Skip to content

Feature/memory optimization cost savings #297

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 23, 2025
Merged

Feature/memory optimization cost savings #297

merged 2 commits into from
Sep 23, 2025

Conversation

@jameslaneovermind
Copy link
Contributor

@jameslaneovermind jameslaneovermind commented Sep 23, 2025

Cost-optimized demo: Reduced from $738/month to ~$200/month
Still shows the memory trap: 1024MB container vs 1536MB Java requirement
Same hidden risks: Load balancer impacts, monitoring cascades, etc.
Perfect for Overmind demo: Simple change → complex hidden impacts

@jameslaneovermind
deploy: establish memory optimization demo infrastructure with safe 2…
63c4f8c 
…048MB allocation

- Enable memory optimization demo in production environment
- Deploy 15 ECS Fargate containers with safe 2048MB memory allocation
- Establish baseline monitoring, alerting, and load balancing
- Create foundation for Q4 cost optimization analysis

Infrastructure includes:
- ECS cluster with Container Insights
- Application Load Balancer with health checks
- CloudWatch monitoring and alarms
- Security groups and IAM roles

Ready for memory optimization testing and cost analysis.
@jameslaneovermind
optimize: reduce demo costs while maintaining core functionality
0c200f6 
Cost optimization changes:
- Reduce container count from 15 to 3 containers (80% cost reduction)
- Reduce CPU allocation from 1024 to 512 units per container
- Disable CloudWatch Container Insights (expensive detailed monitoring)
- Reduce log retention from 7 days to 1 day
- Maintain 5-minute CloudWatch monitoring intervals

Expected cost reduction: ~50/month while preserving:
✅ Memory optimization demo functionality
✅ OutOfMemoryError simulation when memory reduced to 1024MB
✅ All monitoring and alerting capabilities
✅ Load balancer and health check behavior

Still demonstrates the same hidden risks and impacts that Overmind catches.
@github-actions
Copy link

github-actions bot commented Sep 23, 2025

Overmind

Open in Overmind ↗

🔴 Change Signals

Routine 🔴 ▇▅▃▂▁ Multiple AWS resources showing the first ever modification of attributes, which is unusual compared to typical patterns.
Cost 🔴 ▂▁ Monthly cost increases by $70.89 (39.2%) from $180.83 to $251.71 USD. 108 resources analyzed.

View signals ↗

🔥 Risks

Public HTTP Access on ALB Security Group Exposes Application to Unauthorized Access ‼️High Open Risk ↗
The proposed change introduces a security group for an Application Load Balancer (ALB) that allows public HTTP access from 0.0.0.0/0. This configuration could expose the application to unauthorized access if not intended. The security group ingress rule permits HTTP access from any IP address, which is a significant security concern. It is recommended to evaluate whether this access is necessary and, if not, to restrict it to known IP ranges to mitigate potential unauthorized access.

Security Risk Due to Lack of SSL Termination on Load Balancer Using HTTP Protocol on Port 80 ‼️High Open Risk ↗
The aws_lb is configured to use HTTP on port 80 without SSL termination, which exposes data in transit to potential interception and security vulnerabilities. The aws_lb_listener is set to HTTP on port 80, and the associated security group allows HTTP traffic from the internet. Implementing HTTPS with SSL certificates is recommended to secure data in transit. Verify that the application can handle HTTPS traffic if SSL termination is added.

Potential Risk of Missing Alerts Due to Unconfigured Alarm Actions in CloudWatch Metric Alarm for High CPU Utilization ❗Medium Open Risk ↗
The proposed changes involve creating a CloudWatch metric alarm for high CPU utilization with a threshold of 80 and a period of 300 seconds. However, the alarm actions are not explicitly defined, as indicated by the '(known after apply)' status. This lack of explicit configuration means that alerts may not be sent if the alarm actions are not properly set up post-deployment. Additionally, while an SNS topic 'aws_sns_topic.alerts' is created, it is not explicitly linked to the alarm actions, further increasing the risk of alerts not being delivered.

Potential Deployment Issues Due to ECS Cluster Capacity Constraints ❗Medium Open Risk ↗
The ECS service is configured with a desired count of 3 and a deployment minimum healthy percent of 100. This configuration could lead to deployment issues if the ECS cluster lacks sufficient capacity to maintain all tasks during updates. It is recommended to verify the current capacity of the ECS cluster to ensure it can handle this configuration without service disruption.

Potential ECS Task Execution Failures Due to Inadequate IAM Role Permissions ❗Medium Open Risk ↗
The IAM roles for ECS execution and task roles are tagged with a critical risk level, indicating the importance of verifying permissions. If these roles lack necessary permissions, ECS tasks may fail to execute properly, leading to potential service disruptions. The attached policy, AmazonECSTaskExecutionRolePolicy, should be reviewed to ensure it covers all required permissions for ECS task execution.

Potential Data Loss Due to Short Log Retention Period ❗Medium Open Risk ↗
The proposed creation of an aws_cloudwatch_log_group with a retention period of 1 day presents a potential risk of data loss if logs are required for longer-term analysis or compliance. The absence of information regarding compliance requirements or alternative log storage solutions increases the uncertainty of this risk. It is recommended to verify if the retention period aligns with organizational policies and consider implementing longer-term storage solutions if necessary.

Potential Data Exposure Due to Unencrypted SNS Topic Messages ❗Medium Open Risk ↗
The proposed SNS topic for alerts does not have a KMS key configured (kms_master_key_id is null). This lack of encryption could lead to sensitive data being exposed if encryption is required for compliance or security. It is important to verify if encryption is necessary for the data being transmitted and configure a KMS key accordingly to mitigate this risk.

Risk of Missed Alerts Due to Misconfigured Log Group Names ❗Medium Open Risk ↗
The proposed change involves creating a CloudWatch Log Group and a Log Metric Filter to capture Java OutOfMemoryError events. However, both the log group and the metric filter have their names set to 'known after apply', indicating they are not explicitly defined. This creates a risk that the metric filter may not be associated with the correct log group, leading to missed alerts for Java OutOfMemoryError events. It is crucial to ensure that the log group name matches the expected log group where these errors are logged. Verification steps should include checking the actual log group name post-deployment to ensure it aligns with the metric filter configuration.

🟣 Expected Changes

Note

No expected changes found.

🟠 Unmapped Changes

+ aws_cloudwatch_log_group › module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_group.app[0] 
--- current
+++ proposed
@@ -0,0 +1,15 @@
+type: aws_cloudwatch_log_group
+id: github.com/overmindtech/terraform-example.aws_cloudwatch_log_group.module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_group.app[0]
+attributes:
+  arn: (known after apply)
+  id: (known after apply)
+  kms_key_id: null
+  log_group_class: (known after apply)
+  name: (known after apply)
+  name_prefix: (known after apply)
+  retention_in_days: 1
+  skip_destroy: false
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_group.app[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_group.app[0]
+ aws_cloudwatch_log_metric_filter › module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_metric_filter.memory_pressure[0] 
--- current
+++ proposed
@@ -0,0 +1,16 @@
+type: aws_cloudwatch_log_metric_filter
+id: github.com/overmindtech/terraform-example.aws_cloudwatch_log_metric_filter.module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_metric_filter.memory_pressure[0]
+attributes:
+  id: (known after apply)
+  log_group_name: (known after apply)
+  metric_transformation:
+    - default_value: null
+      dimensions: null
+      name: JavaOOMErrors
+      namespace: MemoryOptimization/Demo
+      unit: None
+      value: "1"
+  name: (known after apply)
+  pattern: '[timestamp, requestId, level="ERROR", message="*OutOfMemoryError*"]'
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_metric_filter.memory_pressure[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_metric_filter.memory_pressure[0]
+ aws_cloudwatch_metric_alarm › module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_cpu_utilization[0] 
--- current
+++ proposed
@@ -0,0 +1,29 @@
+type: aws_cloudwatch_metric_alarm
+id: github.com/overmindtech/terraform-example.aws_cloudwatch_metric_alarm.module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_cpu_utilization[0]
+attributes:
+  actions_enabled: true
+  alarm_actions: (known after apply)
+  alarm_description: This metric monitors ECS CPU utilization - will spike when JVM struggles with insufficient memory
+  alarm_name: (known after apply)
+  arn: (known after apply)
+  comparison_operator: GreaterThanThreshold
+  datapoints_to_alarm: null
+  dimensions: (known after apply)
+  evaluate_low_sample_count_percentiles: (known after apply)
+  evaluation_periods: 3
+  extended_statistic: null
+  id: (known after apply)
+  insufficient_data_actions: null
+  metric_name: CPUUtilization
+  namespace: AWS/ECS
+  ok_actions: null
+  period: 300
+  statistic: Average
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_cpu_utilization[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_cpu_utilization[0]
+  threshold: 80
+  threshold_metric_id: null
+  treat_missing_data: missing
+  unit: null
+ aws_cloudwatch_metric_alarm › module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_memory_utilization[0] 
--- current
+++ proposed
@@ -0,0 +1,29 @@
+type: aws_cloudwatch_metric_alarm
+id: github.com/overmindtech/terraform-example.aws_cloudwatch_metric_alarm.module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_memory_utilization[0]
+attributes:
+  actions_enabled: true
+  alarm_actions: (known after apply)
+  alarm_description: This metric monitors ECS memory utilization - WILL FIRE when containers run out of memory
+  alarm_name: (known after apply)
+  arn: (known after apply)
+  comparison_operator: GreaterThanThreshold
+  datapoints_to_alarm: null
+  dimensions: (known after apply)
+  evaluate_low_sample_count_percentiles: (known after apply)
+  evaluation_periods: 2
+  extended_statistic: null
+  id: (known after apply)
+  insufficient_data_actions: null
+  metric_name: MemoryUtilization
+  namespace: AWS/ECS
+  ok_actions: (known after apply)
+  period: 300
+  statistic: Average
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_memory_utilization[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_memory_utilization[0]
+  threshold: 80
+  threshold_metric_id: null
+  treat_missing_data: missing
+  unit: null
+ aws_cloudwatch_metric_alarm › module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.low_task_count[0] 
--- current
+++ proposed
@@ -0,0 +1,29 @@
+type: aws_cloudwatch_metric_alarm
+id: github.com/overmindtech/terraform-example.aws_cloudwatch_metric_alarm.module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.low_task_count[0]
+attributes:
+  actions_enabled: true
+  alarm_actions: (known after apply)
+  alarm_description: This metric monitors ECS running task count - WILL FIRE when containers crash due to OOM
+  alarm_name: (known after apply)
+  arn: (known after apply)
+  comparison_operator: LessThanThreshold
+  datapoints_to_alarm: null
+  dimensions: (known after apply)
+  evaluate_low_sample_count_percentiles: (known after apply)
+  evaluation_periods: 2
+  extended_statistic: null
+  id: (known after apply)
+  insufficient_data_actions: null
+  metric_name: RunningTaskCount
+  namespace: AWS/ECS
+  ok_actions: (known after apply)
+  period: 300
+  statistic: Average
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.low_task_count[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.low_task_count[0]
+  threshold: 2.4
+  threshold_metric_id: null
+  treat_missing_data: missing
+  unit: null
+ aws_cloudwatch_metric_alarm › module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.unhealthy_targets[0] 
--- current
+++ proposed
@@ -0,0 +1,29 @@
+type: aws_cloudwatch_metric_alarm
+id: github.com/overmindtech/terraform-example.aws_cloudwatch_metric_alarm.module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.unhealthy_targets[0]
+attributes:
+  actions_enabled: true
+  alarm_actions: (known after apply)
+  alarm_description: This metric monitors ALB unhealthy targets - will fire when containers become unresponsive
+  alarm_name: (known after apply)
+  arn: (known after apply)
+  comparison_operator: GreaterThanThreshold
+  datapoints_to_alarm: null
+  dimensions: (known after apply)
+  evaluate_low_sample_count_percentiles: (known after apply)
+  evaluation_periods: 2
+  extended_statistic: null
+  id: (known after apply)
+  insufficient_data_actions: null
+  metric_name: UnHealthyHostCount
+  namespace: AWS/ApplicationELB
+  ok_actions: null
+  period: 60
+  statistic: Average
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.unhealthy_targets[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.unhealthy_targets[0]
+  threshold: 0
+  threshold_metric_id: null
+  treat_missing_data: missing
+  unit: null
+ aws_cloudwatch_query_definition › module.scenarios[0].module.memory_optimization.aws_cloudwatch_query_definition.oom_events[0] 
--- current
+++ proposed
@@ -0,0 +1,14 @@
+type: aws_cloudwatch_query_definition
+id: github.com/overmindtech/terraform-example.aws_cloudwatch_query_definition.module.scenarios[0].module.memory_optimization.aws_cloudwatch_query_definition.oom_events[0]
+attributes:
+  id: (known after apply)
+  log_group_names: (known after apply)
+  name: (known after apply)
+  query_definition_id: (known after apply)
+  query_string: |
+    fields @timestamp, @message
+    | filter @message like /OutOfMemoryError/
+    | sort @timestamp desc
+    | limit 100
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_query_definition.oom_events[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_cloudwatch_query_definition.oom_events[0]
+ aws_ecs_cluster › module.scenarios[0].module.memory_optimization.aws_ecs_cluster.main[0] 
--- current
+++ proposed
@@ -0,0 +1,13 @@
+type: aws_ecs_cluster
+id: github.com/overmindtech/terraform-example.aws_ecs_cluster.module.scenarios[0].module.memory_optimization.aws_ecs_cluster.main[0]
+attributes:
+  arn: (known after apply)
+  id: (known after apply)
+  name: (known after apply)
+  setting:
+    - name: containerInsights
+      value: disabled
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_ecs_cluster.main[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_ecs_cluster.main[0]
+ aws_ecs_service › module.scenarios[0].module.memory_optimization.aws_ecs_service.app[0] 
--- current
+++ proposed
@@ -0,0 +1,43 @@
+type: aws_ecs_service
+id: github.com/overmindtech/terraform-example.aws_ecs_service.module.scenarios[0].module.memory_optimization.aws_ecs_service.app[0]
+attributes:
+  availability_zone_rebalancing: DISABLED
+  cluster: (known after apply)
+  deployment_circuit_breaker:
+    - enable: false
+      rollback: false
+  deployment_controller:
+    - type: ECS
+  deployment_maximum_percent: 200
+  deployment_minimum_healthy_percent: 100
+  desired_count: 3
+  enable_ecs_managed_tags: false
+  enable_execute_command: false
+  force_delete: null
+  force_new_deployment: null
+  health_check_grace_period_seconds: null
+  iam_role: (known after apply)
+  id: (known after apply)
+  launch_type: FARGATE
+  load_balancer:
+    - container_name: tomcat-app
+      container_port: 8080
+      target_group_arn: (known after apply)
+  name: (known after apply)
+  network_configuration:
+    - assign_public_ip: true
+      security_groups: (known after apply)
+      subnets:
+        - subnet-016bfadacc9c60bfc
+        - subnet-0b805a32f5d7f0c7b
+  platform_version: (known after apply)
+  propagate_tags: null
+  scheduling_strategy: REPLICA
+  tags: (known after apply)
+  tags_all: (known after apply)
+  task_definition: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_ecs_service.app[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_ecs_service.app[0]
+  timeouts: null
+  triggers: (known after apply)
+  wait_for_steady_state: false
+ aws_ecs_task_definition › module.scenarios[0].module.memory_optimization.aws_ecs_task_definition.app[0] 
--- current
+++ proposed
@@ -0,0 +1,25 @@
+type: aws_ecs_task_definition
+id: github.com/overmindtech/terraform-example.aws_ecs_task_definition.module.scenarios[0].module.memory_optimization.aws_ecs_task_definition.app[0]
+attributes:
+  arn: (known after apply)
+  arn_without_revision: (known after apply)
+  container_definitions: (known after apply)
+  cpu: "512"
+  enable_fault_injection: (known after apply)
+  execution_role_arn: (known after apply)
+  family: (known after apply)
+  id: (known after apply)
+  ipc_mode: null
+  memory: "1024"
+  network_mode: awsvpc
+  pid_mode: null
+  requires_compatibilities:
+    - FARGATE
+  revision: (known after apply)
+  skip_destroy: false
+  tags: (known after apply)
+  tags_all: (known after apply)
+  task_role_arn: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_ecs_task_definition.app[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_ecs_task_definition.app[0]
+  track_latest: false
+ aws_iam_role › module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_execution_role[0] 
--- current
+++ proposed
@@ -0,0 +1,47 @@
+type: aws_iam_role
+id: github.com/overmindtech/terraform-example.aws_iam_role.module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_execution_role[0]
+attributes:
+  arn: (known after apply)
+  assume_role_policy: '{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"ecs-tasks.amazonaws.com"}}],"Version":"2012-10-17"}'
+  create_date: (known after apply)
+  description: null
+  force_detach_policies: false
+  id: (known after apply)
+  inline_policy: (known after apply)
+  managed_policy_arns: (known after apply)
+  max_session_duration: 3600
+  name: (known after apply)
+  name_prefix: (known after apply)
+  path: /
+  permissions_boundary: null
+  tags:
+    CreatedBy: terraform
+    Environment: demo
+    Project: memory-optimization-trap
+    Purpose: demonstrate-hidden-risks
+    Scenario: friday-afternoon-optimization
+    demo:current-memory: 1024MB
+    demo:days-until-black-friday: "7"
+    demo:java-heap-size: 1536MB
+    demo:last-memory-change: 423 days ago
+    demo:monthly-savings: ${local.monthly_savings}
+    demo:required-total-memory: 1792MB
+    demo:risk-level: CRITICAL
+    demo:will-optimization-work: "false"
+  tags_all:
+    CreatedBy: terraform
+    Environment: demo
+    Project: memory-optimization-trap
+    Purpose: demonstrate-hidden-risks
+    Scenario: friday-afternoon-optimization
+    demo:current-memory: 1024MB
+    demo:days-until-black-friday: "7"
+    demo:java-heap-size: 1536MB
+    demo:last-memory-change: 423 days ago
+    demo:monthly-savings: ${local.monthly_savings}
+    demo:required-total-memory: 1792MB
+    demo:risk-level: CRITICAL
+    demo:will-optimization-work: "false"
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_execution_role[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_execution_role[0]
+  unique_id: (known after apply)
+ aws_iam_role › module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_task_role[0] 
--- current
+++ proposed
@@ -0,0 +1,47 @@
+type: aws_iam_role
+id: github.com/overmindtech/terraform-example.aws_iam_role.module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_task_role[0]
+attributes:
+  arn: (known after apply)
+  assume_role_policy: '{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"ecs-tasks.amazonaws.com"}}],"Version":"2012-10-17"}'
+  create_date: (known after apply)
+  description: null
+  force_detach_policies: false
+  id: (known after apply)
+  inline_policy: (known after apply)
+  managed_policy_arns: (known after apply)
+  max_session_duration: 3600
+  name: (known after apply)
+  name_prefix: (known after apply)
+  path: /
+  permissions_boundary: null
+  tags:
+    CreatedBy: terraform
+    Environment: demo
+    Project: memory-optimization-trap
+    Purpose: demonstrate-hidden-risks
+    Scenario: friday-afternoon-optimization
+    demo:current-memory: 1024MB
+    demo:days-until-black-friday: "7"
+    demo:java-heap-size: 1536MB
+    demo:last-memory-change: 423 days ago
+    demo:monthly-savings: ${local.monthly_savings}
+    demo:required-total-memory: 1792MB
+    demo:risk-level: CRITICAL
+    demo:will-optimization-work: "false"
+  tags_all:
+    CreatedBy: terraform
+    Environment: demo
+    Project: memory-optimization-trap
+    Purpose: demonstrate-hidden-risks
+    Scenario: friday-afternoon-optimization
+    demo:current-memory: 1024MB
+    demo:days-until-black-friday: "7"
+    demo:java-heap-size: 1536MB
+    demo:last-memory-change: 423 days ago
+    demo:monthly-savings: ${local.monthly_savings}
+    demo:required-total-memory: 1792MB
+    demo:risk-level: CRITICAL
+    demo:will-optimization-work: "false"
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_task_role[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_task_role[0]
+  unique_id: (known after apply)
+ aws_iam_role_policy_attachment › module.scenarios[0].module.memory_optimization.aws_iam_role_policy_attachment.ecs_execution_role_policy[0] 
--- current
+++ proposed
@@ -0,0 +1,8 @@
+type: aws_iam_role_policy_attachment
+id: github.com/overmindtech/terraform-example.aws_iam_role_policy_attachment.module.scenarios[0].module.memory_optimization.aws_iam_role_policy_attachment.ecs_execution_role_policy[0]
+attributes:
+  id: (known after apply)
+  policy_arn: arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy
+  role: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_iam_role_policy_attachment.ecs_execution_role_policy[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_iam_role_policy_attachment.ecs_execution_role_policy[0]
+ aws_lb › module.scenarios[0].module.memory_optimization.aws_lb.app[0] 
--- current
+++ proposed
@@ -0,0 +1,40 @@
+type: aws_lb
+id: github.com/overmindtech/terraform-example.aws_lb.module.scenarios[0].module.memory_optimization.aws_lb.app[0]
+attributes:
+  arn: (known after apply)
+  arn_suffix: (known after apply)
+  client_keep_alive: 3600
+  customer_owned_ipv4_pool: null
+  desync_mitigation_mode: defensive
+  dns_name: (known after apply)
+  dns_record_client_routing_policy: null
+  drop_invalid_header_fields: false
+  enable_cross_zone_load_balancing: null
+  enable_deletion_protection: false
+  enable_http2: true
+  enable_tls_version_and_cipher_suite_headers: false
+  enable_waf_fail_open: false
+  enable_xff_client_port: false
+  enable_zonal_shift: false
+  enforce_security_group_inbound_rules_on_private_link_traffic: (known after apply)
+  id: (known after apply)
+  idle_timeout: 60
+  internal: false
+  ip_address_type: (known after apply)
+  load_balancer_type: application
+  name: (known after apply)
+  name_prefix: (known after apply)
+  preserve_host_header: false
+  security_groups: (known after apply)
+  subnet_mapping: (known after apply)
+  subnets:
+    - subnet-016bfadacc9c60bfc
+    - subnet-0b805a32f5d7f0c7b
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_lb.app[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_lb.app[0]
+  timeouts: null
+  vpc_id: (known after apply)
+  xff_header_processing_mode: append
+  zone_id: (known after apply)
+ aws_lb_listener › module.scenarios[0].module.memory_optimization.aws_lb_listener.app[0] 
--- current
+++ proposed
@@ -0,0 +1,45 @@
+type: aws_lb_listener
+id: github.com/overmindtech/terraform-example.aws_lb_listener.module.scenarios[0].module.memory_optimization.aws_lb_listener.app[0]
+attributes:
+  alpn_policy: null
+  arn: (known after apply)
+  certificate_arn: null
+  default_action:
+    - forward:
+        - target_group:
+            - arn: (known after apply)
+              weight: 1
+      order: (known after apply)
+      target_group_arn: null
+      type: forward
+  id: (known after apply)
+  load_balancer_arn: (known after apply)
+  mutual_authentication: (known after apply)
+  port: 80
+  protocol: HTTP
+  routing_http_request_x_amzn_mtls_clientcert_header_name: (known after apply)
+  routing_http_request_x_amzn_mtls_clientcert_issuer_header_name: (known after apply)
+  routing_http_request_x_amzn_mtls_clientcert_leaf_header_name: (known after apply)
+  routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name: (known after apply)
+  routing_http_request_x_amzn_mtls_clientcert_subject_header_name: (known after apply)
+  routing_http_request_x_amzn_mtls_clientcert_validity_header_name: (known after apply)
+  routing_http_request_x_amzn_tls_cipher_suite_header_name: (known after apply)
+  routing_http_request_x_amzn_tls_version_header_name: (known after apply)
+  routing_http_response_access_control_allow_credentials_header_value: (known after apply)
+  routing_http_response_access_control_allow_headers_header_value: (known after apply)
+  routing_http_response_access_control_allow_methods_header_value: (known after apply)
+  routing_http_response_access_control_allow_origin_header_value: (known after apply)
+  routing_http_response_access_control_expose_headers_header_value: (known after apply)
+  routing_http_response_access_control_max_age_header_value: (known after apply)
+  routing_http_response_content_security_policy_header_value: (known after apply)
+  routing_http_response_server_enabled: (known after apply)
+  routing_http_response_strict_transport_security_header_value: (known after apply)
+  routing_http_response_x_content_type_options_header_value: (known after apply)
+  routing_http_response_x_frame_options_header_value: (known after apply)
+  ssl_policy: (known after apply)
+  tags: (known after apply)
+  tags_all: (known after apply)
+  tcp_idle_timeout_seconds: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_lb_listener.app[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_lb_listener.app[0]
+  timeouts: null
+ aws_lb_target_group › module.scenarios[0].module.memory_optimization.aws_lb_target_group.app[0] 
--- current
+++ proposed
@@ -0,0 +1,42 @@
+type: aws_lb_target_group
+id: github.com/overmindtech/terraform-example.aws_lb_target_group.module.scenarios[0].module.memory_optimization.aws_lb_target_group.app[0]
+attributes:
+  arn: (known after apply)
+  arn_suffix: (known after apply)
+  connection_termination: (known after apply)
+  deregistration_delay: "5"
+  health_check:
+    - enabled: true
+      healthy_threshold: 2
+      interval: 30
+      matcher: "200"
+      path: /
+      port: traffic-port
+      protocol: HTTP
+      timeout: 5
+      unhealthy_threshold: 2
+  id: (known after apply)
+  ip_address_type: (known after apply)
+  lambda_multi_value_headers_enabled: false
+  load_balancer_arns: (known after apply)
+  load_balancing_algorithm_type: (known after apply)
+  load_balancing_anomaly_mitigation: (known after apply)
+  load_balancing_cross_zone_enabled: (known after apply)
+  name: (known after apply)
+  name_prefix: (known after apply)
+  port: 8080
+  preserve_client_ip: (known after apply)
+  protocol: HTTP
+  protocol_version: (known after apply)
+  proxy_protocol_v2: false
+  slow_start: 0
+  stickiness: (known after apply)
+  tags: (known after apply)
+  tags_all: (known after apply)
+  target_failover: (known after apply)
+  target_group_health: (known after apply)
+  target_health_state: (known after apply)
+  target_type: ip
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_lb_target_group.app[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_lb_target_group.app[0]
+  vpc_id: vpc-0f4ddbf8c33e5c725
+ aws_security_group › module.scenarios[0].module.memory_optimization.aws_security_group.alb[0] 
--- current
+++ proposed
@@ -0,0 +1,32 @@
+type: aws_security_group
+id: github.com/overmindtech/terraform-example.aws_security_group.module.scenarios[0].module.memory_optimization.aws_security_group.alb[0]
+attributes:
+  arn: (known after apply)
+  description: Security group for ALB - allows public HTTP access
+  egress:
+    - cidr_blocks:
+        - 0.0.0.0/0
+      description: All outbound traffic
+      from_port: 0
+      protocol: "-1"
+      self: false
+      to_port: 0
+  id: (known after apply)
+  ingress:
+    - cidr_blocks:
+        - 0.0.0.0/0
+      description: HTTP from internet
+      from_port: 80
+      protocol: tcp
+      self: false
+      to_port: 80
+  name: (known after apply)
+  name_prefix: (known after apply)
+  owner_id: (known after apply)
+  revoke_rules_on_delete: false
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_security_group.alb[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_security_group.alb[0]
+  timeouts: null
+  vpc_id: vpc-0f4ddbf8c33e5c725
+ aws_security_group › module.scenarios[0].module.memory_optimization.aws_security_group.ecs_tasks[0] 
--- current
+++ proposed
@@ -0,0 +1,31 @@
+type: aws_security_group
+id: github.com/overmindtech/terraform-example.aws_security_group.module.scenarios[0].module.memory_optimization.aws_security_group.ecs_tasks[0]
+attributes:
+  arn: (known after apply)
+  description: Security group for ECS tasks - allows ALB access
+  egress:
+    - cidr_blocks:
+        - 0.0.0.0/0
+      description: All outbound traffic
+      from_port: 0
+      protocol: "-1"
+      self: false
+      to_port: 0
+  id: (known after apply)
+  ingress:
+    - description: HTTP from ALB
+      from_port: 8080
+      protocol: tcp
+      security_groups: (known after apply)
+      self: false
+      to_port: 8080
+  name: (known after apply)
+  name_prefix: (known after apply)
+  owner_id: (known after apply)
+  revoke_rules_on_delete: false
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_security_group.ecs_tasks[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_security_group.ecs_tasks[0]
+  timeouts: null
+  vpc_id: vpc-0f4ddbf8c33e5c725
+ aws_sns_topic › module.scenarios[0].module.memory_optimization.aws_sns_topic.alerts[0] 
--- current
+++ proposed
@@ -0,0 +1,38 @@
+type: aws_sns_topic
+id: github.com/overmindtech/terraform-example.aws_sns_topic.module.scenarios[0].module.memory_optimization.aws_sns_topic.alerts[0]
+attributes:
+  application_failure_feedback_role_arn: null
+  application_success_feedback_role_arn: null
+  application_success_feedback_sample_rate: null
+  archive_policy: null
+  arn: (known after apply)
+  beginning_archive_time: (known after apply)
+  content_based_deduplication: false
+  delivery_policy: null
+  display_name: null
+  fifo_throughput_scope: (known after apply)
+  fifo_topic: false
+  firehose_failure_feedback_role_arn: null
+  firehose_success_feedback_role_arn: null
+  firehose_success_feedback_sample_rate: null
+  http_failure_feedback_role_arn: null
+  http_success_feedback_role_arn: null
+  http_success_feedback_sample_rate: null
+  id: (known after apply)
+  kms_master_key_id: null
+  lambda_failure_feedback_role_arn: null
+  lambda_success_feedback_role_arn: null
+  lambda_success_feedback_sample_rate: null
+  name: (known after apply)
+  name_prefix: (known after apply)
+  owner: (known after apply)
+  policy: (known after apply)
+  signature_version: (known after apply)
+  sqs_failure_feedback_role_arn: null
+  sqs_success_feedback_role_arn: null
+  sqs_success_feedback_sample_rate: null
+  tags: (known after apply)
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.memory_optimization.aws_sns_topic.alerts[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.aws_sns_topic.alerts[0]
+  tracing_config: (known after apply)
+ random_id › module.scenarios[0].module.memory_optimization.random_id.suffix[0] 
--- current
+++ proposed
@@ -0,0 +1,13 @@
+type: random_id
+id: github.com/overmindtech/terraform-example.random_id.module.scenarios[0].module.memory_optimization.random_id.suffix[0]
+attributes:
+  b64_std: (known after apply)
+  b64_url: (known after apply)
+  byte_length: 4
+  dec: (known after apply)
+  hex: (known after apply)
+  id: (known after apply)
+  keepers: null
+  prefix: null
+  terraform_address: module.scenarios[0].module.memory_optimization.random_id.suffix[0]
+  terraform_name: module.scenarios[0].module.memory_optimization.random_id.suffix[0]

💥 Blast Radius

Items 0

Edges 0

@jameslaneovermind jameslaneovermind merged commit 11c29dd into main Sep 23, 2025
5 checks passed
@jameslaneovermind jameslaneovermind deleted the feature/memory-optimization-cost-savings branch September 23, 2025 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jameslaneovermind