bash-5.1# ./scripts/infra plan + [[ -n 73be5e391d282f4c ]] + GIT_COMMIT=73be5e3 + '[' ./scripts/infra = ./scripts/infra ']' + '[' plan = --help ']' ++ dirname ./scripts/infra + TERRAFORM_DIR=./scripts/../deployment/terraform + echo + echo 'Attempting to deploy application version [73be5e3]...' Attempting to deploy application version [73be5e3]... + echo ----------------------------------------------------- ----------------------------------------------------- + echo + [[ -n openapparelregistry-production-config-eu-west-1 ]] + pushd ./scripts/../deployment/terraform /usr/local/src/deployment/terraform /usr/local/src + aws s3 cp s3://openapparelregistry-production-config-eu-west-1/terraform/terraform.tfvars openapparelregistry-production-config-eu-west-1.tfvars download: s3://openapparelregistry-production-config-eu-west-1/terraform/terraform.tfvars to ./openapparelregistry-production-config-eu-west-1.tfvars + case "${1}" in ++ aws batch describe-compute-environments --output text --compute-environments batchStagingDefaultComputeEnvironment --query 'computeEnvironments[].computeResources.desiredvCpus' + DEFAULT_BATCH_CE_DESIRED_CPU= + make -sC lambda-functions/alert_batch_failures + make -sC lambda-functions/alert_sfn_failures + rm -rf .terraform 'terraform.tfstate*' + terraform init -backend-config=bucket=openapparelregistry-production-config-eu-west-1 -backend-config=key=terraform/state Initializing modules... - module.cert_cdn Getting source "github.com/azavea/terraform-aws-acm-certificate?ref=1.0.0" - module.vpc Getting source "github.com/azavea/terraform-aws-vpc?ref=4.0.0" Initializing the backend... Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Initializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com... - Downloading plugin for provider "template" (1.0.0)... - Downloading plugin for provider "aws" (2.70.4)... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. + terraform plan '-var=image_tag="73be5e3"' -var=batch_default_ce_desired_vcpus=0 -var-file=openapparelregistry-production-config-eu-west-1.tfvars -out=openapparelregistry-production-config-eu-west-1.tfplan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. aws_acm_certificate.default: Refreshing state... (ID: arn:aws:acm:us-east-1:249322298638:cert...e/1e754f6f-6ec6-4806-be71-3db5f05805bf) aws_iam_role.step_functions_service_role: Refreshing state... (ID: stepFunctionsProductionServiceRole) aws_db_parameter_group.default: Refreshing state... (ID: openapparelregistry-prd20201030145445294100000001) aws_ecr_repository.default: Refreshing state... (ID: openapparelregistry) aws_ecr_repository.default: Refreshing state... (ID: openapparelregistry-batch) aws_cloudwatch_log_group.app: Refreshing state... (ID: logProductionApp) aws_iam_role.alert_batch_failures: Refreshing state... (ID: lambdaProductionAlertBatchFailures) aws_ses_domain_identity.app: Refreshing state... (ID: openapparel.org) aws_cloudwatch_event_rule.check_api_limits: Refreshing state... (ID: eventRuleProductionCheckAPILimits) aws_batch_compute_environment.default: Refreshing state... (ID: batchProductionDefaultComputeEnvironment20220823212047318700000001) aws_ecs_cluster.app: Refreshing state... (ID: arn:aws:ecs:eu-west-1:249322298638:cluster/ecsProductionCluster) aws_acm_certificate.default: Refreshing state... (ID: arn:aws:acm:eu-west-1:249322298638:cert...e/5d5ebafa-8050-43cb-a666-71a5a6acd01a) aws_cloudwatch_log_group.cli: Refreshing state... (ID: logProductionAppCLI) aws_security_group.postgresql: Refreshing state... (ID: sg-0f5472da485397992) aws_eip.nat[0]: Refreshing state... (ID: eipalloc-045bf91a46af7f1a3) aws_eip.nat[1]: Refreshing state... (ID: eipalloc-005d4388a987156e3) aws_vpc.default: Refreshing state... (ID: vpc-0da27828d6e46e315) aws_iam_role.container_instance_ec2: Refreshing state... (ID: ecsProductionContainerInstanceProfile) data.aws_canonical_user_id.current: Refreshing state... aws_route53_zone.external: Refreshing state... (ID: Z2FK682W87ON24) aws_iam_role.alert_sfn_failures: Refreshing state... (ID: lambdaProductionAlertStepFunctionsFailures) aws_iam_role.container_instance_spot_fleet: Refreshing state... (ID: fleetProductionServiceRole) aws_lambda_function.alert_batch_failures: Refreshing state... (ID: funcProductionAlertBatchFailures) aws_iam_role_policy_attachment.alert_batch_failures_lambda_policy: Refreshing state... (ID: lambdaProductionAlertBatchFailures-20190520164704684400000001) aws_iam_role.ecs_task_execution_role: Refreshing state... (ID: ecsProductionTaskExecutionRole) aws_iam_role.app_task_role: Refreshing state... (ID: ecsProductionTaskRole) aws_ecr_lifecycle_policy.default: Refreshing state... (ID: openapparelregistry-batch) aws_ecr_lifecycle_policy.default: Refreshing state... (ID: openapparelregistry) aws_iam_role.container_instance_batch: Refreshing state... (ID: batchProductionServiceRole) aws_sns_topic.global: Refreshing state... (ID: arn:aws:sns:eu-west-1:249322298638:topicProductionGlobalNotifications) aws_iam_role.cloudwatch_events_service_role: Refreshing state... (ID: cloudWatchEventsProductionServiceRole) aws_ses_domain_dkim.app: Refreshing state... (ID: openapparel.org) aws_batch_job_queue.default: Refreshing state... (ID: arn:aws:batch:eu-west-1:249322298638:job-queue/queueProductionDefault) aws_iam_role_policy.ses_send_email_from_batch: Refreshing state... (ID: ecsProductionContainerInstanceProfile:sesProductionEmailSendingPolicy) aws_iam_instance_profile.container_instance: Refreshing state... (ID: ecsProductionContainerInstanceProfile) aws_iam_role_policy_attachment.ec2_service_role: Refreshing state... (ID: ecsProductionContainerInstanceProfile-20190311145153967200000003) aws_route53_record.validation[1]: Refreshing state... (ID: Z2FK682W87ON24__8c318e544e3adee7d235d4842525f50e.openapparel.org._CNAME) aws_route53_record.validation[0]: Refreshing state... (ID: Z2FK682W87ON24__8c318e544e3adee7d235d4842525f50e.openapparel.org._CNAME) aws_db_instance.postgresql: Refreshing state... (ID: openapparelregistry-enc-prd) aws_iam_role_policy_attachment.alert_sfn_failures_lambda_policy: Refreshing state... (ID: lambdaProductionAlertStepFunctionsFailures-20210106233540122400000001) aws_lambda_function.alert_sfn_failures: Refreshing state... (ID: funcProductionAlertStepFunctionsFailures) aws_iam_role_policy_attachment.spot_fleet_policy: Refreshing state... (ID: fleetProductionServiceRole-20190311145154102200000005) aws_iam_role_policy_attachment.ecs_task_execution_role_policy: Refreshing state... (ID: ecsProductionTaskExecutionRole-20190311145153699800000002) aws_iam_role_policy.ses_send_email: Refreshing state... (ID: ecsProductionTaskRole:SESSendEmail) aws_iam_role_policy.batch_describe_and_submit: Refreshing state... (ID: ecsProductionTaskRole:BatchDescribeAndSubmit) aws_iam_role_policy_attachment.batch_policy: Refreshing state... (ID: batchProductionServiceRole-20190311145154073300000004) aws_route53_record.ses_verification: Refreshing state... (ID: Z2FK682W87ON24__amazonses.openapparel.org_TXT) aws_cloudwatch_event_rule.alert_batch_failures: Refreshing state... (ID: ruleProductionAlertBatchFailures) aws_route53_record.ses_dkim[0]: Refreshing state... (ID: Z2FK682W87ON24_rmspj5a3r4qesrwrncckyd7iuum2edmd._domainkey.openapparel.org_CNAME) aws_route53_record.ses_dkim[1]: Refreshing state... (ID: Z2FK682W87ON24_2ythw7k5x6qbmmtt3buc2nlvzgif5vzu._domainkey.openapparel.org_CNAME) aws_route53_record.ses_dkim[2]: Refreshing state... (ID: Z2FK682W87ON24_cmybzlqmypgewsqqmanpowkx4s6ydz7a._domainkey.openapparel.org_CNAME) aws_s3_bucket.logs: Refreshing state... (ID: openapparelregistry-production-logs-eu-west-1) aws_acm_certificate_validation.default: Refreshing state... (ID: 2021-12-28 00:35:21 +0000 UTC) aws_route53_record.validation[1]: Refreshing state... (ID: Z2FK682W87ON24__8c318e544e3adee7d235d4842525f50e.openapparel.org._CNAME) aws_route53_record.validation[0]: Refreshing state... (ID: Z2FK682W87ON24__8c318e544e3adee7d235d4842525f50e.openapparel.org._CNAME) aws_cloudwatch_metric_alarm.database_cpu: Refreshing state... (ID: alarmProductionDatabaseServerCPUUtilization-openapparelregistry-enc-prd) aws_cloudwatch_metric_alarm.database_memory_free: Refreshing state... (ID: alarmProductionDatabaseServerFreeableMemory-openapparelregistry-enc-prd) aws_cloudwatch_metric_alarm.database_disk_queue: Refreshing state... (ID: alarmProductionDatabaseServerDiskQueueDepth-openapparelregistry-enc-prd) aws_cloudwatch_metric_alarm.database_disk_free: Refreshing state... (ID: alarmProductionDatabaseServerFreeStorageSpace-openapparelregistry-enc-prd) aws_lambda_permission.alert_batch_failures: Refreshing state... (ID: permProductionAlertBatchFailures) aws_cloudwatch_event_target.alert_batch_failures: Refreshing state... (ID: ruleProductionAlertBatchFailures-targetProductionAlertBatchFailures) aws_acm_certificate_validation.default: Refreshing state... (ID: 2022-09-23 06:32:44 +0000 UTC) aws_internet_gateway.default: Refreshing state... (ID: igw-0a38107a0b2060194) aws_subnet.private[0]: Refreshing state... (ID: subnet-0a8a51d5533725eb0) aws_security_group.bastion: Refreshing state... (ID: sg-05656fca89557e576) aws_subnet.public[0]: Refreshing state... (ID: subnet-0f8420a6cc7419dc0) aws_route53_zone.internal: Refreshing state... (ID: Z29JIX2RSQCMTJ) aws_subnet.private[1]: Refreshing state... (ID: subnet-0aaa7fbed13d1e578) aws_subnet.public[1]: Refreshing state... (ID: subnet-0b87de14a1c023917) aws_route_table.public: Refreshing state... (ID: rtb-0afae5029afa2d1ca) aws_route_table.private[0]: Refreshing state... (ID: rtb-0458ff188de28cc1a) aws_route_table.private[1]: Refreshing state... (ID: rtb-042fda1046f04f13a) aws_route.public: Refreshing state... (ID: r-rtb-0afae5029afa2d1ca1080289494) aws_instance.bastion: Refreshing state... (ID: i-0c886c20155b3370c) aws_nat_gateway.default[1]: Refreshing state... (ID: nat-016dca01542709495) aws_route_table_association.public[1]: Refreshing state... (ID: rtbassoc-0852fb3c6f65f6d9c) aws_nat_gateway.default[0]: Refreshing state... (ID: nat-08a94c8d387b66c1d) aws_route_table_association.public[0]: Refreshing state... (ID: rtbassoc-01cb561b4fcc26503) aws_vpc_endpoint.s3: Refreshing state... (ID: vpce-0d145838d1be1e6db) aws_route_table_association.private[1]: Refreshing state... (ID: rtbassoc-071430fbd6bf4bfe1) aws_route_table_association.private[0]: Refreshing state... (ID: rtbassoc-01432af5beabc2e13) aws_route.private[1]: Refreshing state... (ID: r-rtb-042fda1046f04f13a1080289494) aws_route.private[0]: Refreshing state... (ID: r-rtb-0458ff188de28cc1a1080289494) aws_route53_record.database: Refreshing state... (ID: Z29JIX2RSQCMTJ_database.service.oar.internal_CNAME) aws_ecs_task_definition.app: Refreshing state... (ID: ProductionApp) aws_batch_job_definition.default: Refreshing state... (ID: arn:aws:batch:eu-west-1:249322298638:job-definition/jobProductionDefault:97) aws_ecs_task_definition.app_cli: Refreshing state... (ID: ProductionAppCLI) aws_iam_role_policy.step_functions_service_role_policy: Refreshing state... (ID: stepFunctionsProductionServiceRole:stepFunctionsProductionServiceRolePolicy) aws_glue_catalog_table.alb_logs: Refreshing state... (ID: 249322298638:default:prd_alb_logs) aws_s3_bucket_policy.alb_access_logging: Refreshing state... (ID: openapparelregistry-production-logs-eu-west-1) aws_cloudfront_distribution.cdn: Refreshing state... (ID: E3JMJE8P617OQD) aws_glue_catalog_table.cdn_logs: Refreshing state... (ID: 249322298638:default:prd_cdn_logs) aws_route53_record.www_ipv6: Refreshing state... (ID: Z2FK682W87ON24_openapparel.org_AAAA) aws_route53_record.www: Refreshing state... (ID: Z2FK682W87ON24_openapparel.org_A) aws_network_interface_sg_attachment.bastion: Refreshing state... (ID: sg-05656fca89557e576_eni-0a990c31f77b6cace) aws_security_group_rule.bastion_ssh_egress: Refreshing state... (ID: sgrule-3916172402) aws_security_group.alb: Refreshing state... (ID: sg-0f52b1f0f29a25527) aws_security_group.batch: Refreshing state... (ID: sg-082aa43e36264abfe) aws_lb_target_group.app: Refreshing state... (ID: arn:aws:elasticloadbalancing:eu-west-1:...group/tgProductionApp/4e256115a7d0c052) aws_route53_record.bastion: Refreshing state... (ID: Z2FK682W87ON24_bastion.openapparel.org_CNAME) aws_security_group.app: Refreshing state... (ID: sg-0fa8d6382635c7a42) aws_security_group_rule.bastion_ssh_ingress: Refreshing state... (ID: sgrule-3725776044) aws_security_group_rule.bastion_rds_enc_egress: Refreshing state... (ID: sgrule-3925311284) aws_security_group_rule.rds_enc_bastion_ingress: Refreshing state... (ID: sgrule-3133759393) aws_security_group_rule.bastion_http_egress: Refreshing state... (ID: sgrule-309552972) aws_db_subnet_group.default: Refreshing state... (ID: openapparelregistry-prd) aws_security_group_rule.bastion_https_egress: Refreshing state... (ID: sgrule-2463960312) aws_security_group_rule.batch_bastion_ingress: Refreshing state... (ID: sgrule-2063638737) aws_security_group_rule.batch_rds_enc_egress: Refreshing state... (ID: sgrule-4202652203) aws_security_group_rule.rds_enc_batch_ingress: Refreshing state... (ID: sgrule-4206288621) aws_security_group_rule.batch_https_egress: Refreshing state... (ID: sgrule-3308317028) aws_security_group_rule.alb_https_ingress: Refreshing state... (ID: sgrule-1763528452) aws_lb.app: Refreshing state... (ID: arn:aws:elasticloadbalancing:eu-west-1:.../app/albProductionApp/33541107d711a23c) aws_security_group_rule.app_bastion_ingress: Refreshing state... (ID: sgrule-3869426913) aws_security_group_rule.app_rds_enc_egress: Refreshing state... (ID: sgrule-2333640957) aws_security_group_rule.alb_app_egress: Refreshing state... (ID: sgrule-4287675322) aws_security_group_rule.bastion_app_egress: Refreshing state... (ID: sgrule-848727643) aws_security_group_rule.rds_enc_app_ingress: Refreshing state... (ID: sgrule-548394256) aws_security_group_rule.app_https_egress: Refreshing state... (ID: sgrule-1944620164) aws_security_group_rule.app_alb_ingress: Refreshing state... (ID: sgrule-1197567454) aws_sfn_state_machine.app_cli: Refreshing state... (ID: arn:aws:states:eu-west-1:249322298638:stateMachine:stateMachineProductionAppCLI) aws_route53_record.origin: Refreshing state... (ID: Z2FK682W87ON24_origin.openapparel.org_A) aws_lb_listener.app: Refreshing state... (ID: arn:aws:elasticloadbalancing:eu-west-1:...nApp/33541107d711a23c/bc6f01d5f7a3528d) aws_iam_role_policy.cloudwatch_events_service_role_policy: Refreshing state... (ID: cloudWatchEventsProductionServiceRole:c...WatchEventsProductionServiceRolePolicy) aws_cloudwatch_event_target.check_api_limits: Refreshing state... (ID: eventRuleProductionCheckAPILimits-eventTargetProductionCheckAPILimits) aws_ecs_service.app: Refreshing state... (ID: arn:aws:ecs:eu-west-1:249322298638:service/ProductionApp) ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ~ update in-place - destroy Terraform will perform the following actions: - aws_batch_compute_environment.default - aws_batch_job_definition.default - aws_batch_job_queue.default ~ aws_cloudfront_distribution.cdn default_cache_behavior.0.default_ttl: "86400" => "0" default_cache_behavior.0.max_ttl: "31536000" => "300" - aws_cloudwatch_event_rule.alert_batch_failures - aws_cloudwatch_event_rule.check_api_limits - aws_cloudwatch_event_target.alert_batch_failures - aws_cloudwatch_event_target.check_api_limits - aws_cloudwatch_log_group.app - aws_cloudwatch_log_group.cli - aws_db_parameter_group.default - aws_db_subnet_group.default - aws_ecs_cluster.app - aws_ecs_service.app - aws_ecs_task_definition.app - aws_ecs_task_definition.app_cli - aws_glue_catalog_table.alb_logs - aws_iam_instance_profile.container_instance - aws_iam_role.alert_batch_failures - aws_iam_role.alert_sfn_failures - aws_iam_role.app_task_role - aws_iam_role.cloudwatch_events_service_role - aws_iam_role.container_instance_batch - aws_iam_role.container_instance_ec2 - aws_iam_role.container_instance_spot_fleet - aws_iam_role.ecs_task_execution_role - aws_iam_role.step_functions_service_role - aws_iam_role_policy.batch_describe_and_submit - aws_iam_role_policy.cloudwatch_events_service_role_policy - aws_iam_role_policy.ses_send_email - aws_iam_role_policy.ses_send_email_from_batch - aws_iam_role_policy.step_functions_service_role_policy - aws_iam_role_policy_attachment.alert_batch_failures_lambda_policy - aws_iam_role_policy_attachment.alert_sfn_failures_lambda_policy - aws_iam_role_policy_attachment.batch_policy - aws_iam_role_policy_attachment.ec2_service_role - aws_iam_role_policy_attachment.ecs_task_execution_role_policy - aws_iam_role_policy_attachment.spot_fleet_policy - aws_lambda_function.alert_batch_failures - aws_lambda_function.alert_sfn_failures - aws_lambda_permission.alert_batch_failures - aws_lb.app - aws_lb_listener.app - aws_lb_target_group.app - aws_route53_record.bastion - aws_route53_record.database - aws_route53_record.origin - aws_route53_record.ses_dkim[0] - aws_route53_record.ses_dkim[1] - aws_route53_record.ses_dkim[2] - aws_route53_record.ses_verification - aws_s3_bucket_policy.alb_access_logging - aws_security_group.alb - aws_security_group.app - aws_security_group.batch - aws_security_group_rule.alb_app_egress - aws_security_group_rule.alb_https_ingress - aws_security_group_rule.app_alb_ingress - aws_security_group_rule.app_bastion_ingress - aws_security_group_rule.app_https_egress - aws_security_group_rule.app_rds_enc_egress - aws_security_group_rule.bastion_app_egress - aws_security_group_rule.bastion_http_egress - aws_security_group_rule.bastion_https_egress - aws_security_group_rule.bastion_rds_enc_egress - aws_security_group_rule.bastion_ssh_egress - aws_security_group_rule.bastion_ssh_ingress - aws_security_group_rule.batch_bastion_ingress - aws_security_group_rule.batch_https_egress - aws_security_group_rule.batch_rds_enc_egress - aws_security_group_rule.rds_enc_app_ingress - aws_security_group_rule.rds_enc_bastion_ingress - aws_security_group_rule.rds_enc_batch_ingress - aws_ses_domain_dkim.app - aws_ses_domain_identity.app - aws_sfn_state_machine.app_cli - module.cert_lb.aws_acm_certificate.default - module.cert_lb.aws_acm_certificate_validation.default - module.cert_lb.aws_route53_record.validation[0] - module.cert_lb.aws_route53_record.validation[1] - module.database_enc.aws_cloudwatch_metric_alarm.database_cpu - module.database_enc.aws_cloudwatch_metric_alarm.database_disk_free - module.database_enc.aws_cloudwatch_metric_alarm.database_disk_queue - module.database_enc.aws_cloudwatch_metric_alarm.database_memory_free - module.database_enc.aws_db_instance.postgresql - module.database_enc.aws_security_group.postgresql Plan: 0 to add, 1 to change, 85 to destroy. ------------------------------------------------------------------------ This plan was saved to: openapparelregistry-production-config-eu-west-1.tfplan To perform exactly these actions, run the following command to apply: terraform apply "openapparelregistry-production-config-eu-west-1.tfplan" + popd /usr/local/src bash-5.1#