852)name_prefix
argument (#33852)name_prefix
argument (#33852)type
attribute (#33950)name_prefix
argument (#33852)name_prefix
argument (#33852)cluster_identifier_prefix
argument (#33852)identifier_prefix
argument (#33852)name_prefix
argument (#33852)name_prefix
argument (#33852)name_prefix
argument (#33852)cluster_identifier_prefix
argument (#33852)identifier_prefix
argument (#33852)name_prefix
argument (#33852)signer:SignPayload
as a validaction
value (#33852)statement_id_prefix
argument (#33852)pre_authentication_login_banner
andpost_authentication_login_banner
length limits to 4096 (#33937)ja3_fingerprint
tofield_to_match
configuration blocks (#33933)BUG FIXES:
computed
values are not set when there is no update (#33969)manage_master_user_password
andmaster_user_secret_kms_key_id
attributes correctly (#33699)engine_version
from6.x
to a specific6.<digit>
version number (#33954)permission_boundary
when deleted outside of Terraform (#33963)permission_boundary
when deleted outside of Terraform (#33963)Value at 'resourceTypes' failed to satisfy constraint
errors (#33348)engine_version
(#33487)found resource
errors on Delete (#33966)v5.21.0
Compare Source
FEATURES:
aws_servicequotas_templates
(#33871)aws_ec2_image_block_public_access
(#33810)aws_guardduty_organization_configuration_feature
(#33913)aws_servicequotas_template_association
(#33725)aws_verifiedaccess_group
(#33297)aws_verifiedaccess_instance_logging_configuration
(#33864)ENHANCEMENTS:
s3_settings.glue_catalog_generation
attribute (#33778)cluster_uuid
attribute (#33805)outdated_instances_strategy
argument (#33844)s3_settings.glue_catalog_generation
attribute (#33778)glue_catalog_generation
attribute (#33778)allow_major_version_upgrade
argument (#33790)copy_tags_to_snapshot
argument (#31022)import_table
configuration block (#33802)cluster_uuid
attribute (#33805)cluster_uuid
attribute (#33805)base_policy_document
argument (#33712)require_ssl
anduse_fips_ssl
config_parameters
keys (#33916)fips_enabled
argument (#33880)config.lambda_event_structure_version
argument (#33804)config.port
,config.protocol
andconfig.vpc_identifier
optional (#33804)aws_managed_rules_acfp_rule_set
tomanaged_rule_group_configs
configuration block (#33915)BUG FIXES:
AWS_S3_US_EAST_1_REGIONAL_ENDPOINT
environment variable when configuring the S3 API client (#33874).
) no longer fail validation (#33704).
) no longer fail validation (#33704)v5.20.1
Compare Source
NOTES:
v5.20.0
Compare Source
FEATURES:
aws_guardduty_detector_feature
(#31463)aws_servicequotas_template
(#33688)aws_sesv2_account_vdm_attributes
(#33705)aws_verifiedaccess_instance_trust_provider_attachment
(#33734)ENHANCEMENTS:
features
attribute (#31463)name
(#21030)opensearchserverless_configuration
andmsk_source_configuration
configuration blocks (#33101)opensearchserverless
as a validdestination
value (#33101)BUG FIXES:
active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
is not configured (#33800)active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
is not configured (#33800)dns_options.dns_record_ip_type
toComputed
to prevent diffs (#33743)v5.19.0
Compare Source
BREAKING CHANGES:
metadata
attribute's keys are always returned in lowercase (#33660)metadata
attribute's keys are always returned in lowercase (#33660)NOTES:
metadata
attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#33660)metadata
attribute's keys are now always returned in lowercase. Please modify configurations as necessary (#33660)FEATURES:
aws_cleanrooms_configured_table
(#33602)aws_dms_replication_config
(#32908)aws_lexv2models_bot
(#33475)aws_rds_custom_db_engine_version
(#33285)ENHANCEMENTS:
ubuntu-22.04-x86_64
andresolve:ssm:/aws/service/cloud9/amis/ubuntu-22.04-x86_64
as valid values forimage_id
(#33662)bypass_snaplock_enterprise_retention
argument andsnaplock_configuration
configuration block to support SnapLock (#32530)copy_tags_to_backups
andsnapshot_policy
arguments (#32530)delete_volume_options
argument (#32530)force_delete
argument (#33586)connection_properties
,connection_mode
andaccept_connection
arguments (#32990)rate_based_statement.custom_key
configuration block (#33594)rate_based_statement.custom_key
configuration block (#33594)BUG FIXES:
compute_environments
as ARNs (#33577)IllegalUpdate
errors when updating a stagingaws_cloudfront_distribution
that is part of continuous deployment (#33578)IllegalUpdate
errors when updating a staging distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578)PreconditionFailed
errors when destroying a distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578)StagingDistributionInUse
errors when destroying a distribution associated with anaws_cloudfront_continuous_deployment_policy
(#33578)protocol.smb.domain
,protocol.smb.user
andprotocol.smb.password
(#33641)policy
(#33570)policy
(#33570)policy
(#33570)assume_role_policy
(#33570)policy
(#33570)policy
(#33570)policy
(#33570)couldn't find resource
errors on resource Create (#33537)inline_policy
(#33570)policy
(#33570)policy
(#33570)v5.18.1
Compare Source
NOTES:
v5.18.0
Compare Source
FEATURES:
aws_fsx_ontap_file_system
(#32503)aws_fsx_ontap_storage_virtual_machine
(#32621)aws_fsx_ontap_storage_virtual_machines
(#32624)aws_organizations_organizational_unit
(#33408)aws_opensearch_package
(#33227)aws_opensearch_package_association
(#33227)ENHANCEMENTS:
active_directory_configuration.self_managed_active_directory_configuration.domain_name
,active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
andactive_directory_configuration.self_managed_active_directory_configuration.organizational_unit_distinguished_name
allowing an SVM to join AD after creation (#33466)BUG FIXES:
dkim_signing_attributes.domain_signing_private_key
as sensitive (#33477)storage_throughput
can be changed wheniops
andallocated_storage
are not changed (#33529)option
port
and/orversion
is not set (#33511)active_directory_configuration.self_managed_active_directory_configuration.file_system_administrators_group
is configured (#33466)file_system_id
to ForceNew (#32621)OperationAborted: A conflicting conditional operation is currently in progress against this resource
errors (#33531)OperationAborted: A conflicting conditional operation is currently in progress against this resource
errors (#33531)OperationAborted: A conflicting conditional operation is currently in progress against this resource
errors (#33531)dkim_signing_attributes.domain_signing_private_key
as sensitive (#33477)v5.17.0
Compare Source
NOTES:
/
as the value forkey
is no longer supported (#33358)FEATURES:
aws_shield_application_layer_automatic_response
(#33432)aws_verifiedaccess_instance
(#33459)ENHANCEMENTS:
checksum_mode
argument andchecksum_crc32
,checksum_crc32c
,checksum_sha1
andchecksum_sha256
attributes (#33358)details.region.bucket_account_id
attribute (#33416)checksum_algorithm
argument andchecksum_crc32
,checksum_crc32c
,checksum_sha1
andchecksum_sha256
attributes (#33358)checksum_algorithm
argument andchecksum_crc32
,checksum_crc32c
,checksum_sha1
andchecksum_sha256
attributes (#33358)details.region.bucket_account_id
argument to support cross-account Multi-Region Access Points (#33416)details.region.region
attribute (#33416)JSONSchemaDraft4
schema type support (#33442)sftp_config
argument and makeas2_config
optional (#32741)WAFOptimisticLockException
errors (#33432)BUG FIXES:
replication_task_settings
isnil
(#33456)redis
engine types caused by the newtransit_encryption_enabled
argument (#33451)kms_key_arn
on restore from DB cluster snapshot (#33413)provisioning_artifact_parameters
attribute (#33448)v5.16.2
Compare Source
FEATURES:
aws_cognito_identity_pool
(#33053)aws_verifiedaccess_trust_provider
(#33195)ENHANCEMENTS:
instance_refresh.preferences.scale_in_protected_instances
andinstance_refresh.preferences.standby_instances
fromWait
to the Amazon EC2 Auto Scaling console recommended value ofIgnore
(#33382)alias
attribute (#33388)BUG FIXES:
ValidationError
errors when starting Auto Scaling group instance refresh (#33382)InvalidParameter
errors on Update with Kafka destinations (#33360)name
(#33405)name
(#33405)name
(#33405)name
(#33405)lb_name
(#33405)lb_name
(#33405)lb_name
(#33405)lb_name
(#33405)lb_name
(#33405)lb_name
(#33405)v5.16.1
Compare Source
BUG FIXES:
Search returned 0 results
errors when there are more than 101 file systems in the configured Region (#33336)unexpected state
errors on resource Create (#33369)metadata_location
andtable_type
parameters
when updating Iceberg tables (#33374)v5.16.0
Compare Source
NOTES:
FEATURES:
aws_shield_drt_access_log_bucket_association
(#33328)aws_shield_drt_access_role_arn_association
(#33328)ENHANCEMENTS:
customer_id
attribute (#33281)disk_iops_configuration
attribute (#33303)software_update_options
attribute (#32234)request_payer
argument andrequest_charged
attribute (#33304)encoding_type
(#33304)api_key_version
andfeatures
attributes (#33279)customer_id
argument (#33281)name
(#33281)scale_in_protected_instances
andstandby_instances
attributes toinstance_refresh.preferences
configuration block (#33310)redshift-serverless
as valid value forengine_name
(#33316)transit_encryption_enabled
argument, enabling in-transit encryption for Memcached clusters inside a VPC (#26987)disk_iops_configuration
configuration block (#33303)open_table_format_input
configuration block to support open table formats such as Apache Iceberg (#33274)automatic_input_failover_settings
ininput_attachments
(#33129)software_update_options
attribute (#32234)sync_compliance
attribute (#23515)BUG FIXES:
filter
argument to preventUnknownOperationException
errors in certain Regions (#33311)filter
argument to preventUnknownOperationException
errors in certain Regions (#33311)max_keys
value if it's greater than1000
(#33304)cloudwatch_role_arn
to an empty value and set it correctly on Read, allowing its value to be determined on import (#33279)disk_iops_configuration.iops
to160000
(#33263)ResourceNotFoundException
errors on resource Delete when configuredprincipal_type
isIAM_PATTERN
(#32243)v5.15.0
Compare Source
ENHANCEMENTS:
name
attribute (#33243)read_only_admins
attribute (#33189)cluster_config.multi_az_with_standby_enabled
attribute (#33031)call_as = "DELEGATED_ADMIN"
via StackSetName,CallAs syntax forimport
block orterraform import
command (#19092)call_as = "DELEGATED_ADMIN"
via StackSetName,AccountID,Region,CallAs syntax forimport
block orterraform import
command (#19092)setting protocol: Invalid address to set
errors (#33225)name
attribute (#33243)endpoint_ip_address_range
,preferred_subnet_id
androute_table_ids
arguments to support the Multi-AZ deployment type (#33245)read_only_admins
argument (#33189)cluster_config.multi_az_with_standby_enabled
argument (#33031)name_prefix
argument (#33206)statement.managed_rule_group_statement.managed_rule_group_configs.aws_managed_rules_atp_rule_set.enable_regex_in_path
argument (#33217)BUG FIXES:
tags
that arecomputed
(#33226)oauth2
incustom_connector_profile
(#33192)Can only set RetainStacksOnAccountRemoval if AutoDeployment is enabled
errors (#19092)TypeString
instead ofTypeInt
to preventvalue out of range
panic (#33220)tag propagation: timeout while waiting for state to become 'TRUE'
errors when any tag value is empty (""
) (#33226)ShieldMitigationRuleGroup
rule on resource Update (#33216)v5.14.0
Compare Source
NOTES:
statement.*.condition
blocks with the sametest
andvariable
arguments were incorrectly handled by the provider. Since this results in unexpected IAM Policies being submitted to AWS, we have updated the logic to mergevalues
lists in this case. This may cause existing IAM Policy documents to report a difference. However, those policies are likely not what was originally intended. (#33093)FEATURES:
aws_datasync_location_azure_blob
(#32632)aws_datasync_location_fsx_ontap_file_system
(#32632)ENHANCEMENTS:
network_type
attribute (#33158)destination_arn
andsource_arn
attributes (#33168)network_type
argument (#33158)destination_arn
andsource_arn
attributes (#33168)transit_gateway_configuration.*.attachment_network_acl_configuration
argument. (#33123)selector_settings
foraudio_selector
andselector_settings
forcaption_selector
(#32714)BUG FIXES:
condition
blocks with duplicatedtest
andvariable
arguments (#33093)outpost_arn
without anasset_id
(#33142)setting forward_path_components: Invalid address to set
errors (#33168)source
ordestination
(#33168)AnalysisExistsForNetworkInsightsPath
errors on resource Delete (#33168)tag propagation: timeout while waiting for state to become 'TRUE'
errors whenignore_tags
has been configured (#33167)InvalidParameterValueException
errors during resource Delete (#32845)Current cluster policy version needed for Update
errors (#33118)definition.*.parameter_declarations
to a set type, preventing persistent differences (#33120)word_orientation
argument when using word cloud visuals. (#33122)definition.*.parameter_declarations.*.*_parameter_declaration.static_values
when empty, preventing persistent differences. (#33161)definition.*.parameter_declarations
to a set type, preventing persistent differences (#33120)word_orientation
argument when using word cloud visuals. (#33122)definition.*.parameter_declarations.*.*_parameter_declaration.static_values
when empty, preventing persistent differences. (#33161)definition.*.parameter_declarations
to a set type, preventing persistent differences (#33120)word_orientation
argument when using word cloud visuals. (#33122)definition.*.parameter_declarations.*.*_parameter_declaration.static_values
when empty, preventing persistent differences. (#33161)acl
as Computed. This suppresses the diffs shown when migrating resources with no configuredacl
attribute value from v4.67.0 (or earlier) (#33138)acl
as Computed. This suppresses the diffs shown when migrating resources with no configuredacl
attribute value from v4.67.0 (or earlier) (#33138)SECURITY_CONTROL
) forcontrol_finding_generator
argument and mark as Computed (#33095)v5.13.1
Compare Source
BUG FIXES:
source_code_hash
back to ForceNew. This fixesdoesn't support update
errors (#33097)current Organization ID (o-xxxxxxxxxx) does not match
errors on resource Read (#33091)v5.13.0
Compare Source
FEATURES:
aws_msk_cluster_policy
(#32848)aws_opensearch_vpc_endpoint
(#32435)aws_ram_sharing_with_organization
(#25433)ENHANCEMENTS:
image_scanning_configuration
attribute (#33005)resource_arns
attribute (#22591)s3_us_east_1_regional_endpoint
attribute to support using the regional S3 API endpoint inus-east-1
. (#33024)babelfish
as anengine_name
option (#32975)image_scanning_configuration
configuration block (#33005)security_groups
for Network Load Balancers force a new resource if either the old or new set of security group IDs is empty (#32987)global_cluster_identifier
(#30996)BUG FIXES:
most_recent_image_tags
when only a single image is found (#31757)outputs
as Computed when there are potential changes. (#33059)source_code_hash
is used but not changed (#32535)Configuration
📅 Schedule: Branch creation - "every weekend" in timezone America/Montreal, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.