feat: create new oonith ecs_cluster #30

DecFox · 2024-03-19T09:59:37Z

This diff creates a new AWS ecs cluster (oonith-ecs-cluster) using the ecs_cluster module

Part of #29

tf/environments/dev/main.tf

github-actions · 2024-03-20T18:28:58Z

Terraform Run Output 🤖

Format and Style 🖌`failure`

Initialization ⚙️`success`

Validation 🤖`success`

Validation Output


$ terraform validate
Success! The configuration is valid.

Plan 📖`success`

Plan: 10 to add, 1 to change, 0 to destroy.

Show Plan


$ terraform plan
Acquiring state lock. This may take a few moments...
module.ansible_inventory.local_file.ansible_inventory: Refreshing state... [id=b6de844ed8d384f890fa6f467502390de843f758]
module.adm_iam_roles.tls_private_key.oonidevops: Refreshing state... [id=b49a9fdb9f720320340226016efe24808dd68203]
random_id.artifact_id: Refreshing state... [id=8Ujqew]
random_password.jwt_secret: Refreshing state... [id=none]
random_password.prometheus_metrics_password: Refreshing state... [id=none]
module.ansible_inventory.null_resource.ansible_update_known_hosts: Refreshing state... [id=236461505953331670]
module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
module.ooniapi_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/ooniapi-ecs-cluster]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniauth]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Reading...
aws_secretsmanager_secret.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ]
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Reading...
aws_s3_bucket.ooniapi_codepipeline_bucket: Refreshing state... [id=codepipeline-ooniapi-eu-central-1-f148ea7b]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
module.ooniapi_oonirun.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role]
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Read complete after 0s [id=2785224313]
module.ooniapi_user.aws_iam_user.ooniapi: Refreshing state... [id=oonidevops-ooniapi]
aws_secretsmanager_secret.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
aws_secretsmanager_secret.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw]
module.ooniapi_ooniauth.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role]
data.aws_availability_zones.available: Reading...
module.adm_iam_roles.aws_key_pair.oonidevops: Refreshing state... [id=oonidevops]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 0s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
module.ooniapi_oonirun.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/879f6ecd-9260-489a-a120-a578677fe254]
module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current: Reading...
module.oonith_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 1s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
module.adm_iam_roles.aws_secretsmanager_secret.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt]
module.ooniapi_user.aws_ses_email_identity.ooniapi: Refreshing state... [id=admin+dev@ooni.org]
module.ooniapi_cluster.aws_iam_role.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role]
module.ooniapi_ooniauth.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniauth]
module.oonidevops_github_user.aws_iam_policy.oonidevops_github: Refreshing state... [id=arn:aws:iam::905418398257:policy/oonidevops-github-policy]
module.ooniapi_frontend.aws_acm_certificate.ooniapi: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/c5a662a8-8373-46ed-b2f6-73582b0f01c2]
module.adm_iam_roles.aws_iam_policy.oonidevops: Refreshing state... [id=arn:aws:iam::905418398257:policy/OONIDevopsPolicy]
module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current: Reading...
data.aws_availability_zones.available: Read complete after 1s [id=eu-central-1]
module.ooniapi_user.aws_secretsmanager_secret.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Reading...
module.oonidevops_github_user.aws_secretsmanager_secret.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd]
module.ooniapi_user.aws_secretsmanager_secret.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx]
module.ooniapi_ooniauth.aws_acm_certificate.ooniapi_service: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/2202d88a-dd01-478d-af5c-e71ed70817c3]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Read complete after 0s [id=/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id]
module.oonidevops_github_user.aws_iam_user.oonidevops_github: Refreshing state... [id=oonidevops-github]
module.ooniapi_oonirun.data.aws_ecs_task_definition.ooniapi_service_current: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonirun-td:14]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_oonirun_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonirun]
module.ooniapi_oonirun.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonirun]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_ooniauth_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniauth]
module.ooniapi_user.aws_iam_access_key.ooniapi: Refreshing state... [id=AKIA5FTZELIYSK2XEVOT]
module.ooniapi_ooniauth.data.aws_ecs_task_definition.ooniapi_service_current: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniauth-td:11]
module.ooniapi_user.aws_iam_user_policy.ooniapi: Refreshing state... [id=oonidevops-ooniapi:oonidevops-ooniapi-policy]
module.ooniapi_oonirun.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role:ooniapi-service-oonirun-task-role]
aws_secretsmanager_secret_version.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS|terraform-20240310182536838400000005]
module.ooniapi_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/ooniapi-ecs-cluster]
module.ooniapi_ooniauth.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role:ooniapi-service-ooniauth-task-role]
aws_secretsmanager_secret_version.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|terraform-20240314200140936700000008]
module.adm_iam_roles.aws_secretsmanager_secret_version.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key/ssh_key_private-J5OsZt|terraform-20240310164138349500000001]
module.ooniapi_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=ooniapi-ecs-cluster]
module.ooniapi_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role:ooniapi-ecs-cluster-instance-role-policy]
module.adm_iam_roles.aws_iam_role.oonidevops: Refreshing state... [id=oonidevops]
module.oonidevops_github_user.aws_iam_access_key.oonidevops_github: Refreshing state... [id=AKIA5FTZELIY7OIFEQBN]
module.oonidevops_github_user.aws_iam_user_policy_attachment.oonidevops_github: Refreshing state... [id=oonidevops-github-20240313195612421500000001]
module.ooniapi_oonirun.aws_route53_record.ooniapi_service_validation["oonirun.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__2eedf4cd60d6661d37cc36317849f2a4.oonirun.api.dev.ooni.io._CNAME]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr|terraform-20240314200140914600000006]
module.ooniapi_oonirun_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonirun]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx|terraform-20240314200140918400000007]
module.ooniapi_frontend.aws_route53_record.ooniapi_cert_validation["api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME]
module.ooniapi_ooniauth.aws_route53_record.ooniapi_service_validation["ooniauth.api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__e8e7f4bd29329533805dd684fb3c1cf5.ooniauth.api.dev.ooni.io._CNAME]
module.oonidevops_github_user.aws_secretsmanager_secret_version.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd|terraform-20240313203054132800000001]
aws_codestarconnections_connection.oonidevops: Refreshing state... [id=arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528]
module.oonipg.random_password.pg_password: Refreshing state... [id=none]
module.terraform_state_backend.data.aws_region.current: Reading...
module.terraform_state_backend.data.aws_region.current: Read complete after 0s [id=eu-central-1]
module.oonipg.aws_secretsmanager_secret.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC]
module.network.aws_vpc.main: Refreshing state... [id=vpc-0e382f3ad89286de9]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Reading...
module.terraform_state_backend.aws_s3_bucket.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0]: Read complete after 0s [id=2666303363]
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Reading...
module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0]: Read complete after 0s [id=2666303363]
module.terraform_state_backend.aws_dynamodb_table.with_server_side_encryption[0]: Refreshing state... [id=oonidevops-dev-terraform-state-lock]
module.ooniapi_frontend.aws_acm_certificate_validation.ooniapi: Refreshing state... [id=2024-03-10 17:19:18.261 +0000 UTC]
module.oonipg.aws_secretsmanager_secret_version.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC|terraform-20240310155428358300000002]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniauth-eu-central-1]
module.ooniapi_oonirun_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonirun-eu-central-1]
module.ooniapi_ooniauth_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniauth]
module.ooniapi_oonirun_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonirun]
module.ooniapi_ooniauth_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniauth]
module.ooniapi_oonirun_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonirun]
module.network.aws_internet_gateway.gw: Refreshing state... [id=igw-0c080e9b235ed29d1]
module.network.aws_subnet.main[1]: Refreshing state... [id=subnet-0b18966cccfc9d5ef]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-mapped/1d4e4c4789864cd3]
module.network.aws_subnet.main[0]: Refreshing state... [id=subnet-0e7a4478be988463f]
module.oonipg.aws_security_group.pg: Refreshing state... [id=sg-0a9cdefae27025e5d]
module.ooni_backendproxy.aws_security_group.nginx_sg: Refreshing state... [id=sg-0a06ff444314a32ea]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-ooniauth-direct/930ce65884ee161e]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_direct: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-direct/d9d4c36932007629]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service_mapped: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooniapi-service-oonirun-mapped/11f47c7ba02ce5b5]
module.ooni_backendproxy.aws_alb_target_group.oonibackend_proxy: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/ooni-backendproxy/f8ec3c5af20fff6f]
module.ooniapi_cluster.aws_security_group.web: Refreshing state... [id=sg-067fbf5952f79c6d0]
module.network.aws_route_table.r: Refreshing state... [id=rtb-0bbf2b9ab4843cb17]
module.oonipg.aws_db_subnet_group.pg: Refreshing state... [id=ooni-tier0-postgres-dbsng]
module.ooni_backendproxy.aws_launch_template.ooni_backendproxy: Refreshing state... [id=lt-02ae2b46369a252fe]
module.ooniapi_cluster.aws_security_group.container_host: Refreshing state... [id=sg-0ba21672c9ad75937]
module.network.aws_route_table_association.a[1]: Refreshing state... [id=rtbassoc-06b1cb607df775424]
module.network.aws_route_table_association.a[0]: Refreshing state... [id=rtbassoc-042ec84b0762fc826]
module.ooniapi_frontend.aws_alb.ooniapi: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6]
module.ooniapi_oonirun.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-oonirun/b9f74ff75fec23f6]
module.ooniapi_ooniauth.aws_alb.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooniapi-service-ooniauth/b23b435019fd8ab3]
module.ooniapi_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0e328a8671f870c64]
module.terraform_state_backend.aws_s3_bucket_public_access_block.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_versioning.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_server_side_encryption_configuration.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooni_backendproxy.aws_autoscaling_group.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001]
module.terraform_state_backend.aws_s3_bucket_policy.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=ooniapi-ecs-cluster20240310192644083800000003]
module.ooniapi_frontend.aws_route53_record.ooniapi: Refreshing state... [id=Z055356431RGCLK3JXZDL_api.dev.ooni.io_A]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd]
module.terraform_state_backend.time_sleep.wait_for_aws_s3_bucket_settings[0]: Refreshing state... [id=2024-03-10T15:06:17Z]
module.terraform_state_backend.aws_s3_bucket_ownership_controls.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_ooniauth.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/6a4847ad88d80668]
module.ooniapi_ooniauth.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-ooniauth/b23b435019fd8ab3/65afb2dc6b055829]
module.ooniapi_ooniauth.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniauth.api.dev.ooni.io_A]
module.ooniapi_oonirun.aws_route53_record.ooniapi_service: Refreshing state... [id=Z055356431RGCLK3JXZDL_oonirun.api.dev.ooni.io_A]
module.ooniapi_oonirun.aws_alb_listener.front_end_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/b7c2581f2b3ac357]
module.ooniapi_oonirun.aws_alb_listener.ooniapi_service_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooniapi-service-oonirun/b9f74ff75fec23f6/f8565f9258861bb5]
module.ooni_backendproxy.aws_autoscaling_attachment.oonibackend_proxy: Refreshing state... [id=ooni-backendproxy-asg-20240310162930616000000001-20240310171855273500000002]
module.oonipg.aws_db_instance.pg: Refreshing state... [id=db-27N7Q6XIBNASFCOXN4N7C762L4]
module.ooniapi_oonirun.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 17:00:38.999 +0000 UTC]
module.ooniapi_ooniauth.aws_acm_certificate_validation.ooniapi_service: Refreshing state... [id=2024-03-14 19:35:39.331 +0000 UTC]
aws_secretsmanager_secret_version.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ|terraform-20240310182536837800000004]
aws_route53_record.postgres_dns: Refreshing state... [id=Z091407123AEJO90Z3H6D_postgres.dev.ooni.nu_CNAME]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc]
module.ooniapi_oonirun.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonirun-td]
module.ooniapi_oonirun.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonirun]
module.ooniapi_oonirun_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonirun]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place

Terraform planned the following actions, but then encountered a problem:

  # aws_codestarconnections_connection.ooniapi has moved to aws_codestarconnections_connection.oonidevops
    resource "aws_codestarconnections_connection" "oonidevops" {
        id                = "arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528"
        name              = "ooniapi"
        tags              = {}
        # (4 unchanged attributes hidden)
    }

  # aws_s3_bucket.oonith_codepipeline_bucket will be created
  + resource "aws_s3_bucket" "oonith_codepipeline_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = "codepipeline-oonith-eu-central-1-f148ea7b"
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.oonidevops_github_user.aws_iam_user.oonidevops_github will be updated in-place
  ~ resource "aws_iam_user" "oonidevops_github" {
        id            = "oonidevops-github"
        name          = "oonidevops-github"
      ~ tags          = {
          - "AKIA5FTZELIY34UMRZ6H" = "ooni-devops-github-user" -> null
            "Environment"          = "dev"
            "Name"                 = "oonidevops-dev"
            "Repository"           = "https://github.com/ooni/devops"
        }
      ~ tags_all      = {
          - "AKIA5FTZELIY34UMRZ6H" = "ooni-devops-github-user" -> null
            # (3 unchanged elements hidden)
        }
        # (4 unchanged attributes hidden)
    }

  # module.oonith_cluster.aws_autoscaling_group.container_host will be created
  + resource "aws_autoscaling_group" "container_host" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = 2
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 6
      + metrics_granularity              = "1Minute"
      + min_size                         = 2
      + name                             = (known after apply)
      + name_prefix                      = "oonith-ecs-cluster"
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = [
          + "subnet-0b18966cccfc9d5ef",
          + "subnet-0e7a4478be988463f",
        ]
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + instance_refresh {
          + strategy = "Rolling"
          + triggers = [
              + "tag",
            ]

          + preferences {
              + max_healthy_percentage       = 100
              + min_healthy_percentage       = 50
              + scale_in_protected_instances = "Ignore"
              + skip_matching                = false
              + standby_instances            = "Ignore"
            }
        }

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }
    }

  # module.oonith_cluster.aws_cloudwatch_log_group.ooniapi_services will be created
  + resource "aws_cloudwatch_log_group" "ooniapi_services" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "ooni-ecs-group/oonith-ecs-cluster"
      + name_prefix       = (known after apply)
      + retention_in_days = 0
      + skip_destroy      = false
      + tags_all          = (known after apply)
    }

  # module.oonith_cluster.aws_ecs_cluster.main will be created
  + resource "aws_ecs_cluster" "main" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "oonith-ecs-cluster"
      + tags     = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }

      + configuration {
          + execute_command_configuration {
              + logging = "OVERRIDE"

              + log_configuration {
                  + cloud_watch_log_group_name = "ooni-ecs-group/oonith-ecs-cluster"
                }
            }
        }
    }

  # module.oonith_cluster.aws_iam_instance_profile.container_host will be created
  + resource "aws_iam_instance_profile" "container_host" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = "oonith-ecs-cluster"
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = "oonith-ecs-cluster-container-host-role"
      + tags        = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all    = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + unique_id   = (known after apply)
    }

  # module.oonith_cluster.aws_iam_role.container_host will be created
  + resource "aws_iam_role" "container_host" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ec2.amazonaws.com"
                        }
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "oonith-ecs-cluster-container-host-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all              = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + unique_id             = (known after apply)
    }

  # module.oonith_cluster.aws_iam_role_policy.container_host will be created
  + resource "aws_iam_role_policy" "container_host" {
      + id          = (known after apply)
      + name        = "oonith-ecs-cluster-instance-role-policy"
      + name_prefix = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ec2:DescribeTags",
                          + "ecs:CreateCluster",
                          + "ecs:TagResource",
                          + "ecs:UntagResource",
                          + "ecs:DeregisterContainerInstance",
                          + "ecs:DiscoverPollEndpoint",
                          + "ecs:Poll",
                          + "ecs:RegisterContainerInstance",
                          + "ecs:StartTelemetrySession",
                          + "ecs:UpdateContainerInstancesState",
                          + "ecs:Submit*",
                          + "ecr:GetAuthorizationToken",
                          + "ecr:BatchCheckLayerAvailability",
                          + "ecr:GetDownloadUrlForLayer",
                          + "ecr:BatchGetImage",
                          + "logs:CreateLogStream",
                          + "logs:PutLogEvents",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "ecsInstanceRole"
                    },
                  + {
                      + Action    = "ecs:TagResource"
                      + Condition = {
                          + StringEquals = {
                              + "ecs:CreateAction" = [
                                  + "CreateCluster",
                                  + "RegisterContainerInstance",
                                ]
                            }
                        }
                      + Effect    = "Allow"
                      + Resource  = "*"
                    },
                  + {
                      + Action   = [
                          + "logs:*",
                          + "cloudwatch:GenerateQuery",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "CloudWatchLogsFullAccess"
                    },
                  + {
                      + Action   = [
                          + "secretsmanager:GetResourcePolicy",
                          + "secretsmanager:GetSecretValue",
                          + "secretsmanager:DescribeSecret",
                          + "secretsmanager:ListSecretVersionIds",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                  + {
                      + Action   = "secretsmanager:ListSecrets"
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                  + {
                      + Action   = [
                          + "ec2:Describe*",
                          + "elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
                          + "elasticloadbalancing:DeregisterTargets",
                          + "elasticloadbalancing:Describe*",
                          + "elasticloadbalancing:RegisterInstancesWithLoadBalancer",
                          + "elasticloadbalancing:RegisterTargets",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + role        = "oonith-ecs-cluster-container-host-role"
    }

  # module.oonith_cluster.aws_launch_template.container_host will be created
  + resource "aws_launch_template" "container_host" {
      + arn                                  = (known after apply)
      + default_version                      = (known after apply)
      + id                                   = (known after apply)
      + image_id                             = (sensitive value)
      + instance_initiated_shutdown_behavior = "terminate"
      + instance_type                        = "t2.small"
      + key_name                             = "oonidevops"
      + latest_version                       = (known after apply)
      + name                                 = (known after apply)
      + name_prefix                          = "oonith-ecs-cluster"
      + tags_all                             = (known after apply)
      + update_default_version               = true
      + user_data                            = "IyEvYmluL2Jhc2gKCmNhdCA8PCdFT0YnID4+IC9ldGMvZWNzL2Vjcy5jb25maWcKRUNTX0NMVVNURVI9b29uaXRoLWVjcy1jbHVzdGVyCkVDU19MT0dMRVZFTD1kZWJ1ZwpFQ1NfQ09OVEFJTkVSX0lOU1RBTkNFX1RBR1M9eyJFbnZpcm9ubWVudCI6ImRldiIsIk5hbWUiOiJvb25pLXRpZXIwLXRoLWVjcy1jbHVzdGVyIiwiUmVwb3NpdG9yeSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9vb25pL2Rldm9wcyJ9CkVDU19FTkFCTEVfVEFTS19JQU1fUk9MRT10cnVlCkVPRgoK"

      + block_device_mappings {
          + device_name = "/dev/sdf"

          + ebs {
              + delete_on_termination = "true"
              + iops                  = (known after apply)
              + throughput            = (known after apply)
              + volume_size           = 5
              + volume_type           = (known after apply)
            }
        }

      + iam_instance_profile {
          + name = "oonith-ecs-cluster"
        }

      + network_interfaces {
          + associate_public_ip_address = "true"
          + delete_on_termination       = "true"
          + security_groups             = (known after apply)
        }

      + tag_specifications {
          + resource_type = "instance"
          + tags          = {
              + "Environment" = "dev"
              + "Name"        = "ooni-tier0-th-ecs-cluster"
              + "Repository"  = "https://github.com/ooni/devops"
            }
        }
    }

  # module.oonith_cluster.aws_security_group.container_host will be created
  + resource "aws_security_group" "container_host" {
      + arn                    = (known after apply)
      + description            = "controls direct access to application instances"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 32768
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = (known after apply)
              + self             = false
              + to_port          = 61000
            },
        ]
      + name                   = "oonith-ecs-cluster-container-host-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all               = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + vpc_id                 = "vpc-0e382f3ad89286de9"
    }

  # module.oonith_cluster.aws_security_group.web will be created
  + resource "aws_security_group" "web" {
      + arn                    = (known after apply)
      + description            = "controls access to the applications ELB web endpoint"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 443
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
            },
        ]
      + name                   = "oonith-ecs-cluster-web-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all               = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-th-ecs-cluster"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + vpc_id                 = "vpc-0e382f3ad89286de9"
    }

Plan: 10 to add, 1 to change, 0 to destroy.


Pusher	@DecFox
Action	pull_request
Environment	dev
Workflow	.github/workflows/check_terraform.yml
Last updated	Wed, 20 Mar 2024 18:28:57 GMT

hellais

lgtm

DecFox added 4 commits March 19, 2024 15:26

feat: create new oonith ecs_cluster

2beb61e

fix: remove oohelperd service

4d976ee

feat: add oonith S3 codepipeline bucket and codestar connection

5b486c2

fix: network module reference

992dd0d

hellais reviewed Mar 19, 2024

View reviewed changes

tf/environments/dev/main.tf Show resolved Hide resolved

hellais reviewed Mar 19, 2024

View reviewed changes

tf/environments/dev/main.tf Outdated Show resolved Hide resolved

hellais reviewed Mar 19, 2024

View reviewed changes

tf/environments/dev/main.tf Show resolved Hide resolved

DecFox added 2 commits March 20, 2024 17:56

refactor: move codestar connection from ooniapi to oonidevops

912be88

Merge branch 'main' into oonith

9a771c4

hellais self-requested a review April 2, 2024 13:22

hellais approved these changes Apr 2, 2024

View reviewed changes

DecFox merged commit 84f5e1e into main Apr 2, 2024
2 checks passed

DecFox deleted the oonith branch April 2, 2024 13:57

jbonisteel added the funder/otffoss2023-2024 label Apr 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: create new oonith ecs_cluster #30

feat: create new oonith ecs_cluster #30

DecFox commented Mar 19, 2024 •

edited

Loading

github-actions bot commented Mar 20, 2024

hellais left a comment

feat: create new oonith ecs_cluster #30

feat: create new oonith ecs_cluster #30

Conversation

DecFox commented Mar 19, 2024 • edited Loading

github-actions bot commented Mar 20, 2024

Terraform Run Output 🤖

Format and Style 🖌failure

Initialization ⚙️success

Validation 🤖success

Plan 📖success

hellais left a comment

Choose a reason for hiding this comment

DecFox commented Mar 19, 2024 •

edited

Loading

Format and Style 🖌`failure`

Initialization ⚙️`success`

Validation 🤖`success`

Plan 📖`success`