Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tony luis #138

Merged
merged 3 commits into from
Jan 8, 2025
Merged

Add tony luis #138

merged 3 commits into from
Jan 8, 2025

Conversation

hellais
Copy link
Member

@hellais hellais commented Jan 7, 2025

Add @hynnot and @LDiazN to the terraform configs

Copy link

github-actions bot commented Jan 7, 2025

Terraform Run Output 🤖

Format and Style 🖌failure

Initialization ⚙️success

Validation 🤖success

Validation Output

$ terraform validate
Success! The configuration is valid.

Plan 📖success

  • Plan: 6 to add, 5 to change, 11 to destroy.
Show Plan

$ terraform plan
random_password.jwt_secret: Refreshing state... [id=none]
module.ansible_inventory.local_file.ansible_inventory: Refreshing state... [id=b6de844ed8d384f890fa6f467502390de843f758]
random_password.prometheus_metrics_password: Refreshing state... [id=none]
module.adm_iam_roles.tls_private_key.oonidevops: Refreshing state... [id=b49a9fdb9f720320340226016efe24808dd68203]
random_id.artifact_id: Refreshing state... [id=8Ujqew]
module.ansible_inventory.null_resource.ansible_update_known_hosts: Refreshing state... [id=236461505953331670]
aws_route53_record.clickhouse_proxy_alias: Refreshing state... [id=Z055356431RGCLK3JXZDL_clickhouseproxy.dev.ooni.io_CNAME]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_egress[1]: Refreshing state... [id=sgrule-2829644169]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[1]: Refreshing state... [id=sgrule-2913158516]
module.ooni_clickhouse_proxy.aws_security_group.ec2_sg: Refreshing state... [id=sg-0962cbf749373f339]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[0]: Refreshing state... [id=sgrule-455678145]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[2]: Refreshing state... [id=sgrule-3780622166]
aws_s3_bucket.ooniapi_codepipeline_bucket: Refreshing state... [id=codepipeline-ooniapi-eu-central-1-f148ea7b]
module.ooni_clickhouse_proxy.aws_instance.ooni_ec2: Refreshing state... [id=i-074dea1cc0bb3e3f3]
module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_egress[0]: Refreshing state... [id=sgrule-433404543]
module.ooni_clickhouse_proxy.aws_launch_template.ooni_ec2: Refreshing state... [id=lt-0d34141cf8256e7e4]
module.ooni_clickhouse_proxy.aws_lb_target_group_attachment.oonibackend_proxy: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431-20241218072519078800000007]
module.ooni_clickhouse_proxy.aws_alb_target_group.ooni_ec2: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431]
module.ooniapi_cluster.aws_iam_role.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role]
module.oonidevops_github_user.aws_secretsmanager_secret.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd]
module.adm_iam_roles.aws_key_pair.oonidevops: Refreshing state... [id=oonidevops]
module.ooniapi_user.aws_ses_email_identity.ooniapi: Refreshing state... [[email protected]]
module.ooniapi_ooniprobe.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniprobe-task-role]
module.ooniapi_ooniauth.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role]
module.ooniapi_reverseproxy_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_user.aws_secretsmanager_secret.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr]
module.ooniapi_reverseproxy_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_ooniprobe.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniprobe]
module.ooniapi_ooniauth.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.oonidevops_github_user.aws_iam_user.oonidevops_github: Refreshing state... [id=oonidevops-github]
module.ooniapi_oonifindings.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_oonirun.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_oonirun.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
aws_acm_certificate.ooniapi_frontend: Refreshing state... [id=arn:aws:acm:eu-central-1:905418398257:certificate/190205f1-392d-425c-a059-7006ca8c8c46]
aws_secretsmanager_secret.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ]
module.ooniapi_ooniauth_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.oonidevops_github_user.aws_iam_policy.oonidevops_github: Refreshing state... [id=arn:aws:iam::905418398257:policy/oonidevops-github-policy]
module.ooniapi_oonifindings_deployer.data.aws_caller_identity.current: Reading...
module.adm_iam_roles.aws_iam_policy.oonidevops: Refreshing state... [id=arn:aws:iam::905418398257:policy/OONIDevopsPolicy]
module.ooniapi_ooniauth.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniauth-td:76/ooniapi-service-ooniauth]
module.ooniapi_user.aws_secretsmanager_secret.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx]
module.ooniapi_oonifindings_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
aws_s3_bucket.oonith_codepipeline_bucket: Refreshing state... [id=codepipeline-oonith-eu-central-1-f148ea7b]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Reading...
data.aws_ssm_parameter.do_token: Reading...
module.ooniapi_oonifindings.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonifindings-td:27/ooniapi-service-oonifindings]
module.ooniapi_oonirun.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonirun]
module.ooniapi_oonirun.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 1s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-oonirun-td:71/ooniapi-service-oonirun]
data.aws_availability_zones.available: Reading...
module.ooniapi_oonifindings_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonifindings]
data.aws_ssm_parameter.clickhouse_readonly_url: Reading...
aws_secretsmanager_secret.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS]
data.aws_availability_zones.available: Read complete after 0s [id=eu-central-1]
module.ooniapi_user.aws_iam_user.ooniapi: Refreshing state... [id=oonidevops-ooniapi]
module.ooniapi_ooniprobe_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniprobe]
module.ooniapi_reverseproxy.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-reverseproxy]
module.ooniapi_ooniauth.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-ooniauth]
module.ooniapi_reverseproxy_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-reverseproxy]
module.ooniapi_reverseproxy.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-reverseproxy-task-role]
module.ooniapi_cluster.data.aws_ssm_parameter.ecs_optimized_ami: Read complete after 0s [id=/aws/service/ecs/optimized-ami/amazon-linux-2/recommended]
module.adm_iam_roles.aws_secretsmanager_secret.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key-2ebqSe]
data.aws_ssm_parameter.do_token: Read complete after 0s [id=/oonidevops/secrets/digitalocean_access_token]
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Reading...
module.adm_iam_roles.data.aws_iam_policy_document.assume_role: Read complete after 0s [id=367960279]
aws_secretsmanager_secret.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw]
module.ooniapi_cluster.aws_cloudwatch_log_group.ooniapi_services: Refreshing state... [id=ooni-ecs-group/ooniapi-ecs-cluster]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_oonifindings.aws_cloudwatch_log_group.ooniapi_service: Refreshing state... [id=ooni-ecs-group/ooniapi-service-oonifindings]
data.aws_ssm_parameter.clickhouse_readonly_url: Read complete after 0s [id=/oonidevops/secrets/clickhouse_readonly_url]
module.ooniapi_oonirun_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-oonirun]
module.ooniapi_oonirun_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codepipeline: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codepipeline-ooniapi-ooniauth]
module.ooniapi_oonifindings.aws_iam_role.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonifindings-task-role]
module.ooniapi_reverseproxy.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Reading...
module.ooniapi_ooniprobe_deployer.data.aws_caller_identity.current: Reading...
module.ooniapi_ooniprobe.data.aws_ecs_container_definition.ooniapi_service_current[0]: Reading...
module.ooniapi_cluster.aws_iam_instance_profile.container_host: Refreshing state... [id=ooniapi-ecs-cluster]
module.ooniapi_reverseproxy.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-reverseproxy-td:14/ooniapi-service-reverseproxy]
module.ooniapi_cluster.aws_iam_role_policy.container_host: Refreshing state... [id=ooniapi-ecs-cluster-container-host-role:ooniapi-ecs-cluster-instance-role-policy]
module.ooniapi_ooniprobe.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniprobe-task-role:ooniapi-service-ooniprobe-task-role]
module.ooniapi_ooniprobe_deployer.data.aws_caller_identity.current: Read complete after 0s [id=905418398257]
module.ooniapi_ooniauth.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-ooniauth-task-role:ooniapi-service-ooniauth-task-role]
module.ooni_backendproxy.data.aws_ssm_parameter.ubuntu_22_ami: Read complete after 0s [id=/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id]
module.oonidevops_github_user.aws_iam_access_key.oonidevops_github: Refreshing state... [id=AKIA5FTZELIYXDN55SMS]
module.ooniapi_oonirun.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonirun-task-role:ooniapi-service-oonirun-task-role]
module.ooniapi_ooniprobe.data.aws_ecs_container_definition.ooniapi_service_current[0]: Read complete after 0s [id=arn:aws:ecs:eu-central-1:905418398257:task-definition/ooniapi-service-ooniprobe-td:54/ooniapi-service-ooniprobe]
module.oonidevops_github_user.aws_iam_user_policy_attachment.oonidevops_github: Refreshing state... [id=oonidevops-github-20240313195612421500000001]
module.ooniapi_oonifindings_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonifindings]
module.ooniapi_user.aws_iam_access_key.ooniapi: Refreshing state... [id=AKIA5FTZELIYSK2XEVOT]
module.ooniapi_user.aws_iam_user_policy.ooniapi: Refreshing state... [id=oonidevops-ooniapi:oonidevops-ooniapi-policy]
module.ooniapi_ooniprobe_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniprobe]
aws_secretsmanager_secret_version.jwt_secret: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/jwt_secret-NUESvS|terraform-20240310182536838400000005]
aws_route53_record.ooniapi_frontend_cert_validation["ooniprobe.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__a064be8aa084a037ff9fa5e3e541c87d.ooniprobe.dev.ooni.io._CNAME]
aws_route53_record.ooniapi_frontend_cert_validation["oonirun.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__05c891caeb4509d4cd7f9c24d8b6dbd0.oonirun.dev.ooni.io._CNAME]
aws_route53_record.ooniapi_frontend_cert_validation["8.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__ef17825e5fd9713f596344bdd9626f5e.8.th.dev.ooni.io._CNAME]
aws_route53_record.ooniapi_frontend_cert_validation["api.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__cd4729fc0c282e771d056e719a7bdf4f.api.dev.ooni.io._CNAME]
aws_route53_record.ooniapi_frontend_cert_validation["ooniauth.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL__48cd4e71cee9930614228176b7deefb9.ooniauth.dev.ooni.io._CNAME]
module.adm_iam_roles.aws_iam_role.oonidevops: Refreshing state... [id=oonidevops]
module.ooniapi_reverseproxy_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-reverseproxy]
module.ooniapi_reverseproxy.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-reverseproxy-task-role:ooniapi-service-reverseproxy-task-role]
module.adm_iam_roles.aws_secretsmanager_secret_version.oonidevops_deploy_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key-2ebqSe|terraform-20240925140131946100000002]
data.aws_secretsmanager_secret_version.prometheus_metrics_password: Reading...
module.ooniapi_oonirun_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-oonirun]
aws_secretsmanager_secret_version.prometheus_metrics_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|terraform-20240314200140936700000008]
module.ooniapi_ooniauth_deployer.aws_iam_role.codepipeline: Refreshing state... [id=codepipeline-ooniapi-ooniauth]
module.ooniapi_oonifindings.aws_iam_role_policy.ooniapi_service_task: Refreshing state... [id=ooniapi-service-oonifindings-task-role:ooniapi-service-oonifindings-task-role]
module.ooniapi_cluster.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:cluster/ooniapi-ecs-cluster]
data.aws_secretsmanager_secret_version.prometheus_metrics_password: Read complete after 0s [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni_services/prometheus_metrics_password-M8BbRw|AWSCURRENT]
module.oonidevops_github_user.aws_secretsmanager_secret_version.oonidevops_github: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/github_user/access_key_json-9JTJgd|terraform-20240519071250187000000004]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_access_key_id: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_access_key_id-EcXOBx|terraform-20240314200140918400000007]
module.ooniapi_user.aws_secretsmanager_secret_version.aws_secret_access_key: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooniapi_user/aws_secret_access_key-L0DQDr|terraform-20240314200140914600000006]
aws_acm_certificate_validation.ooniapi_frontend: Refreshing state... [id=0001-01-01 00:00:00 +0000 UTC]
aws_codestarconnections_connection.oonidevops: Refreshing state... [id=arn:aws:codestar-connections:eu-central-1:905418398257:connection/6bd492f6-c11d-43ec-92b0-24c47700d528]
module.oonipg.random_password.pg_password: Refreshing state... [id=none]
module.oonipg.aws_secretsmanager_secret.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC]
module.network.aws_vpc.main: Refreshing state... [id=vpc-0e382f3ad89286de9]
module.ooni_th_droplet.digitalocean_droplet.ooni_th_docker[0]: Refreshing state... [id=459912318]
module.ooniapi_reverseproxy.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-reverseproxy-td]
module.terraform_state_backend.aws_s3_bucket.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_dynamodb_table.with_server_side_encryption[0]: Refreshing state... [id=oonidevops-dev-terraform-state-lock]
module.oonipg.aws_secretsmanager_secret_version.pg_password: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/pg_password-OjzOJC|terraform-20240310155428358300000002]
module.ooniapi_oonirun_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonirun-eu-central-1]
module.ooniapi_ooniauth_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniauth-eu-central-1]
module.ooniapi_reverseproxy_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-reverseproxy-eu-central-1]
module.ooniapi_ooniprobe_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-ooniprobe-eu-central-1]
module.ooniapi_oonifindings_deployer.aws_iam_policy.codebuild: Refreshing state... [id=arn:aws:iam::905418398257:policy/service-role/codebuild-oonifindings-eu-central-1]
module.ooniapi_oonifindings_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonifindings]
module.ooniapi_ooniauth_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniauth]
module.ooniapi_ooniprobe_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-ooniprobe]
module.ooniapi_oonirun_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-oonirun]
module.ooniapi_reverseproxy_deployer.aws_iam_role.codebuild: Refreshing state... [id=codebuild-ooniapi-reverseproxy]
module.ooniapi_ooniprobe_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniprobe]
module.ooniapi_oonifindings_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonifindings]
module.ooniapi_ooniauth_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-ooniauth]
module.ooniapi_oonirun_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-oonirun]
module.ooniapi_reverseproxy_deployer.aws_codebuild_project.ooniapi: Refreshing state... [id=arn:aws:codebuild:eu-central-1:905418398257:project/ooniapi-reverseproxy]
module.ooni_th_droplet.aws_route53_record.ooni_th["0"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_0.do.th.dev.ooni.io_A]
module.ooni_backendproxy.data.cloudinit_config.ooni_backendproxy: Reading...
module.ooni_backendproxy.data.cloudinit_config.ooni_backendproxy: Read complete after 0s [id=3085866265]
module.network.aws_internet_gateway.gw: Refreshing state... [id=igw-0c080e9b235ed29d1]
module.ooniapi_oonifindings.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OfinM-20240917211808752800000002/48adcfb18ae34d30]
module.ooniapi_oonirun.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OrunM-20240917211808753100000003/93d4b2b6dc76acac]
module.ooniapi_cluster.aws_security_group.web: Refreshing state... [id=sg-0187eedfe39538357]
module.ooniapi_ooniprobe.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OproM-20240917211808753100000004/1f2ea1732205872c]
module.ooniapi_ooniauth.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OautM-20240917211808752700000001/91bcad756924a3a7]
module.oonipg.aws_security_group.pg: Refreshing state... [id=sg-005ca579eb9c08cda]
module.ooniapi_reverseproxy.aws_alb_target_group.ooniapi_service: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/OrevM-20241126221437689400000001/e05c012d99ff36ad]
module.network.aws_route_table.private: Refreshing state... [id=rtb-011463437da96c77b]
module.network.aws_route_table.public: Refreshing state... [id=rtb-0ccb0852e6a365a95]
module.network.aws_subnet.private[1]: Refreshing state... [id=subnet-0b899a7ad10406d06]
module.network.aws_subnet.private[0]: Refreshing state... [id=subnet-09314a43ec89d6331]
module.network.aws_subnet.public[0]: Refreshing state... [id=subnet-0e7a4478be988463f]
module.network.aws_subnet.public[1]: Refreshing state... [id=subnet-0b18966cccfc9d5ef]
module.ooniapi_cluster.aws_security_group.container_host: Refreshing state... [id=sg-0aa6a97400b619de3]
module.network.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0c9cc0f117ef15fe7]
module.network.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0e7933e6b804ff2c1]
module.terraform_state_backend.aws_s3_bucket_server_side_encryption_configuration.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_versioning.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.aws_s3_bucket_public_access_block.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.network.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0dbd7fb16801ee049]
module.network.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-08ab18165bf481054]
module.ooniapi_cluster.aws_launch_template.container_host: Refreshing state... [id=lt-0e328a8671f870c64]
module.ooniapi_frontend.aws_alb.ooniapi: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:loadbalancer/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6]
module.oonipg.aws_db_subnet_group.pg: Refreshing state... [id=ooni-tier0-postgres-dbsng]
module.ooniapi_reverseproxy.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-reverseproxy]
module.terraform_state_backend.aws_s3_bucket_policy.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.terraform_state_backend.time_sleep.wait_for_aws_s3_bucket_settings[0]: Refreshing state... [id=2024-03-10T15:06:17Z]
module.terraform_state_backend.aws_s3_bucket_ownership_controls.default[0]: Refreshing state... [id=oonidevops-dev-terraform-state]
module.ooniapi_cluster.aws_autoscaling_group.container_host: Refreshing state... [id=ooniapi-ecs-cluster20240310192644083800000003]
module.ooniapi_reverseproxy_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-reverseproxy]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_http: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/d9b2448464179cd1]
module.ooniapi_frontend.aws_alb_listener.ooniapi_listener_https: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd]
aws_route53_record.ooniapi_frontend_alt["ooniauth.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniauth.dev.ooni.io_A]
aws_route53_record.ooniapi_frontend_main: Refreshing state... [id=Z055356431RGCLK3JXZDL_api.dev.ooni.io_A]
aws_route53_record.ooniapi_frontend_alt["oonirun.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_oonirun.dev.ooni.io_A]
aws_route53_record.ooniapi_frontend_alt["ooniprobe.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_ooniprobe.dev.ooni.io_A]
aws_route53_record.ooniapi_frontend_alt["8.th.dev.ooni.io"]: Refreshing state... [id=Z055356431RGCLK3JXZDL_8.th.dev.ooni.io_A]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule_host: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/551c4128bb282fa4]
module.oonipg.aws_db_instance.pg: Refreshing state... [id=db-27N7Q6XIBNASFCOXN4N7C762L4]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonirun_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/65e6f5e3aca0a4e5]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniprobe_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/2b09ed268181ba4f]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniprobe_rule_host: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/b436b91883ae7c86]
module.ooniapi_frontend.aws_alb_listener_rule.ooniapi_th: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/01ee7503374be8ff]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule_host: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/cefeff0d8aa3118a]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonifindings_rule_host: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/5a872da4cc6b9135]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_ooniauth_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/128c53ea760208fc]
module.ooniapi_frontend.aws_lb_listener_rule.ooniapi_oonifindings_rule: Refreshing state... [id=arn:aws:elasticloadbalancing:eu-central-1:905418398257:listener-rule/app/ooni-tier0-api-frontend/52df1e7ac0eb1ea6/2f500e01e10ba5cd/cdc4e8e8eabb56f2]
aws_secretsmanager_secret_version.oonipg_url: Refreshing state... [id=arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/ooni-tier0-postgres/postgresql_url-w62CTZ|terraform-20240310182536837800000004]
aws_route53_record.postgres_dns: Refreshing state... [id=Z091407123AEJO90Z3H6D_postgres.dev.ooni.nu_CNAME]
module.ooniapi_oonirun.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonirun-td]
module.ooniapi_ooniprobe.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-ooniprobe-td]
module.ooniapi_ooniauth.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-ooniauth-td]
module.ooniapi_oonifindings.aws_ecs_task_definition.ooniapi_service: Refreshing state... [id=ooniapi-service-oonifindings-td]
module.ooniapi_oonirun.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonirun]
module.ooniapi_ooniauth.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-ooniauth]
module.ooniapi_ooniprobe.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-ooniprobe]
module.ooniapi_oonifindings.aws_ecs_service.ooniapi_service: Refreshing state... [id=arn:aws:ecs:eu-central-1:905418398257:service/ooniapi-ecs-cluster/ooniapi-service-oonifindings]
module.ooniapi_oonirun_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonirun]
module.ooniapi_ooniauth_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-ooniauth]
module.ooniapi_ooniprobe_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-ooniprobe]
module.ooniapi_oonifindings_deployer.aws_codepipeline.ooniapi: Refreshing state... [id=ooniapi-oonifindings]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
  - destroy
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_secretsmanager_secret_version.deploy_key will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_secretsmanager_secret_version" "deploy_key" {
      + arn            = (known after apply)
      + created_date   = (known after apply)
      + id             = (known after apply)
      + secret_binary  = (sensitive value)
      + secret_id      = "arn:aws:secretsmanager:eu-central-1:905418398257:secret:oonidevops/deploy_key-2ebqSe"
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

  # aws_route53_record.clickhouse_proxy_alias will be destroyed
  # (because aws_route53_record.clickhouse_proxy_alias is not in configuration)
  - resource "aws_route53_record" "clickhouse_proxy_alias" {
      - fqdn                             = "clickhouseproxy.dev.ooni.io" -> null
      - id                               = "Z055356431RGCLK3JXZDL_clickhouseproxy.dev.ooni.io_CNAME" -> null
      - multivalue_answer_routing_policy = false -> null
      - name                             = "clickhouseproxy.dev.ooni.io" -> null
      - records                          = [
          - "ec2-3-79-60-152.eu-central-1.compute.amazonaws.com",
        ] -> null
      - ttl                              = 300 -> null
      - type                             = "CNAME" -> null
      - zone_id                          = "Z055356431RGCLK3JXZDL" -> null
        # (2 unchanged attributes hidden)
    }

  # module.adm_iam_roles.aws_iam_role.oonidevops will be updated in-place
  ~ resource "aws_iam_role" "oonidevops" {
      ~ assume_role_policy    = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Principal = {
                          ~ AWS = [
                              ~ "arn:aws:iam::905418398257:user/mehul" -> "arn:aws:iam::082866812839:user/tony",
                              ~ "arn:aws:iam::905418398257:user/art" -> "arn:aws:iam::082866812839:user/mehul",
                              ~ "arn:aws:iam::082866812839:user/mehul" -> "arn:aws:iam::082866812839:user/luis",
                                "arn:aws:iam::082866812839:user/art",
                            ]
                        }
                        # (2 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        id                    = "oonidevops"
        name                  = "oonidevops"
        tags                  = {}
        # (11 unchanged attributes hidden)
    }

  # module.ooni_backendproxy.aws_alb_target_group.oonibackend_proxy will be created
  + resource "aws_alb_target_group" "oonibackend_proxy" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = (known after apply)
      + name_prefix                        = "oobpx"
      + port                               = 80
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all                           = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + target_type                        = "instance"
      + vpc_id                             = "vpc-0e382f3ad89286de9"

      + health_check (known after apply)

      + stickiness (known after apply)

      + target_failover (known after apply)

      + target_health_state (known after apply)
    }

  # module.ooni_backendproxy.aws_instance.oonibackend_proxy will be created
  + resource "aws_instance" "oonibackend_proxy" {
      + ami                                  = (known after apply)
      + arn                                  = (known after apply)
      + associate_public_ip_address          = (known after apply)
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = (known after apply)
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = (known after apply)
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = (known after apply)
      + source_dest_check                    = true
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all                             = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tenancy                              = (known after apply)
      + user_data                            = (known after apply)
      + user_data_base64                     = (known after apply)
      + user_data_replace_on_change          = false
      + vpc_security_group_ids               = (known after apply)

      + capacity_reservation_specification (known after apply)

      + cpu_options (known after apply)

      + ebs_block_device (known after apply)

      + enclave_options (known after apply)

      + ephemeral_block_device (known after apply)

      + instance_market_options (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + maintenance_options (known after apply)

      + metadata_options (known after apply)

      + network_interface (known after apply)

      + private_dns_name_options (known after apply)

      + root_block_device (known after apply)
    }

  # module.ooni_backendproxy.aws_launch_template.ooni_backendproxy will be created
  + resource "aws_launch_template" "ooni_backendproxy" {
      + arn             = (known after apply)
      + default_version = (known after apply)
      + id              = (known after apply)
      + image_id        = (sensitive value)
      + instance_type   = "t3a.nano"
      + key_name        = "oonidevops"
      + latest_version  = (known after apply)
      + name            = (known after apply)
      + name_prefix     = "ooni-backendproxy-bkprx-tmpl-"
      + tags_all        = (known after apply)
      + user_data       = "H4sIAAAAAAAA/7SUT2vcPBDG74L9DsPynl6QtS6UZm1yaJtAe0gLJS0UCkYrjW0RWTLSeLOhzXcv/rO7bnZT2kNP1sjPDM/8NNJb7wgd8duHFjNoOkumlYFEY3aoc9j4zmkZHi6XN+9vrt98/Pzh6vWnr0vWR/wLhmi8yyBNVgu2YJzPRQu2r31lYuujoUEriaSqG3SUQ2ksOtng5dI4Q4kqq+Ux6zZIF0sM/Nopr42rMni1MTQTDJYJdySU9Z3myrvSVAt2Yxo8MddKdScrLLpWS+rzQodsvxszBsDBVcbthpU1myHgjdc8UkDZMHYfDGHRm570raQ6A4GkxKAW0RBGLrfSWLmxKDSWsrPEAADUaDuDH0MIEDFsMcD3KQSwJhI6uFjl7LA3ioqeEhSzfeuV7IGCmBUAaIPfPRStjBFqojZmQmykukOneRld4r0ziQ+VyE9yenmxHaFBmqSniohU1Cg1BnjnI8G3/2of6ah7PKwwBB8K6ysQWxmE9dXEZ/iRWF/tsx73HU2frh1hw72iOs5aewIE0pfr5GKdvEjSdJU/VT0+R3hO8/+E6gOQ/LeH8GewMyEG1/+S7f7Lzs9f43VnMXJ0/fhpsV5Pw5v0d+OZMRyBHxs7nIGyRt3VvotYTEP0S/sT3aMqTdrg9cjU+Gy9Wq3mHTw9wnmtifqYch7xqZsczlX/q+ELnVONHm9zb8soHF8BCBhJBjp51jhfsJ8BAAD//9zsSMA1BQAA"

      + metadata_options (known after apply)

      + network_interfaces {
          + associate_public_ip_address = "true"
          + delete_on_termination       = "true"
          + security_groups             = (known after apply)
          + subnet_id                   = "subnet-0e7a4478be988463f"
        }

      + tag_specifications {
          + resource_type = "instance"
          + tags          = {
              + "Environment" = "dev"
              + "Name"        = "ooni-tier0-backendproxy"
              + "Repository"  = "https://github.com/ooni/devops"
            }
        }
    }

  # module.ooni_backendproxy.aws_lb_target_group_attachment.oonibackend_proxy will be created
  + resource "aws_lb_target_group_attachment" "oonibackend_proxy" {
      + id               = (known after apply)
      + target_group_arn = (known after apply)
      + target_id        = (known after apply)
    }

  # module.ooni_backendproxy.aws_route53_record.clickhouse_proxy_alias will be created
  + resource "aws_route53_record" "clickhouse_proxy_alias" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "clickhouseproxy.dev.ooni.io"
      + records         = (known after apply)
      + ttl             = 300
      + type            = "CNAME"
      + zone_id         = "Z055356431RGCLK3JXZDL"
    }

  # module.ooni_backendproxy.aws_security_group.nginx_sg will be created
  + resource "aws_security_group" "nginx_sg" {
      + arn                    = (known after apply)
      + description            = "security group for nginx"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = []
              + from_port        = 0
              + ipv6_cidr_blocks = [
                  + "::/0",
                ]
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
                # (1 unchanged attribute hidden)
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
                # (1 unchanged attribute hidden)
            },
          + {
              + cidr_blocks      = [
                  + "10.0.100.0/24",
                  + "10.0.101.0/24",
                ]
              + from_port        = 9000
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 9000
                # (1 unchanged attribute hidden)
            },
        ]
      + name                   = (known after apply)
      + name_prefix            = "ooni-bckprx"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + tags_all               = {
          + "Environment" = "dev"
          + "Name"        = "ooni-tier0-backendproxy"
          + "Repository"  = "https://github.com/ooni/devops"
        }
      + vpc_id                 = "vpc-0e382f3ad89286de9"
    }

  # module.ooni_clickhouse_proxy.aws_alb_target_group.ooni_ec2 will be destroyed
  # (because aws_alb_target_group.ooni_ec2 is not in configuration)
  - resource "aws_alb_target_group" "ooni_ec2" {
      - arn                                = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431" -> null
      - arn_suffix                         = "targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431" -> null
      - deregistration_delay               = "300" -> null
      - id                                 = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431" -> null
      - ip_address_type                    = "ipv4" -> null
      - lambda_multi_value_headers_enabled = false -> null
      - load_balancer_arns                 = [] -> null
      - load_balancing_algorithm_type      = "round_robin" -> null
      - load_balancing_anomaly_mitigation  = "off" -> null
      - load_balancing_cross_zone_enabled  = "use_load_balancer_configuration" -> null
      - name                               = "oockpr20241218072459118600000002" -> null
      - name_prefix                        = "oockpr" -> null
      - port                               = 80 -> null
      - protocol                           = "HTTP" -> null
      - protocol_version                   = "HTTP1" -> null
      - proxy_protocol_v2                  = false -> null
      - slow_start                         = 0 -> null
      - tags                               = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all                           = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - target_type                        = "instance" -> null
      - vpc_id                             = "vpc-0e382f3ad89286de9" -> null

      - health_check {
          - enabled             = true -> null
          - healthy_threshold   = 5 -> null
          - interval            = 30 -> null
          - matcher             = "200" -> null
          - path                = "/" -> null
          - port                = "traffic-port" -> null
          - protocol            = "HTTP" -> null
          - timeout             = 5 -> null
          - unhealthy_threshold = 2 -> null
        }

      - stickiness {
          - cookie_duration = 86400 -> null
          - enabled         = false -> null
          - type            = "lb_cookie" -> null
            # (1 unchanged attribute hidden)
        }

      - target_failover {}

      - target_health_state {}
    }

  # module.ooni_clickhouse_proxy.aws_instance.ooni_ec2 will be destroyed
  # (because aws_instance.ooni_ec2 is not in configuration)
  - resource "aws_instance" "ooni_ec2" {
      - ami                                  = "ami-0cf42ae9a371140c8" -> null
      - arn                                  = "arn:aws:ec2:eu-central-1:905418398257:instance/i-074dea1cc0bb3e3f3" -> null
      - associate_public_ip_address          = true -> null
      - availability_zone                    = "eu-central-1a" -> null
      - cpu_core_count                       = 1 -> null
      - cpu_threads_per_core                 = 2 -> null
      - disable_api_stop                     = false -> null
      - disable_api_termination              = false -> null
      - ebs_optimized                        = false -> null
      - get_password_data                    = false -> null
      - hibernation                          = false -> null
      - id                                   = "i-074dea1cc0bb3e3f3" -> null
      - instance_initiated_shutdown_behavior = "stop" -> null
      - instance_state                       = "running" -> null
      - instance_type                        = "t3a.nano" -> null
      - ipv6_address_count                   = 0 -> null
      - ipv6_addresses                       = [] -> null
      - key_name                             = "oonidevops" -> null
      - monitoring                           = false -> null
      - placement_partition_number           = 0 -> null
      - primary_network_interface_id         = "eni-075115be0d384f30d" -> null
      - private_dns                          = "ip-10-0-0-180.eu-central-1.compute.internal" -> null
      - private_ip                           = "10.0.0.180" -> null
      - public_dns                           = "ec2-3-79-60-152.eu-central-1.compute.amazonaws.com" -> null
      - public_ip                            = "3.79.60.152" -> null
      - secondary_private_ips                = [] -> null
      - security_groups                      = [] -> null
      - source_dest_check                    = true -> null
      - subnet_id                            = "subnet-0e7a4478be988463f" -> null
      - tags                                 = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all                             = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tenancy                              = "default" -> null
      - user_data                            = "bd31c4f073ccfc1109babe7ffeb3ecc1983bd61a" -> null
      - user_data_replace_on_change          = false -> null
      - vpc_security_group_ids               = [
          - "sg-0962cbf749373f339",
        ] -> null
        # (7 unchanged attributes hidden)

      - capacity_reservation_specification {
          - capacity_reservation_preference = "open" -> null
        }

      - cpu_options {
          - core_count       = 1 -> null
          - threads_per_core = 2 -> null
            # (1 unchanged attribute hidden)
        }

      - credit_specification {
          - cpu_credits = "unlimited" -> null
        }

      - enclave_options {
          - enabled = false -> null
        }

      - launch_template {
          - id      = "lt-0d34141cf8256e7e4" -> null
          - name    = "oonickprx-tmpl-20241218072502487500000004" -> null
          - version = "$Latest" -> null
        }

      - maintenance_options {
          - auto_recovery = "default" -> null
        }

      - metadata_options {
          - http_endpoint               = "enabled" -> null
          - http_protocol_ipv6          = "disabled" -> null
          - http_put_response_hop_limit = 1 -> null
          - http_tokens                 = "optional" -> null
          - instance_metadata_tags      = "disabled" -> null
        }

      - private_dns_name_options {
          - enable_resource_name_dns_a_record    = false -> null
          - enable_resource_name_dns_aaaa_record = false -> null
          - hostname_type                        = "ip-name" -> null
        }

      - root_block_device {
          - delete_on_termination = true -> null
          - device_name           = "/dev/sda1" -> null
          - encrypted             = false -> null
          - iops                  = 100 -> null
          - tags                  = {} -> null
          - tags_all              = {} -> null
          - throughput            = 0 -> null
          - volume_id             = "vol-02e61d2c6fb3521c0" -> null
          - volume_size           = 8 -> null
          - volume_type           = "gp2" -> null
            # (1 unchanged attribute hidden)
        }
    }

  # module.ooni_clickhouse_proxy.aws_launch_template.ooni_ec2 will be destroyed
  # (because aws_launch_template.ooni_ec2 is not in configuration)
  - resource "aws_launch_template" "ooni_ec2" {
      - arn                                  = "arn:aws:ec2:eu-central-1:905418398257:launch-template/lt-0d34141cf8256e7e4" -> null
      - default_version                      = 1 -> null
      - disable_api_stop                     = false -> null
      - disable_api_termination              = false -> null
      - id                                   = "lt-0d34141cf8256e7e4" -> null
      - image_id                             = (sensitive value) -> null
      - instance_type                        = "t3a.nano" -> null
      - key_name                             = "oonidevops" -> null
      - latest_version                       = 1 -> null
      - name                                 = "oonickprx-tmpl-20241218072502487500000004" -> null
      - name_prefix                          = "oonickprx-tmpl-" -> null
      - tags_all                             = {} -> null
      - user_data                            = "H4sIAAAAAAAA/2TOwUrEMBDG8Xsg7xByn109CV32oO4ePFRBquAxTSZ1oJmUZArt24sFsehx4D8fv8fMgizQrRM2Js2j0OSKHBMtGE6mzzMHV9azbZ/a68PL2/Pl/vXDqu8L3rFUytyY28ONVloB7COtfrYvVKdcSbbWiTj/mZDlZCKNyC7h2RKTHHwc7O9XVxzXiAWu7HMgHhpz15Psgo0suMjRj3kO4DNHGrRqKeE/3F8egFZfAQAA//8m7Wqk/QAAAA==" -> null
        # (5 unchanged attributes hidden)

      - network_interfaces {
          - associate_public_ip_address  = "true" -> null
          - delete_on_termination        = "true" -> null
          - device_index                 = 0 -> null
          - ipv4_address_count           = 0 -> null
          - ipv4_prefix_count            = 0 -> null
          - ipv6_address_count           = 0 -> null
          - ipv6_prefix_count            = 0 -> null
          - network_card_index           = 0 -> null
          - security_groups              = [
              - "sg-0962cbf749373f339",
            ] -> null
          - subnet_id                    = "subnet-0e7a4478be988463f" -> null
            # (5 unchanged attributes hidden)
        }

      - tag_specifications {
          - resource_type = "instance" -> null
          - tags          = {
              - "Environment" = "dev"
              - "Name"        = "ooni-tier0-clickhouseproxy"
              - "Repository"  = "https://github.com/ooni/devops"
            } -> null
        }
    }

  # module.ooni_clickhouse_proxy.aws_lb_target_group_attachment.oonibackend_proxy will be destroyed
  # (because aws_lb_target_group_attachment.oonibackend_proxy is not in configuration)
  - resource "aws_lb_target_group_attachment" "oonibackend_proxy" {
      - id               = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431-20241218072519078800000007" -> null
      - target_group_arn = "arn:aws:elasticloadbalancing:eu-central-1:905418398257:targetgroup/oockpr20241218072459118600000002/9f9687f9704cf431" -> null
      - target_id        = "i-074dea1cc0bb3e3f3" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group.ec2_sg will be destroyed
  # (because aws_security_group.ec2_sg is not in configuration)
  - resource "aws_security_group" "ec2_sg" {
      - arn                    = "arn:aws:ec2:eu-central-1:905418398257:security-group/sg-0962cbf749373f339" -> null
      - description            = "security group for ec2" -> null
      - egress                 = [] -> null
      - id                     = "sg-0962cbf749373f339" -> null
      - ingress                = [] -> null
      - name                   = "oockprx20241218072459115500000001" -> null
      - name_prefix            = "oockprx" -> null
      - owner_id               = "905418398257" -> null
      - revoke_rules_on_delete = false -> null
      - tags                   = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - tags_all               = {
          - "Environment" = "dev"
          - "Name"        = "ooni-tier0-clickhouseproxy"
          - "Repository"  = "https://github.com/ooni/devops"
        } -> null
      - vpc_id                 = "vpc-0e382f3ad89286de9" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_egress[0] will be destroyed
  # (because aws_security_group_rule.ec2_sg_egress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_egress" {
      - cidr_blocks            = [
          - "0.0.0.0/0",
        ] -> null
      - from_port              = 0 -> null
      - id                     = "sgrule-433404543" -> null
      - protocol               = "-1" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-0bc3f31a78c4f2a72" -> null
      - self                   = false -> null
      - to_port                = 0 -> null
      - type                   = "egress" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_egress[1] will be destroyed
  # (because aws_security_group_rule.ec2_sg_egress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_egress" {
      - from_port              = 0 -> null
      - id                     = "sgrule-2829644169" -> null
      - ipv6_cidr_blocks       = [
          - "::/0",
        ] -> null
      - protocol               = "-1" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-09f10a5e4ad849dd0" -> null
      - self                   = false -> null
      - to_port                = 0 -> null
      - type                   = "egress" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[0] will be destroyed
  # (because aws_security_group_rule.ec2_sg_ingress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_ingress" {
      - cidr_blocks            = [
          - "0.0.0.0/0",
        ] -> null
      - from_port              = 22 -> null
      - id                     = "sgrule-455678145" -> null
      - protocol               = "tcp" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-05fdf82f53d806958" -> null
      - self                   = false -> null
      - to_port                = 22 -> null
      - type                   = "ingress" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[1] will be destroyed
  # (because aws_security_group_rule.ec2_sg_ingress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_ingress" {
      - cidr_blocks            = [
          - "0.0.0.0/0",
        ] -> null
      - from_port              = 80 -> null
      - id                     = "sgrule-2913158516" -> null
      - protocol               = "tcp" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-03f7d8dbaef09890f" -> null
      - self                   = false -> null
      - to_port                = 80 -> null
      - type                   = "ingress" -> null
    }

  # module.ooni_clickhouse_proxy.aws_security_group_rule.ec2_sg_ingress[2] will be destroyed
  # (because aws_security_group_rule.ec2_sg_ingress is not in configuration)
  - resource "aws_security_group_rule" "ec2_sg_ingress" {
      - cidr_blocks            = [
          - "0.0.0.0/0",
        ] -> null
      - from_port              = 9000 -> null
      - id                     = "sgrule-3780622166" -> null
      - protocol               = "tcp" -> null
      - security_group_id      = "sg-0962cbf749373f339" -> null
      - security_group_rule_id = "sgr-07597053b7dd05562" -> null
      - self                   = false -> null
      - to_port                = 9000 -> null
      - type                   = "ingress" -> null
    }

  # module.ooni_th_droplet.data.cloudinit_config.ooni_th_docker will be read during apply
  # (config refers to values not yet known)
 <= data "cloudinit_config" "ooni_th_docker" {
      + base64_encode = false
      + boundary      = (known after apply)
      + gzip          = false
      + id            = (known after apply)
      + rendered      = (known after apply)

      + part {
          + content      = (sensitive value)
          + content_type = "text/cloud-config"
          + filename     = "init.cfg"
        }
    }

  # module.ooniapi_cluster.aws_launch_template.container_host will be updated in-place
  ~ resource "aws_launch_template" "container_host" {
      ~ default_version                      = 26 -> (known after apply)
        id                                   = "lt-0e328a8671f870c64"
      ~ image_id                             = (sensitive value)
      ~ latest_version                       = 26 -> (known after apply)
        name                                 = "ooniapi-ecs-cluster20240310192643664900000001"
        tags                                 = {}
        # (16 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.ooniapi_oonifindings_deployer.aws_codepipeline.ooniapi will be updated in-place
  ~ resource "aws_codepipeline" "ooniapi" {
        id             = "ooniapi-oonifindings"
        name           = "ooniapi-oonifindings"
        tags           = {}
        # (5 unchanged attributes hidden)

      - trigger {
          - provider_type = "CodeStarSourceConnection" -> null

          - git_configuration {
              - source_action_name = "Source" -> null

              - push {
                  - branches {
                      - excludes = [] -> null
                      - includes = [
                          - "oonidata",
                        ] -> null
                    }
                }
            }
        }

        # (4 unchanged blocks hidden)
    }

  # module.ooniapi_reverseproxy_deployer.aws_codepipeline.ooniapi will be updated in-place
  ~ resource "aws_codepipeline" "ooniapi" {
        id             = "ooniapi-reverseproxy"
        name           = "ooniapi-reverseproxy"
        tags           = {}
        # (5 unchanged attributes hidden)

      - trigger {
          - provider_type = "CodeStarSourceConnection" -> null

          - git_configuration {
              - source_action_name = "Source" -> null

              - push {
                  - branches {
                      - excludes = [] -> null
                      - includes = [
                          - "master",
                        ] -> null
                    }
                }
            }
        }

        # (4 unchanged blocks hidden)
    }

  # module.terraform_state_backend.data.aws_iam_policy_document.aggregated_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "aggregated_policy" {
      + id                        = (known after apply)
      + json                      = (known after apply)
      + override_policy_documents = []
      + source_policy_documents   = [
          + (known after apply),
        ]
    }

  # module.terraform_state_backend.data.aws_iam_policy_document.bucket_policy[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "bucket_policy" {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Deny"
          + resources = [
              + "arn:aws:s3:::oonidevops-dev-terraform-state/*",
            ]
          + sid       = "DenyIncorrectEncryptionHeader"

          + condition {
              + test     = "StringNotEquals"
              + values   = [
                  + "AES256",
                  + "aws:kms",
                ]
              + variable = "s3:x-amz-server-side-encryption"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Deny"
          + resources = [
              + "arn:aws:s3:::oonidevops-dev-terraform-state/*",
            ]
          + sid       = "DenyUnEncryptedObjectUploads"

          + condition {
              + test     = "Null"
              + values   = [
                  + "true",
                ]
              + variable = "s3:x-amz-server-side-encryption"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
      + statement {
          + actions   = [
              + "s3:*",
            ]
          + effect    = "Deny"
          + resources = [
              + "arn:aws:s3:::oonidevops-dev-terraform-state",
              + "arn:aws:s3:::oonidevops-dev-terraform-state/*",
            ]
          + sid       = "EnforceTlsRequestsOnly"

          + condition {
              + test     = "Bool"
              + values   = [
                  + "false",
                ]
              + variable = "aws:SecureTransport"
            }

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "AWS"
            }
        }
    }

  # module.terraform_state_backend.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.terraform_state_backend.aws_s3_bucket_policy.default[0] will be updated in-place
  ~ resource "aws_s3_bucket_policy" "default" {
        id     = "oonidevops-dev-terraform-state"
      ~ policy = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = "s3:PutObject"
                      - Condition = {
                          - StringNotEquals = {
                              - "s3:x-amz-server-side-encryption" = [
                                  - "AES256",
                                  - "aws:kms",
                                ]
                            }
                        }
                      - Effect    = "Deny"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = "arn:aws:s3:::oonidevops-dev-terraform-state/*"
                      - Sid       = "DenyIncorrectEncryptionHeader"
                    },
                  - {
                      - Action    = "s3:PutObject"
                      - Condition = {
                          - Null = {
                              - "s3:x-amz-server-side-encryption" = "true"
                            }
                        }
                      - Effect    = "Deny"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = "arn:aws:s3:::oonidevops-dev-terraform-state/*"
                      - Sid       = "DenyUnEncryptedObjectUploads"
                    },
                  - {
                      - Action    = "s3:*"
                      - Condition = {
                          - Bool = {
                              - "aws:SecureTransport" = "false"
                            }
                        }
                      - Effect    = "Deny"
                      - Principal = {
                          - AWS = "*"
                        }
                      - Resource  = [
                          - "arn:aws:s3:::oonidevops-dev-terraform-state/*",
                          - "arn:aws:s3:::oonidevops-dev-terraform-state",
                        ]
                      - Sid       = "EnforceTlsRequestsOnly"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        # (1 unchanged attribute hidden)
    }

Plan: 6 to add, 5 to change, 11 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Pusher @hellais
Action pull_request
Environment dev
Workflow .github/workflows/check_terraform.yml
Last updated Tue, 07 Jan 2025 13:12:59 GMT

@hellais hellais merged commit e393643 into main Jan 8, 2025
2 checks passed
@hellais hellais deleted the add-tony-luis branch January 8, 2025 09:06
hellais added a commit that referenced this pull request Jan 8, 2025
* 'main' of github.com:ooni/devops:
  Add tony luis (#138)
  Add credentials for notebook server (#115)
  Request access to notebook.ooni.org (#124)
  Access Request  (#136)
  Add Tony to ssh users (#137)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant