add message size breach scenario #302

omerdemirok · 2025-09-23T21:16:45Z

Add new scenario that enables us to test the sqs lambda integrration.

github-actions · 2025-09-23T21:28:50Z

Open in Overmind ↗

🔴 Change Signals

Routine 🔴 ▇▅▃▂▁ AWS ECS clusters and IAM roles showing first ever modifications, which is unusual compared to typical patterns.
Policies 🔴 ▃▂▁ Multiple S3 buckets and security groups are showing unusual policy violations, including missing required tags and lack of server-side encryption, alongside security groups allowing SSH access from anywhere, which may need review.

View signals ↗

🔥 Risks

Potential Risk of Memory Overconsumption Due to Increased Allocation and Lowered Risk Level ❗Medium Open Risk ↗
The proposed increase in MemoryMB from 1024 to 2048 and the change in RiskLevel from high to low across multiple AWS resources may lead to underestimating the risk of memory overconsumption. The RequiredMemoryMB is set at 1792, which is below the new MemoryMB value, suggesting sufficiency under normal conditions. However, during peak loads or unexpected spikes, actual memory usage may exceed 2048MB, causing performance degradation or failures. The change in RiskLevel to low may lead to inappropriate alarm triggers, delaying responses to memory issues. Without a testing plan or validation procedures, the risk remains unmitigated.

Missing Alarm Actions in CloudWatch Alarm Configuration for Lambda Errors ❗Medium Open Risk ↗
The CloudWatch Alarm 'lambda-errors-terraform-example' is configured to monitor Lambda function errors but lacks specified alarm actions, such as notification channels. This omission means that even if the alarm triggers due to the threshold of 5 errors being exceeded within two evaluation periods, no alerts will be sent. This could lead to delayed responses to issues, potentially affecting system reliability and user experience.

Risk of Message Truncation Due to SQS Queue Size Limit Configuration ❗Medium Open Risk ↗
The SQS Queue 'image-processing-terraform-example' is configured with a max_message_size of 25600 bytes. If messages exceed this size, they may be truncated, leading to data loss or processing errors. There is no evidence that message producers are aware of this limit, which increases the risk of sending oversized messages. It is crucial to ensure that all producers are informed of this constraint and that message sizes are validated before sending to prevent truncation.

Low Risk of Service Disruption Due to ECS Task Definition Memory Increase Low Open Risk ↗
The increase in ECS Task Definition memory from 1024MB to 2048MB could potentially lead to service disruption if the ECS service is not configured with sufficient capacity. However, the updates to CloudWatch alarms, IAM roles, and security groups have been made to accommodate the new memory settings, reducing the likelihood of issues. The alarms have been adjusted to consider the new memory threshold, and IAM roles and security groups have been updated to ensure proper access and security. These measures should prevent false positives and access issues.

Potential Log Data Capture Issue for Lambda Function Low Open Risk ↗
The proposed change involves creating a new CloudWatch Log Group for the Lambda function image-processor-terraform-example. The hypothesis suggests that log data might not be captured if the log group is not correctly configured or if IAM roles lack the necessary permissions. The change includes the creation of a new log group and associated IAM roles and policies.

🟣 Expected Changes

~ cloudwatch-alarm › scenarios--a3ec77f7-high-cpu

--- current
+++ proposed
@@ -27,12 +27,12 @@
     JVMBehavior: CPU-spikes-before-OOM
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     MemoryThrashing: frequent-GC-when-constrained
     Name: scenarios--a3ec77f7-cpu-alarm
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -44,12 +39,12 @@
     JVMBehavior: CPU-spikes-before-OOM
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     MemoryThrashing: frequent-GC-when-constrained
     Name: scenarios--a3ec77f7-cpu-alarm
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_cpu_utilization[0]

~ cloudwatch-alarm › scenarios--a3ec77f7-high-memory

--- current
+++ proposed
@@ -23,5 +23,5 @@
   tags:
     AlarmTrigger: memory-over-80-percent
-    ContainerMemoryMB: "1024"
+    ContainerMemoryMB: "2048"
     CreatedBy: terraform
     DaysUntilBF: "7"
@@ -29,16 +29,16 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-memory-alarm
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
-    WillFireAfterChange: "true"
+    WillFireAfterChange: "false"
   tags_all:
     AlarmTrigger: memory-over-80-percent
-    ContainerMemoryMB: "1024"
+    ContainerMemoryMB: "2048"
     CreatedBy: terraform
     DaysUntilBF: "7"
@@ -46,13 +39,13 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-memory-alarm
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
-    WillFireAfterChange: "true"
+    WillFireAfterChange: "false"
   terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_memory_utilization[0]
   terraform_name: module.scenarios[0].module.memory_optimization.aws_cloudwatch_metric_alarm.high_memory_utilization[0]

~ cloudwatch-alarm › scenarios--a3ec77f7-low-task-count

--- current
+++ proposed
@@ -30,11 +30,11 @@
     ExpectedTasks: "3"
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-task-count-alarm
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     ThresholdTasks: "2.4"
@@ -48,11 +44,11 @@
     ExpectedTasks: "3"
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-task-count-alarm
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     ThresholdTasks: "2.4"

~ cloudwatch-alarm › scenarios--a3ec77f7-unhealthy-targets

--- current
+++ proposed
@@ -27,11 +27,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-unhealthy-targets-alarm
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     RollbackCapability: insufficient
     Scenario: cost-reduction
@@ -45,11 +41,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-unhealthy-targets-alarm
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     RollbackCapability: insufficient
     Scenario: cost-reduction

~ ecs-cluster › scenarios--a3ec77f7-cluster

--- current
+++ proposed
@@ -14,11 +14,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-cluster
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -28,11 +24,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-cluster
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   terraform_address: module.scenarios[0].module.memory_optimization.aws_ecs_cluster.main[0]

+/- ecs-task-definition › scenarios--a3ec77f7-task

--- current
+++ proposed
@@ -2,20 +2,22 @@
 id: github.com/overmindtech/terraform-example.ecs-task-definition.module.scenarios[0].module.memory_optimization.aws_ecs_task_definition.app[0]
 attributes:
-  arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/scenarios--a3ec77f7-task:1
-  arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/scenarios--a3ec77f7-task
-  container_definitions: '[{"environment":[{"name":"CATALINA_OPTS","value":"-Djava.security.egd=file:/dev/./urandom"},{"name":"JAVA_OPTS","value":"-Xmx1536m -Xms1536m -XX:+UseG1GC -XX:MaxGCPauseMillis=200"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","curl -f http://localhost:8080/ || exit 1"],"interval":30,"retries":3,"startPeriod":120,"timeout":5},"image":"tomcat:9-jre11","logConfiguration":{"logDriver":"awslogs","options":{"awslogs-stream-prefix":"ecs","awslogs-group":"/ecs/scenarios--a3ec77f7","awslogs-region":"eu-west-2"}},"memoryReservation":800,"mountPoints":[],"name":"tomcat-app","portMappings":[{"containerPort":8080,"hostPort":8080,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+  arn: (known after apply)
+  arn_without_revision: (known after apply)
+  container_definitions: '[{"environment":[{"name":"CATALINA_OPTS","value":"-Djava.security.egd=file:/dev/./urandom"},{"name":"JAVA_OPTS","value":"-Xmx1536m -Xms1536m -XX:+UseG1GC -XX:MaxGCPauseMillis=200"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","curl -f http://localhost:8080/ || exit 1"],"interval":30,"retries":3,"startPeriod":120,"timeout":5},"image":"tomcat:9-jre11","logConfiguration":{"logDriver":"awslogs","options":{"awslogs-group":"/ecs/scenarios--a3ec77f7","awslogs-region":"eu-west-2","awslogs-stream-prefix":"ecs"}},"memoryReservation":800,"name":"tomcat-app","portMappings":[{"containerPort":8080,"hostPort":8080,"protocol":"tcp"}]}]'
   cpu: "512"
-  enable_fault_injection: false
+  enable_fault_injection: (known after apply)
   execution_role_arn: arn:aws:iam::540044833068:role/scenarios--a3ec77f7-ecs-execution-role
   family: scenarios--a3ec77f7-task
-  id: scenarios--a3ec77f7-task
-  memory: "1024"
+  id: (known after apply)
+  ipc_mode: null
+  memory: "2048"
   network_mode: awsvpc
+  pid_mode: null
   requires_compatibilities:
     - FARGATE
-  revision: 1
+  revision: (known after apply)
   skip_destroy: false
   tags:
-    ContainerMemoryMB: "1024"
+    ContainerMemoryMB: "2048"
     CreatedBy: terraform
     DaysUntilBF: "7"
@@ -24,17 +18,17 @@
     JavaHeapMB: "1536"
     JavaHeapSizeMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     MemoryOptimized: "true"
     MemoryOverheadMB: "256"
     Name: scenarios--a3ec77f7-task
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     TotalRequiredMB: "1792"
   tags_all:
-    ContainerMemoryMB: "1024"
+    ContainerMemoryMB: "2048"
     CreatedBy: terraform
     DaysUntilBF: "7"
@@ -43,13 +28,13 @@
     JavaHeapMB: "1536"
     JavaHeapSizeMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     MemoryOptimized: "true"
     MemoryOverheadMB: "256"
     Name: scenarios--a3ec77f7-task
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     TotalRequiredMB: "1792"

~ iam-role › scenarios--a3ec77f7-ecs-execution-role

--- current
+++ proposed
@@ -17,10 +17,10 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
-    OptimizationWorks: "false"
+    MemoryMB: "2048"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -29,10 +26,10 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
-    OptimizationWorks: "false"
+    MemoryMB: "2048"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   terraform_address: module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_execution_role[0]

~ iam-role › scenarios--a3ec77f7-ecs-task-role

--- current
+++ proposed
@@ -15,10 +15,10 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
-    OptimizationWorks: "false"
+    MemoryMB: "2048"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -27,10 +24,10 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
-    OptimizationWorks: "false"
+    MemoryMB: "2048"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   terraform_address: module.scenarios[0].module.memory_optimization.aws_iam_role.ecs_task_role[0]

~ elbv2-load-balancer › scenarios--a3ec77f7-alb

--- current
+++ proposed
@@ -41,11 +41,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-alb
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     context:black-friday-traffic: 10x normal load expected
@@ -57,11 +53,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-alb
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     context:black-friday-traffic: 10x normal load expected

~ elbv2-listener › arn:aws:elasticloadbalancing:eu-west-2:540044833068:listener/app/scenarios--a3ec77f7-alb/a0268d67b29039c7/af5e943a0e473e91

--- current
+++ proposed
@@ -33,11 +33,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-listener
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -46,11 +42,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-listener
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tcp_idle_timeout_seconds: null

~ elbv2-target-group › scenarios--a3ec77f7-tg

--- current
+++ proposed
@@ -41,11 +41,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-tg
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     risk:black-friday-timing: change 7 days before peak
@@ -58,11 +54,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-tg
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     risk:black-friday-timing: change 7 days before peak

~ ec2-security-group › sg-05d18b768c900a686

--- current
+++ proposed
@@ -30,11 +30,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-alb-sg
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -44,11 +40,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-alb-sg
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   terraform_address: module.scenarios[0].module.memory_optimization.aws_security_group.alb[0]

~ ec2-security-group › sg-0f300b2ad9b497952

--- current
+++ proposed
@@ -30,11 +30,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-ecs-sg
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     warning:containers-affected: 3 containers
@@ -46,11 +42,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-ecs-sg
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
     warning:containers-affected: 3 containers

~ sns-topic › arn:aws:sns:eu-west-2:540044833068:scenarios--a3ec77f7-alerts

--- current
+++ proposed
@@ -21,11 +21,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-alerts
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -35,11 +31,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-alerts
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   terraform_address: module.scenarios[0].module.memory_optimization.aws_sns_topic.alerts[0]

🟠 Unmapped Changes

~ aws_cloudwatch_log_group › module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_group.app[0]

--- current
+++ proposed
@@ -14,11 +14,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-logs
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -28,11 +24,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-logs
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   terraform_address: module.scenarios[0].module.memory_optimization.aws_cloudwatch_log_group.app[0]

~ aws_ecs_service › module.scenarios[0].module.memory_optimization.aws_ecs_service.app[0]

--- current
+++ proposed
@@ -44,11 +44,11 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-service
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
   tags_all:
@@ -61,13 +57,13 @@
     Environment: demo
     JavaHeapMB: "1536"
-    MemoryMB: "1024"
+    MemoryMB: "2048"
     Name: scenarios--a3ec77f7-service
-    OptimizationWorks: "false"
+    OptimizationWorks: "true"
     Project: memory-optimization
     Purpose: production-optimization
     RequiredMemoryMB: "1792"
-    RiskLevel: high
+    RiskLevel: low
     Scenario: cost-reduction
-  task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/scenarios--a3ec77f7-task:1
+  task_definition: (known after apply)
   terraform_address: module.scenarios[0].module.memory_optimization.aws_ecs_service.app[0]
   terraform_name: module.scenarios[0].module.memory_optimization.aws_ecs_service.app[0]

+ aws_cloudwatch_log_group › module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_log_group.lambda_logs

--- current
+++ proposed
@@ -0,0 +1,21 @@
+type: aws_cloudwatch_log_group
+id: github.com/overmindtech/terraform-example.aws_cloudwatch_log_group.module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_log_group.lambda_logs
+attributes:
+  arn: (known after apply)
+  id: (known after apply)
+  kms_key_id: null
+  log_group_class: (known after apply)
+  name: /aws/lambda/image-processor-terraform-example
+  name_prefix: (known after apply)
+  retention_in_days: 14
+  skip_destroy: false
+  tags:
+    Environment: terraform-example
+    Name: Lambda Logs
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: Lambda Logs
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_log_group.lambda_logs
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_log_group.lambda_logs

+ cloudwatch-alarm › module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.lambda_errors

--- current
+++ proposed
@@ -0,0 +1,36 @@
+type: cloudwatch-alarm
+id: github.com/overmindtech/terraform-example.cloudwatch-alarm.module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.lambda_errors
+attributes:
+  actions_enabled: true
+  alarm_actions: null
+  alarm_description: This alarm monitors Lambda function errors
+  alarm_name: lambda-errors-terraform-example
+  arn: (known after apply)
+  comparison_operator: GreaterThanThreshold
+  datapoints_to_alarm: null
+  dimensions:
+    FunctionName: image-processor-terraform-example
+  evaluate_low_sample_count_percentiles: (known after apply)
+  evaluation_periods: 2
+  extended_statistic: null
+  id: (known after apply)
+  insufficient_data_actions: null
+  metric_name: Errors
+  namespace: AWS/Lambda
+  ok_actions: null
+  period: 60
+  statistic: Sum
+  tags:
+    Environment: terraform-example
+    Name: Lambda Errors Alarm
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: Lambda Errors Alarm
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.lambda_errors
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.lambda_errors
+  threshold: 5
+  threshold_metric_id: null
+  treat_missing_data: missing
+  unit: null

+ cloudwatch-alarm › module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.sqs_queue_depth

--- current
+++ proposed
@@ -0,0 +1,36 @@
+type: cloudwatch-alarm
+id: github.com/overmindtech/terraform-example.cloudwatch-alarm.module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.sqs_queue_depth
+attributes:
+  actions_enabled: true
+  alarm_actions: null
+  alarm_description: This alarm monitors SQS queue depth
+  alarm_name: sqs-queue-depth-terraform-example
+  arn: (known after apply)
+  comparison_operator: GreaterThanThreshold
+  datapoints_to_alarm: null
+  dimensions:
+    QueueName: image-processing-terraform-example
+  evaluate_low_sample_count_percentiles: (known after apply)
+  evaluation_periods: 2
+  extended_statistic: null
+  id: (known after apply)
+  insufficient_data_actions: null
+  metric_name: ApproximateNumberOfVisibleMessages
+  namespace: AWS/SQS
+  ok_actions: null
+  period: 60
+  statistic: Average
+  tags:
+    Environment: terraform-example
+    Name: SQS Queue Depth Alarm
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: SQS Queue Depth Alarm
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.sqs_queue_depth
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.sqs_queue_depth
+  threshold: 100
+  threshold_metric_id: null
+  treat_missing_data: missing
+  unit: null

+ aws_iam_role › module.scenarios[0].module.message_size_breach[0].aws_iam_role.lambda_role

--- current
+++ proposed
@@ -0,0 +1,27 @@
+type: aws_iam_role
+id: github.com/overmindtech/terraform-example.aws_iam_role.module.scenarios[0].module.message_size_breach[0].aws_iam_role.lambda_role
+attributes:
+  arn: (known after apply)
+  assume_role_policy: '{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"}'
+  create_date: (known after apply)
+  description: null
+  force_detach_policies: false
+  id: (known after apply)
+  inline_policy: (known after apply)
+  managed_policy_arns: (known after apply)
+  max_session_duration: 3600
+  name: image-processor-lambda-role-terraform-example
+  name_prefix: (known after apply)
+  path: /
+  permissions_boundary: null
+  tags:
+    Environment: terraform-example
+    Name: Lambda Execution Role
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: Lambda Execution Role
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_iam_role.lambda_role
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_iam_role.lambda_role
+  unique_id: (known after apply)

+ aws_iam_role_policy › module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy.lambda_logs_policy

--- current
+++ proposed
@@ -0,0 +1,10 @@
+type: aws_iam_role_policy
+id: github.com/overmindtech/terraform-example.aws_iam_role_policy.module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy.lambda_logs_policy
+attributes:
+  id: (known after apply)
+  name: lambda-logs-policy-terraform-example
+  name_prefix: (known after apply)
+  policy: (known after apply)
+  role: (known after apply)
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy.lambda_logs_policy
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy.lambda_logs_policy

+ aws_iam_role_policy_attachment › module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_basic_execution

--- current
+++ proposed
@@ -0,0 +1,8 @@
+type: aws_iam_role_policy_attachment
+id: github.com/overmindtech/terraform-example.aws_iam_role_policy_attachment.module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_basic_execution
+attributes:
+  id: (known after apply)
+  policy_arn: arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
+  role: image-processor-lambda-role-terraform-example
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_basic_execution
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_basic_execution

+ aws_iam_role_policy_attachment › module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_sqs_policy

--- current
+++ proposed
@@ -0,0 +1,8 @@
+type: aws_iam_role_policy_attachment
+id: github.com/overmindtech/terraform-example.aws_iam_role_policy_attachment.module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_sqs_policy
+attributes:
+  id: (known after apply)
+  policy_arn: arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole
+  role: image-processor-lambda-role-terraform-example
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_sqs_policy
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_sqs_policy

+ aws_lambda_event_source_mapping › module.scenarios[0].module.message_size_breach[0].aws_lambda_event_source_mapping.sqs_trigger

--- current
+++ proposed
@@ -0,0 +1,33 @@
+type: aws_lambda_event_source_mapping
+id: github.com/overmindtech/terraform-example.aws_lambda_event_source_mapping.module.scenarios[0].module.message_size_breach[0].aws_lambda_event_source_mapping.sqs_trigger
+attributes:
+  amazon_managed_kafka_event_source_config: (known after apply)
+  arn: (known after apply)
+  batch_size: 10
+  bisect_batch_on_function_error: null
+  enabled: true
+  event_source_arn: (known after apply)
+  function_arn: (known after apply)
+  function_name: (known after apply)
+  function_response_types: null
+  id: (known after apply)
+  kms_key_arn: null
+  last_modified: (known after apply)
+  last_processing_result: (known after apply)
+  maximum_batching_window_in_seconds: 5
+  maximum_record_age_in_seconds: (known after apply)
+  maximum_retry_attempts: 3
+  parallelization_factor: (known after apply)
+  queues: null
+  self_managed_kafka_event_source_config: (known after apply)
+  starting_position: null
+  starting_position_timestamp: null
+  state: (known after apply)
+  state_transition_reason: (known after apply)
+  tags: null
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_lambda_event_source_mapping.sqs_trigger
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_lambda_event_source_mapping.sqs_trigger
+  topics: null
+  tumbling_window_in_seconds: null
+  uuid: (known after apply)

+ aws_lambda_function › module.scenarios[0].module.message_size_breach[0].aws_lambda_function.image_processor

--- current
+++ proposed
@@ -0,0 +1,51 @@
+type: aws_lambda_function
+id: github.com/overmindtech/terraform-example.aws_lambda_function.module.scenarios[0].module.message_size_breach[0].aws_lambda_function.image_processor
+attributes:
+  architectures: (known after apply)
+  arn: (known after apply)
+  code_sha256: (known after apply)
+  code_signing_config_arn: null
+  description: null
+  ephemeral_storage: (known after apply)
+  filename: modules/scenarios/message-size-breach/lambda_function.zip
+  function_name: image-processor-terraform-example
+  handler: lambda_function.lambda_handler
+  id: (known after apply)
+  image_uri: null
+  invoke_arn: (known after apply)
+  kms_key_arn: null
+  last_modified: (known after apply)
+  layers: null
+  logging_config: (known after apply)
+  memory_size: 1024
+  package_type: Zip
+  publish: false
+  qualified_arn: (known after apply)
+  qualified_invoke_arn: (known after apply)
+  replace_security_groups_on_destroy: null
+  replacement_security_group_ids: null
+  reserved_concurrent_executions: -1
+  role: (known after apply)
+  runtime: python3.9
+  s3_bucket: null
+  s3_key: null
+  s3_object_version: null
+  signing_job_arn: (known after apply)
+  signing_profile_version_arn: (known after apply)
+  skip_destroy: false
+  source_code_hash: rrn+1CWcexaae0keBGoEcCpBmkcaNmgEH2ENhWA4OMM=
+  source_code_size: (known after apply)
+  tags:
+    Environment: terraform-example
+    Name: Image Processor
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: Image Processor
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_lambda_function.image_processor
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_lambda_function.image_processor
+  timeout: 180
+  timeouts: null
+  tracing_config: (known after apply)
+  version: (known after apply)

+ aws_sqs_queue › module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_dlq

--- current
+++ proposed
@@ -0,0 +1,34 @@
+type: aws_sqs_queue
+id: github.com/overmindtech/terraform-example.aws_sqs_queue.module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_dlq
+attributes:
+  arn: (known after apply)
+  content_based_deduplication: false
+  deduplication_scope: (known after apply)
+  delay_seconds: 0
+  fifo_queue: false
+  fifo_throughput_limit: (known after apply)
+  id: (known after apply)
+  kms_data_key_reuse_period_seconds: (known after apply)
+  kms_master_key_id: null
+  max_message_size: 262144
+  message_retention_seconds: 1.2096e+06
+  name: image-processing-dlq-terraform-example
+  name_prefix: (known after apply)
+  policy: (known after apply)
+  receive_wait_time_seconds: 0
+  redrive_allow_policy: (known after apply)
+  redrive_policy: (known after apply)
+  sqs_managed_sse_enabled: (known after apply)
+  tags:
+    Environment: terraform-example
+    Name: Image Processing DLQ
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: Image Processing DLQ
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_dlq
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_dlq
+  timeouts: null
+  url: (known after apply)
+  visibility_timeout_seconds: 30

+ aws_sqs_queue › module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_queue

--- current
+++ proposed
@@ -0,0 +1,34 @@
+type: aws_sqs_queue
+id: github.com/overmindtech/terraform-example.aws_sqs_queue.module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_queue
+attributes:
+  arn: (known after apply)
+  content_based_deduplication: false
+  deduplication_scope: (known after apply)
+  delay_seconds: 0
+  fifo_queue: false
+  fifo_throughput_limit: (known after apply)
+  id: (known after apply)
+  kms_data_key_reuse_period_seconds: (known after apply)
+  kms_master_key_id: null
+  max_message_size: 25600
+  message_retention_seconds: 1.2096e+06
+  name: image-processing-terraform-example
+  name_prefix: (known after apply)
+  policy: (known after apply)
+  receive_wait_time_seconds: 20
+  redrive_allow_policy: (known after apply)
+  redrive_policy: (known after apply)
+  sqs_managed_sse_enabled: (known after apply)
+  tags:
+    Environment: terraform-example
+    Name: Image Processing Queue
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: Image Processing Queue
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_queue
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_queue
+  timeouts: null
+  url: (known after apply)
+  visibility_timeout_seconds: 30

💥 Blast Radius

Items 36

Edges 38

omerdemirok self-assigned this Sep 23, 2025

omerdemirok force-pushed the message-size-breach branch from 4b6ed12 to 4f29d43 Compare September 23, 2025 21:19

add message size breach scenario

8a8355b

omerdemirok force-pushed the message-size-breach branch from 4f29d43 to 8a8355b Compare September 23, 2025 21:30

omerdemirok merged commit 04b45ea into main Sep 23, 2025
5 checks passed

omerdemirok deleted the message-size-breach branch September 23, 2025 21:41

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

add message size breach scenario #302

add message size breach scenario #302

Uh oh!

omerdemirok commented Sep 23, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Sep 23, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

add message size breach scenario #302

add message size breach scenario #302

Uh oh!

Conversation

omerdemirok commented Sep 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Sep 23, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Open in Overmind ↗

🔴 Change Signals

🔥 Risks

🟣 Expected Changes

🟠 Unmapped Changes

💥 Blast Radius

Uh oh!

Uh oh!

Uh oh!

omerdemirok commented Sep 23, 2025 •

edited

Loading

github-actions bot commented Sep 23, 2025 •

edited

Loading