module.ec2.aws_security_group.wwnorton_networks["vpc-0db14c78307b70ca1"]: Refreshing state... [id=sg-037984cb045edb723]
module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nbc_att["vpc-0db14c78307b70ca1"]: Refreshing state... [id=sgr-02712a82bdc46987b]
module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nyc_cogent["vpc-0db14c78307b70ca1"]: Refreshing state... [id=sgr-0688c9ef39b332819]
module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nbc_hf["vpc-0db14c78307b70ca1"]: Refreshing state... [id=sgr-0d66cdbf4eb17d68b]
module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nyc_hf["vpc-0db14c78307b70ca1"]: Refreshing state... [id=sgr-02a29fe564d3f3eba]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.ec2.aws_security_group.wwnorton_networks["vpc-0db14c78307b70ca1"] will be created
+ resource "aws_security_group" "wwnorton_networks" {
+ arn = (known after apply)
+ description = "W.W. Norton networks"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "W.W. Norton networks"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Jira" = "ENG-175"
+ "Name" = "W.W. Norton networks"
}
+ tags_all = {
+ "Jira" = "ENG-175"
+ "Name" = "W.W. Norton networks"
}
+ vpc_id = "vpc-0db14c78307b70ca1"
}
# module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nbc_att["vpc-0db14c78307b70ca1"] will be created
+ resource "aws_vpc_security_group_ingress_rule" "allow_wwnorton_nbc_att" {
+ arn = (known after apply)
+ cidr_ipv4 = "12.40.28.128/27"
+ description = "W.W. Norton - NBC ATT"
+ id = (known after apply)
+ ip_protocol = "-1"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ tags_all = {}
}
# module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nbc_hf["vpc-0db14c78307b70ca1"] will be created
+ resource "aws_vpc_security_group_ingress_rule" "allow_wwnorton_nbc_hf" {
+ arn = (known after apply)
+ cidr_ipv4 = "104.218.140.96/27"
+ description = "W.W. Norton - NBC HF"
+ id = (known after apply)
+ ip_protocol = "-1"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ tags_all = {}
}
# module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nyc_cogent["vpc-0db14c78307b70ca1"] will be created
+ resource "aws_vpc_security_group_ingress_rule" "allow_wwnorton_nyc_cogent" {
+ arn = (known after apply)
+ cidr_ipv4 = "38.109.85.96/27"
+ description = "W.W. Norton - NYC Cogent"
+ id = (known after apply)
+ ip_protocol = "-1"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ tags_all = {}
}
# module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nyc_hf["vpc-0db14c78307b70ca1"] will be created
+ resource "aws_vpc_security_group_ingress_rule" "allow_wwnorton_nyc_hf" {
+ arn = (known after apply)
+ cidr_ipv4 = "104.218.140.128/27"
+ description = "W.W. Norton - NYC HF"
+ id = (known after apply)
+ ip_protocol = "-1"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ tags_all = {}
}
Plan: 5 to add, 0 to change, 0 to destroy.
Warning: AWS resource not found during refresh
with module.ec2.aws_vpc_security_group_ingress_rule.allow_wwnorton_nyc_cogent["vpc-0db14c78307b70ca1"],
on ../../../aws/ec2/securitygroups.tf line 21, in resource "aws_vpc_security_group_ingress_rule" "allow_wwnorton_nyc_cogent":
21: resource "aws_vpc_security_group_ingress_rule" "allow_wwnorton_nyc_cogent" {
Automatically removing from Terraform State instead of returning the error,
which may trigger resource recreation. Original error: couldn't find resource
(and 3 more similar warnings elsewhere)
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.module.iam.aws_iam_role.lambda_security_exposed_key_ids_role[0]: Refreshing state... [id=lambda_security_exposed_key_ids_role_dev]
data.aws_secretsmanager_secret.gitlab_access_token_secret: Reading...
module.iam.aws_iam_role.cloudwatch_apm_synthetics_canary[0]: Refreshing state... [id=cloudwatch_apm_synthetics_canary_role]
module.iam.aws_iam_role.lambda_security_exposed_keywords_role[0]: Refreshing state... [id=lambda_security_exposed_keywords_role_dev]
module.iam.aws_iam_role.lambda_monitoring_vpn_routes_role[0]: Refreshing state... [id=lambda_monitoring_vpn_routes_role_dev]
module.iam.aws_iam_openid_connect_provider.gitlab[0]: Refreshing state... [id=arn:aws:iam::637244866643:oidc-provider/gitlab.com]
module.iam.aws_iam_saml_provider.saml_providers["0"]: Refreshing state... [id=arn:aws:iam::637244866643:saml-provider/Azure_AWS_ClientVPN]
module.iam.aws_iam_user.temporary_users["christoph-genster"]: Refreshing state... [id=temp-christoph-genster]
module.iam.data.aws_caller_identity.current: Reading...
module.iam.aws_iam_policy.sftp_user_policy["r-console-data"]: Refreshing state... [id=arn:aws:iam::637244866643:policy/sftp_user_policy_r-console-data_dev]
module.iam.data.aws_caller_identity.current: Read complete after 0s [id=637244866643]
module.iam.aws_iam_user.temporary_users["enrique-pennimpede"]: Refreshing state... [id=temp-enrique-pennimpede]
data.aws_secretsmanager_secret.gitlab_access_token_secret: Read complete after 0s [id=arn:aws:secretsmanager:us-east-1:637244866643:secret:gitlab_access_token-TeW6uy]
module.iam.aws_iam_user.temporary_users["francisco-carena"]: Refreshing state... [id=temp-francisco-carena]
module.iam.aws_iam_role.vpc_client_vpn_endpoint_azure_clientvpn_role[0]: Refreshing state... [id=vpc_client_vpn_endpoint_azure_clientvpn_role_dev]
module.iam.aws_iam_user.s3_users[0]: Refreshing state... [id=s3_knewton]
module.iam.aws_iam_policy.gitlab_oidc_pipeline[0]: Refreshing state... [id=arn:aws:iam::637244866643:policy/platform-infra-pipeline-dev-policy]
module.iam.aws_iam_policy.cloudwatch_apm_synthetics_canary_policy[0]: Refreshing state... [id=arn:aws:iam::637244866643:policy/cloudwatch_apm_synthetics_canary_policy_dev]
module.iam.aws_iam_policy.lambda_security_exposed_key_ids_policy[0]: Refreshing state... [id=arn:aws:iam::637244866643:policy/lambda_security_exposed_key_ids_policy_dev]
module.iam.aws_iam_policy.s3_users_policy[0]: Refreshing state... [id=arn:aws:iam::637244866643:policy/s3_users_policy_knewton_dev]
module.iam.aws_iam_policy.lambda_security_exposed_keywords_policy[0]: Refreshing state... [id=arn:aws:iam::637244866643:policy/lambda_security_exposed_keywords_policy_dev]
module.iam.aws_iam_role.sftp_user_role["r-console-data"]: Refreshing state... [id=sftp_user_role_r-console-data_dev]
module.iam.aws_iam_user.s3_users[1]: Refreshing state... [id=s3_r_console_data]
module.iam.aws_iam_policy.lambda_monitoring_vpn_routes_policy[0]: Refreshing state... [id=arn:aws:iam::637244866643:policy/lambda_monitoring_vpn_routes_policy_dev]
module.iam.aws_iam_policy.s3_users_policy[1]: Refreshing state... [id=arn:aws:iam::637244866643:policy/s3_users_policy_r-console-data_dev]
module.iam.aws_iam_policy.temporary_expiration_policy["enrique-pennimpede"]: Refreshing state... [id=arn:aws:iam::637244866643:policy/temporary/temporary-expiration-enrique-pennimpede-dev]
module.iam.aws_iam_policy.temporary_expiration_policy["christoph-genster"]: Refreshing state... [id=arn:aws:iam::637244866643:policy/temporary/temporary-expiration-christoph-genster-dev]
module.iam.aws_iam_policy.temporary_expiration_policy["francisco-carena"]: Refreshing state... [id=arn:aws:iam::637244866643:policy/temporary/temporary-expiration-francisco-carena-dev]
module.iam.aws_iam_policy.temporary_user_policy["christoph-genster"]: Refreshing state... [id=arn:aws:iam::637244866643:policy/temporary/temporary-user-christoph-genster-policy-dev]
module.iam.aws_secretsmanager_secret.temporary_user_credentials["enrique-pennimpede"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:637244866643:secret:temporary-user-enrique-pennimpede-credentials-dev-WpjAOH]
module.iam.aws_iam_policy.temporary_user_policy["enrique-pennimpede"]: Refreshing state... [id=arn:aws:iam::637244866643:policy/temporary/temporary-user-enrique-pennimpede-policy-dev]
module.iam.aws_iam_policy.temporary_user_policy["francisco-carena"]: Refreshing state... [id=arn:aws:iam::637244866643:policy/temporary/temporary-user-francisco-carena-policy-dev]
module.iam.aws_secretsmanager_secret.temporary_user_credentials["francisco-carena"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:637244866643:secret:temporary-user-francisco-carena-credentials-dev-d3Zvcu]
module.iam.aws_secretsmanager_secret.temporary_user_credentials["christoph-genster"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:637244866643:secret:temporary-user-christoph-genster-credentials-dev-81GEVu]
module.iam.aws_iam_user_login_profile.temporary_users_console["christoph-genster"]: Refreshing state... [id=temp-christoph-genster]
module.iam.aws_iam_user_login_profile.temporary_users_console["enrique-pennimpede"]: Refreshing state... [id=temp-enrique-pennimpede]
module.iam.aws_iam_user_login_profile.temporary_users_console["francisco-carena"]: Refreshing state... [id=temp-francisco-carena]
module.iam.aws_iam_access_key.temporary_users["christoph-genster"]: Refreshing state... [id=AKIAZIXWBABJ7JC7SR7X]
module.iam.aws_iam_access_key.temporary_users["enrique-pennimpede"]: Refreshing state... [id=AKIAZIXWBABJZH5UHGF3]
module.iam.aws_iam_access_key.temporary_users["francisco-carena"]: Refreshing state... [id=AKIAZIXWBABJQHVU54HS]
module.iam.aws_iam_role_policy_attachment.canary_synthetics_full_access[0]: Refreshing state... [id=cloudwatch_apm_synthetics_canary_role-20250827134412080800000003]
module.iam.aws_iam_role_policy_attachment.canary_basic_execution[0]: Refreshing state... [id=cloudwatch_apm_synthetics_canary_role-20250827134412006500000002]
module.iam.aws_iam_role_policy_attachment.vpc_client_vpn_endpoint_azure_clientvpn_policy_attachment[0]: Refreshing state... [id=vpc_client_vpn_endpoint_azure_clientvpn_role_dev-20250325210844841100000001]
module.iam.aws_iam_role.gitlab_oidc_pipeline[0]: Refreshing state... [id=platform-infra-pipeline-dev]
module.iam.data.aws_iam_policy_document.secrets_manager_policy[0]: Reading...
module.iam.aws_iam_access_key.s3_users[0]: Refreshing state... [id=AKIAZIXWBABJYG4BJNMG]
module.iam.aws_iam_access_key.s3_users[1]: Refreshing state... [id=AKIAZIXWBABJ3HMQ2Z5W]
module.iam.data.aws_iam_policy_document.secrets_manager_policy[0]: Read complete after 0s [id=3810980726]
module.iam.aws_iam_role_policy_attachment.cloudwatch_apm_synthetics_canary_policy_attachment[0]: Refreshing state... [id=cloudwatch_apm_synthetics_canary_role-20250827134412005100000001]
module.iam.aws_iam_role_policy_attachment.lambda_security_exposed_key_ids_policy_attachment[0]: Refreshing state... [id=lambda_security_exposed_key_ids_role_dev-20240602124043640100000001]
module.iam.aws_iam_user_policy_attachment.s3_users_policy_attachment[0]: Refreshing state... [id=s3_knewton-20240718162842215400000002]
module.iam.aws_iam_user_policy_attachment.s3_users_policy_attachment[1]: Refreshing state... [id=s3_r_console_data-20240718163653036700000001]
module.iam.aws_iam_role_policy_attachment.sftp_user_policy_attachment["r-console-data"]: Refreshing state... [id=sftp_user_role_r-console-data_dev-20240722055656301600000001]
module.iam.aws_iam_role_policy_attachment.lambda_security_exposed_keywords_policy_attachment[0]: Refreshing state... [id=lambda_security_exposed_keywords_role_dev-20240808214324405200000002]
module.iam.aws_iam_role_policy_attachment.lambda_monitoring_vpn_routes_policy_attachment[0]: Refreshing state... [id=lambda_monitoring_vpn_routes_role_dev-20250328124350922500000001]
module.iam.aws_iam_user_policy_attachment.temporary_expiration_attachment["enrique-pennimpede"]: Refreshing state... [id=temp-enrique-pennimpede-20250606144325579600000005]
module.iam.aws_iam_user_policy_attachment.temporary_expiration_attachment["christoph-genster"]: Refreshing state... [id=temp-christoph-genster-20250606144325590400000006]
module.iam.aws_iam_user_policy_attachment.temporary_expiration_attachment["francisco-carena"]: Refreshing state... [id=temp-francisco-carena-20250606144325520900000004]
module.iam.aws_iam_user_policy_attachment.temporary_user_policy_attachment["enrique-pennimpede"]: Refreshing state... [id=temp-enrique-pennimpede-20250606144325612600000008]
module.iam.aws_iam_user_policy_attachment.temporary_user_policy_attachment["christoph-genster"]: Refreshing state... [id=temp-christoph-genster-20250606144325612000000007]
module.iam.aws_iam_user_policy_attachment.temporary_user_policy_attachment["francisco-carena"]: Refreshing state... [id=temp-francisco-carena-20250606144325623900000009]
module.iam.aws_iam_policy.lambda_secret_policy[0]: Refreshing state... [id=arn:aws:iam::637244866643:policy/lambda_secret_role_dev]
module.iam.aws_secretsmanager_secret_version.temporary_user_credentials_version["christoph-genster"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:637244866643:secret:temporary-user-christoph-genster-credentials-dev-81GEVu|terraform-2025060614432563250000000c]
module.iam.aws_secretsmanager_secret_version.temporary_user_credentials_version["francisco-carena"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:637244866643:secret:temporary-user-francisco-carena-credentials-dev-d3Zvcu|terraform-2025060614432562650000000a]
module.iam.aws_secretsmanager_secret_version.temporary_user_credentials_version["enrique-pennimpede"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:637244866643:secret:temporary-user-enrique-pennimpede-credentials-dev-WpjAOH|terraform-2025060614432563180000000b]
module.iam.aws_iam_role_policy_attachment.gitlab_oidc_pipeline[0]: Refreshing state... [id=platform-infra-pipeline-dev-20260511151748211800000001]
module.iam.data.aws_iam_policy_document.mongodbatlas_assume_role_trust[0]: Reading...
module.iam.data.aws_iam_policy_document.mongodbatlas_assume_role_trust[0]: Read complete after 0s [id=2320386112]
module.iam.aws_iam_role.mongodbatlas_assume_role[0]: Refreshing state... [id=mongodbatlas_assume_role_dev]
module.iam.aws_iam_role_policy_attachment.lambda_secret_policy_attachment[0]: Refreshing state... [id=lambda_security_exposed_key_ids_role_dev-20240602124043746800000002]
module.iam.aws_iam_role_policy_attachment.lambda_secret_policy_attachment_keywords[0]: Refreshing state... [id=lambda_security_exposed_keywords_role_dev-20240808214324376600000001]
module.iam.aws_iam_role_policy_attachment.mongodbatlas_assume_policy_attachment[0]: Refreshing state... [id=mongodbatlas_assume_role_dev-20250905174604513700000001]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# module.iam.data.aws_iam_policy_document.gitlab_oidc_trust[0] will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_iam_policy_document" "gitlab_oidc_trust" {
+ id = (known after apply)
+ json = (known after apply)
+ minified_json = (known after apply)
+ statement {
+ actions = [
+ "sts:AssumeRoleWithWebIdentity",
]
+ effect = "Allow"
+ condition {
+ test = "StringEquals"
+ values = [
+ "https://gitlab.com",
]
+ variable = "gitlab.com:aud"
}
+ condition {
+ test = "StringLike"
+ values = [
+ "project_path:wwnorton/ops/infrastructure:*",
]
+ variable = "gitlab.com:sub"
}
+ principals {
+ identifiers = [
+ "arn:aws:iam::637244866643:oidc-provider/gitlab.com",
]
+ type = "Federated"
}
}
}
# module.iam.aws_iam_openid_connect_provider.gitlab[0] will be updated in-place
~ resource "aws_iam_openid_connect_provider" "gitlab" {
id = "arn:aws:iam::637244866643:oidc-provider/gitlab.com"
tags = {}
~ thumbprint_list = [
- "d89e3bd43d5d909b47a18977aa9d5ce36cee184c",
]
# (4 unchanged attributes hidden)
}
# module.iam.aws_iam_role.gitlab_oidc_pipeline[0] will be updated in-place
~ resource "aws_iam_role" "gitlab_oidc_pipeline" {
~ assume_role_policy = jsonencode(
{
- Statement = [
- {
- Action = "sts:AssumeRoleWithWebIdentity"
- Condition = {
- StringEquals = {
- "gitlab.com:aud" = "https://gitlab.com"
}
- StringLike = {
- "gitlab.com:sub" = "project_path:wwnorton/ops/infrastructure:*"
}
}
- Effect = "Allow"
- Principal = {
- Federated = "arn:aws:iam::637244866643:oidc-provider/gitlab.com"
}
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
id = "platform-infra-pipeline-dev"
name = "platform-infra-pipeline-dev"
tags = {
"Description" = "GitLab OIDC pipeline role for dev"
"Environment" = "dev"
"ManagedBy" = "terraform"
"Ticket" = "PLAT-993"
}
# (8 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.module.rds.data.aws_secretsmanager_secret_version.db_passwords["genai"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["knewton"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["poc-backstage"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["plat-472-3-0"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["langfuse"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["commerce-api-dev-db"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["commerce-api-dev-db-0"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["poc-backstage-0"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["commerce-api-dev-db"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["sw5-devdb-0"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["knewton"]: Read complete after 0s [id=dev/postgres/knewton/admin|AWSCURRENT]
module.rds.data.aws_security_group.existing_security_groups_by_id["poc-grafana-0"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["poc-backstage"]: Read complete after 0s [id=dev/labs/rds/poc-backstage|AWSCURRENT]
module.rds.data.aws_security_group.existing_security_groups_by_id["genai-0"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["genai"]: Read complete after 0s [id=dev/labs/rds/genai|AWSCURRENT]
module.rds.data.aws_secretsmanager_secret_version.db_passwords["commerce-api-dev-db"]: Read complete after 0s [id=dev/labs/rds/commerce-api-dev-db|AWSCURRENT]
module.rds.data.aws_security_group.existing_security_groups_by_id["knewton-0"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["langfuse"]: Read complete after 0s [id=ops/monitoring/rds/langfuse|AWSCURRENT]
module.rds.data.aws_security_group.existing_security_groups_by_id["langfuse-0"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["kaizen-0"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["plat-472-3-0"]: Read complete after 0s [id=sg-0daaf121546a3a678]
module.rds.data.aws_security_group.existing_security_groups_by_id["plat-517-0"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["poc-backstage-0"]: Read complete after 0s [id=sg-0daaf121546a3a678]
module.rds.data.aws_secretsmanager_secret_version.db_passwords["event-service"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["poc-grafana-0"]: Read complete after 0s [id=sg-0daaf121546a3a678]
module.rds.data.aws_secretsmanager_secret_version.db_passwords["plat-517"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["sw5-devdb-0"]: Read complete after 0s [id=sg-0daa6db226e5a91b3]
module.rds.data.aws_secretsmanager_secret_version.db_passwords["poc-grafana"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["event-service"]: Read complete after 0s [id=stg/ebook/pgadmin|AWSCURRENT]
module.rds.data.aws_secretsmanager_secret_version.db_passwords["plat-472-3"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["genai-0"]: Read complete after 0s [id=sg-0daaf121546a3a678]
module.rds.data.aws_secretsmanager_secret_version.db_passwords["sw5-devdb"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["knewton-0"]: Read complete after 0s [id=sg-0daaf121546a3a678]
module.rds.data.aws_secretsmanager_secret_version.db_passwords["kaizen"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["poc-grafana"]: Read complete after 0s [id=dev/labs/rds/poc-grafana|AWSCURRENT]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["langfuse"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["langfuse-0"]: Read complete after 0s [id=sg-0daaf121546a3a678]
module.rds.data.aws_security_group.existing_security_groups_by_id["plat-517-0"]: Read complete after 0s [id=sg-0daaf121546a3a678]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["poc-grafana"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["plat-517"]: Read complete after 0s [id=dev/labs/rds/plat-517|AWSCURRENT]
module.rds.data.aws_security_group.existing_security_groups_by_id["commerce-api-dev-db-0"]: Read complete after 0s [id=sg-0c35e3dc43b99b0dd]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["sw5-devdb"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["genai"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["event-service"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["plat-472-3"]: Read complete after 0s [id=dev/labs/rds/plat-472|AWSCURRENT]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["kaizen"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["sw5-devdb"]: Read complete after 0s [id=dev/mysql/sw5_devdb/admin|AWSCURRENT]
module.rds.data.aws_security_group.existing_security_groups_by_id["kaizen-0"]: Read complete after 0s [id=sg-0be63d0656c7fbcf1]
module.rds.data.aws_secretsmanager_secret_version.db_passwords["kaizen"]: Read complete after 0s [id=dev/labs/rds/kaizen|AWSCURRENT]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["plat-472-3"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["knewton"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["plat-517"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["commerce-api-dev-db"]: Read complete after 0s [id=rds-ec2-db-subnet-group-2]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["poc-backstage"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["genai"]: Read complete after 0s [id=dev-group]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["langfuse"]: Read complete after 0s [id=dev-group]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["poc-backstage"]: Read complete after 0s [id=dev-group]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["kaizen"]: Read complete after 0s [id=rds-ec2-db-subnet-group-1]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["event-service"]: Read complete after 0s [id=dev-group]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["plat-517"]: Read complete after 0s [id=dev-group]
module.rds.aws_security_group.db_security_groups["event-service"]: Refreshing state... [id=sg-070e4d3a6fb29968c]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["poc-grafana"]: Read complete after 0s [id=dev-group]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["knewton"]: Read complete after 0s [id=default-vpc-0db14c78307b70ca1]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["plat-472-3"]: Read complete after 0s [id=default-vpc-0db14c78307b70ca1]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["sw5-devdb"]: Read complete after 0s [id=default-vpc-0a49b6f13e4080dd6]
module.rds.aws_db_instance.rds_instances_traditional_password["plat-472-3"]: Refreshing state... [id=db-742BGBV6O6DF7CXCL3ST6AQIRQ]
module.rds.aws_db_instance.rds_instances_traditional_password["plat-517"]: Refreshing state... [id=db-IUZSH5WYSIGRJ5DWCB5Y3HKXZU]
module.rds.aws_db_instance.rds_instances_traditional_password["langfuse"]: Refreshing state... [id=db-DJEFEEIFYKFYF3SPOM4VMVUMW4]
module.rds.aws_db_instance.rds_instances_traditional_password["sw5-devdb"]: Refreshing state... [id=db-ZMX4RGRB6INJMEG6GZNA7VNHZY]
module.rds.aws_db_instance.rds_instances_traditional_password["kaizen"]: Refreshing state... [id=db-56CB2Z2AUOVC5I2ZQELJZJQXX4]
module.rds.aws_db_instance.rds_instances_traditional_password["commerce-api-dev-db"]: Refreshing state... [id=db-IPDCSBAE7ZJOWFUIEUEEYDHV3Q]
module.rds.aws_db_instance.rds_instances_traditional_password["poc-grafana"]: Refreshing state... [id=db-JHYXPYP2T3SBVRCUJPYCNA2DVI]
module.rds.aws_db_instance.rds_instances_traditional_password["poc-backstage"]: Refreshing state... [id=db-6ZMDZXIMABEPOQ75YUWPMNKTRQ]
module.rds.aws_db_instance.rds_instances_traditional_password["event-service"]: Refreshing state... [id=db-JGYGKA54BJ3PFC3D7ZJNRU2KJ4]
module.rds.aws_db_instance.rds_instances_traditional_password["genai"]: Refreshing state... [id=db-46XAV6F2XJH4YPCCD2WOYL2OLY]
module.rds.aws_db_instance.rds_instances_traditional_password["knewton"]: Refreshing state... [id=db-XLBWZJCZ6CUGEEXHBOONTNJDSE]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.rds.aws_db_instance.rds_instances_traditional_password["kaizen"] will be updated in-place
~ resource "aws_db_instance" "rds_instances_traditional_password" {
~ engine_version = "8.0.44" -> "8.0.42"
id = "db-56CB2Z2AUOVC5I2ZQELJZJQXX4"
tags = {
"BusinessUnit" = "engineering"
"CreatedBy" = "terraform"
"Environment" = "dev"
"Product" = "platform"
"Team" = "platform"
}
# (55 unchanged attributes hidden)
}
# module.rds.aws_db_instance.rds_instances_traditional_password["sw5-devdb"] will be updated in-place
~ resource "aws_db_instance" "rds_instances_traditional_password" {
~ engine_version = "8.0.44" -> "8.0.42"
id = "db-ZMX4RGRB6INJMEG6GZNA7VNHZY"
tags = {
"BusinessUnit" = "engineering"
"CreatedBy" = "terraform"
"Environment" = "dev"
"Product" = "testmaker"
"Team" = "smartwork"
}
# (57 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.data.aws_caller_identity.current: Reading...
module.aws_config.data.aws_region.current: Reading...
module.aws_config.data.aws_iam_policy_document.config_assume: Reading...
module.aws_config.data.aws_caller_identity.current: Reading...
module.aws_config.data.aws_region.current: Read complete after 0s [id=us-east-1]
module.aws_config.data.aws_iam_policy_document.config_assume: Read complete after 0s [id=607352202]
module.aws_config.data.aws_partition.current: Reading...
data.aws_caller_identity.current: Read complete after 0s [id=524824121587]
module.aws_config.data.aws_partition.current: Read complete after 0s [id=aws]
module.aws_config.data.aws_caller_identity.current: Read complete after 0s [id=524824121587]
module.aws_config.data.aws_iam_policy_document.config_s3_delivery: Reading...
module.aws_config.data.aws_iam_policy_document.config_s3_delivery: Read complete after 0s [id=2936154814]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.aws_config.aws_config_config_rule.this["iam_password_policy"] will be created
+ resource "aws_config_config_rule" "this" {
+ arn = (known after apply)
+ id = (known after apply)
+ input_parameters = jsonencode(
{
+ MaxPasswordAge = "90"
+ MinimumPasswordLength = "14"
+ RequireLowercaseCharacters = "true"
+ RequireNumbers = "true"
+ RequireSymbols = "true"
+ RequireUppercaseCharacters = "true"
}
)
+ maximum_execution_frequency = "TwentyFour_Hours"
+ name = "iam_password_policy"
+ rule_id = (known after apply)
+ tags = {
+ "Environment" = "digitalqa"
+ "ManagedBy" = "terraform"
+ "Owner" = "platform"
}
+ tags_all = {
+ "Environment" = "digitalqa"
+ "ManagedBy" = "terraform"
+ "Owner" = "platform"
}
+ source {
+ owner = "AWS"
+ source_identifier = "IAM_PASSWORD_POLICY"
}
}
# module.aws_config.aws_config_config_rule.this["s3_bucket_public_read_prohibited"] will be created
+ resource "aws_config_config_rule" "this" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "s3_bucket_public_read_prohibited"
+ rule_id = (known after apply)
+ tags = {
+ "Environment" = "digitalqa"
+ "ManagedBy" = "terraform"
+ "Owner" = "platform"
}
+ tags_all = {
+ "Environment" = "digitalqa"
+ "ManagedBy" = "terraform"
+ "Owner" = "platform"
}
+ source {
+ owner = "AWS"
+ source_identifier = "S3_BUCKET_PUBLIC_READ_PROHIBITED"
}
}
# module.aws_config.aws_config_configuration_recorder.this will be created
+ resource "aws_config_configuration_recorder" "this" {
+ id = (known after apply)
+ name = "default"
+ role_arn = (known after apply)
+ recording_group {
+ all_supported = true
+ include_global_resource_types = true
}
+ recording_mode {
+ recording_frequency = "DAILY"
}
}
# module.aws_config.aws_config_configuration_recorder_status.this will be created
+ resource "aws_config_configuration_recorder_status" "this" {
+ id = (known after apply)
+ is_enabled = true
+ name = "default"
}
# module.aws_config.aws_config_delivery_channel.this will be created
+ resource "aws_config_delivery_channel" "this" {
+ id = (known after apply)
+ name = "default"
+ s3_bucket_name = "aws-config-bucket-524824121587"
+ s3_key_prefix = "config"
+ snapshot_delivery_properties {
+ delivery_frequency = "TwentyFour_Hours"
}
}
# module.aws_config.aws_iam_role.config_service[0] will be created
+ resource "aws_iam_role" "config_service" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "config.amazonaws.com"
}
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "aws-config-service-role-digitalqa"
+ name_prefix = (known after apply)
+ path = "/"
+ tags = {
+ "Environment" = "digitalqa"
+ "ManagedBy" = "terraform"
+ "Owner" = "platform"
}
+ tags_all = {
+ "Environment" = "digitalqa"
+ "ManagedBy" = "terraform"
+ "Owner" = "platform"
}
+ unique_id = (known after apply)
}
# module.aws_config.aws_iam_role_policy.config_s3_delivery[0] will be created
+ resource "aws_iam_role_policy" "config_s3_delivery" {
+ id = (known after apply)
+ name = "config-s3-delivery-digitalqa"
+ name_prefix = (known after apply)
+ policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "s3:GetBucketAcl"
+ Effect = "Allow"
+ Resource = "arn:aws:s3:::aws-config-bucket-524824121587"
+ Sid = "ConfigBucketAcl"
},
+ {
+ Action = "s3:PutObject"
+ Condition = {
+ StringEquals = {
+ "s3:x-amz-acl" = "bucket-owner-full-control"
}
}
+ Effect = "Allow"
+ Resource = "arn:aws:s3:::aws-config-bucket-524824121587/config/AWSLogs/524824121587/Config/*"
+ Sid = "ConfigObjectDelivery"
},
]
+ Version = "2012-10-17"
}
)
+ role = (known after apply)
}
# module.aws_config.aws_iam_role_policy_attachment.config_managed[0] will be created
+ resource "aws_iam_role_policy_attachment" "config_managed" {
+ id = (known after apply)
+ policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
+ role = "aws-config-service-role-digitalqa"
}
Plan: 8 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.module.iam.aws_iam_openid_connect_provider.gitlab[0]: Refreshing state... [id=arn:aws:iam::524824121587:oidc-provider/gitlab.com]
module.iam.aws_iam_policy.gitlab_oidc_pipeline[0]: Refreshing state... [id=arn:aws:iam::524824121587:policy/platform-infra-pipeline-digitalqa-policy]
module.iam.data.aws_caller_identity.current: Reading...
module.iam.data.aws_caller_identity.current: Read complete after 0s [id=524824121587]
module.iam.aws_iam_role.gitlab_oidc_pipeline[0]: Refreshing state... [id=platform-infra-pipeline-digitalqa]
module.iam.aws_iam_role_policy_attachment.gitlab_oidc_pipeline[0]: Refreshing state... [id=platform-infra-pipeline-digitalqa-20260511163214732500000001]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# module.iam.data.aws_iam_policy_document.gitlab_oidc_trust[0] will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_iam_policy_document" "gitlab_oidc_trust" {
+ id = (known after apply)
+ json = (known after apply)
+ minified_json = (known after apply)
+ statement {
+ actions = [
+ "sts:AssumeRoleWithWebIdentity",
]
+ effect = "Allow"
+ condition {
+ test = "StringEquals"
+ values = [
+ "https://gitlab.com",
]
+ variable = "gitlab.com:aud"
}
+ condition {
+ test = "StringLike"
+ values = [
+ "project_path:wwnorton/ops/infrastructure:*",
]
+ variable = "gitlab.com:sub"
}
+ principals {
+ identifiers = [
+ "arn:aws:iam::524824121587:oidc-provider/gitlab.com",
]
+ type = "Federated"
}
}
}
# module.iam.aws_iam_openid_connect_provider.gitlab[0] will be updated in-place
~ resource "aws_iam_openid_connect_provider" "gitlab" {
id = "arn:aws:iam::524824121587:oidc-provider/gitlab.com"
tags = {}
~ thumbprint_list = [
- "d89e3bd43d5d909b47a18977aa9d5ce36cee184c",
]
# (4 unchanged attributes hidden)
}
# module.iam.aws_iam_role.gitlab_oidc_pipeline[0] will be updated in-place
~ resource "aws_iam_role" "gitlab_oidc_pipeline" {
~ assume_role_policy = jsonencode(
{
- Statement = [
- {
- Action = "sts:AssumeRoleWithWebIdentity"
- Condition = {
- StringEquals = {
- "gitlab.com:aud" = "https://gitlab.com"
}
- StringLike = {
- "gitlab.com:sub" = "project_path:wwnorton/ops/infrastructure:*"
}
}
- Effect = "Allow"
- Principal = {
- Federated = "arn:aws:iam::524824121587:oidc-provider/gitlab.com"
}
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
id = "platform-infra-pipeline-digitalqa"
name = "platform-infra-pipeline-digitalqa"
tags = {
"Description" = "GitLab OIDC pipeline role for digitalqa"
"Environment" = "digitalqa"
"ManagedBy" = "terraform"
"Ticket" = "PLAT-993"
}
# (8 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.module.s3.aws_s3_bucket.s3_buckets["aws-config-bucket-524824121587"]: Refreshing state... [id=aws-config-bucket-524824121587]
module.s3.aws_s3_bucket_server_side_encryption_configuration.encryption["aws-config-bucket-524824121587"]: Refreshing state... [id=aws-config-bucket-524824121587]
module.s3.aws_s3_bucket_versioning.versioning["aws-config-bucket-524824121587"]: Refreshing state... [id=aws-config-bucket-524824121587]
module.s3.aws_s3_bucket_policy.custom_policies["aws-config-bucket-524824121587"]: Refreshing state... [id=aws-config-bucket-524824121587]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform planned the following actions, but then encountered a problem:
# module.s3.aws_s3_bucket.s3_buckets["aws-config-bucket-524824121587"] will be created
+ resource "aws_s3_bucket" "s3_buckets" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
+ arn = (known after apply)
+ bucket = "aws-config-bucket-524824121587"
+ bucket_domain_name = (known after apply)
+ bucket_prefix = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = true
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ object_lock_enabled = (known after apply)
+ policy = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags_all = (known after apply)
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Error: reading S3 Bucket Versioning (aws-config-bucket-524824121587): operation error S3: GetBucketVersioning, https response error StatusCode: 403, RequestID: ZJ25REK0BFWSQQ3Q, HostID: 9utCVqk1PtQsYZHbACewBNryNnYg38XFjqGjCuOHZJAJjneSGi0xnJFKNNtPTwoI3sx01BN/+h8=, api error AccessDenied: User: arn:aws:sts::524824121587:assumed-role/platform-infra-pipeline-digitalqa/gl-drift-14525256950 is not authorized to perform: s3:GetBucketVersioning on resource: "arn:aws:s3:::aws-config-bucket-524824121587" because no resource-based policy allows the s3:GetBucketVersioning action
with module.s3.aws_s3_bucket_versioning.versioning["aws-config-bucket-524824121587"],
on ../../../aws/s3/s3.tf line 11, in resource "aws_s3_bucket_versioning" "versioning":
11: resource "aws_s3_bucket_versioning" "versioning" {
Error: reading S3 Bucket Server-side Encryption Configuration (aws-config-bucket-524824121587): operation error S3: GetBucketEncryption, https response error StatusCode: 403, RequestID: DWJ0Y89H714ETCNY, HostID: YbHWN+MmLte4xrGloN0OMBakA1q54+t5ibnHBbxDxBULdxINt8xv6HRFEKGAhgdafkDTHXVhTn0=, api error AccessDenied: User: arn:aws:sts::524824121587:assumed-role/platform-infra-pipeline-digitalqa/gl-drift-14525256950 is not authorized to perform: s3:GetEncryptionConfiguration on resource: "arn:aws:s3:::aws-config-bucket-524824121587" because no resource-based policy allows the s3:GetEncryptionConfiguration action
with module.s3.aws_s3_bucket_server_side_encryption_configuration.encryption["aws-config-bucket-524824121587"],
on ../../../aws/s3/s3.tf line 24, in resource "aws_s3_bucket_server_side_encryption_configuration" "encryption":
24: resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" {
Error: reading S3 Bucket Policy (aws-config-bucket-524824121587): operation error S3: GetBucketPolicy, https response error StatusCode: 403, RequestID: DWJ25HQK8M3GMZ9R, HostID: NWT2K9litPShvQtqrGURn32RZWfejeTGL0aDAr0Om/vwo7yF/B3A0JJiOOBeW+PGqNQgbW/RoaU=, api error AccessDenied: User: arn:aws:sts::524824121587:assumed-role/platform-infra-pipeline-digitalqa/gl-drift-14525256950 is not authorized to perform: s3:GetBucketPolicy on resource: "arn:aws:s3:::aws-config-bucket-524824121587" because no resource-based policy allows the s3:GetBucketPolicy action
with module.s3.aws_s3_bucket_policy.custom_policies["aws-config-bucket-524824121587"],
on ../../../aws/s3/s3.tf line 126, in resource "aws_s3_bucket_policy" "custom_policies":
126: resource "aws_s3_bucket_policy" "custom_policies" {module.iam.aws_iam_policy.gitlab_oidc_pipeline[0]: Refreshing state... [id=arn:aws:iam::624967411599:policy/platform-infra-pipeline-editorial-policy]
module.iam.aws_iam_openid_connect_provider.gitlab[0]: Refreshing state... [id=arn:aws:iam::624967411599:oidc-provider/gitlab.com]
module.iam.data.aws_caller_identity.current: Reading...
module.iam.data.aws_caller_identity.current: Read complete after 0s [id=624967411599]
module.iam.aws_iam_role.gitlab_oidc_pipeline[0]: Refreshing state... [id=platform-infra-pipeline-editorial]
module.iam.aws_iam_role_policy_attachment.gitlab_oidc_pipeline[0]: Refreshing state... [id=platform-infra-pipeline-editorial-20260511162918633600000001]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# module.iam.data.aws_iam_policy_document.gitlab_oidc_trust[0] will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_iam_policy_document" "gitlab_oidc_trust" {
+ id = (known after apply)
+ json = (known after apply)
+ minified_json = (known after apply)
+ statement {
+ actions = [
+ "sts:AssumeRoleWithWebIdentity",
]
+ effect = "Allow"
+ condition {
+ test = "StringEquals"
+ values = [
+ "https://gitlab.com",
]
+ variable = "gitlab.com:aud"
}
+ condition {
+ test = "StringLike"
+ values = [
+ "project_path:wwnorton/ops/infrastructure:*",
]
+ variable = "gitlab.com:sub"
}
+ principals {
+ identifiers = [
+ "arn:aws:iam::624967411599:oidc-provider/gitlab.com",
]
+ type = "Federated"
}
}
}
# module.iam.aws_iam_openid_connect_provider.gitlab[0] will be updated in-place
~ resource "aws_iam_openid_connect_provider" "gitlab" {
id = "arn:aws:iam::624967411599:oidc-provider/gitlab.com"
tags = {}
~ thumbprint_list = [
- "d89e3bd43d5d909b47a18977aa9d5ce36cee184c",
]
# (4 unchanged attributes hidden)
}
# module.iam.aws_iam_role.gitlab_oidc_pipeline[0] will be updated in-place
~ resource "aws_iam_role" "gitlab_oidc_pipeline" {
~ assume_role_policy = jsonencode(
{
- Statement = [
- {
- Action = "sts:AssumeRoleWithWebIdentity"
- Condition = {
- StringEquals = {
- "gitlab.com:aud" = "https://gitlab.com"
}
- StringLike = {
- "gitlab.com:sub" = "project_path:wwnorton/ops/infrastructure:*"
}
}
- Effect = "Allow"
- Principal = {
- Federated = "arn:aws:iam::624967411599:oidc-provider/gitlab.com"
}
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
id = "platform-infra-pipeline-editorial"
name = "platform-infra-pipeline-editorial"
tags = {
"Description" = "GitLab OIDC pipeline role for editorial"
"Environment" = "editorial"
"ManagedBy" = "terraform"
"Ticket" = "PLAT-993"
}
# (8 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Planning failed. Terraform encountered an error while generating this plan.
Error: EmptyStaticCreds: static credentials are empty
with provider["registry.terraform.io/mongodb/mongodbatlas"],
on providers.tf line 23, in provider "mongodbatlas":
23: provider "mongodbatlas" {
Planning failed. Terraform encountered an error while generating this plan.
Error: EmptyStaticCreds: static credentials are empty
with provider["registry.terraform.io/mongodb/mongodbatlas"],
on providers.tf line 23, in provider "mongodbatlas":
23: provider "mongodbatlas" {
Planning failed. Terraform encountered an error while generating this plan.
Error: EmptyStaticCreds: static credentials are empty
with provider["registry.terraform.io/mongodb/mongodbatlas"],
on providers.tf line 23, in provider "mongodbatlas":
23: provider "mongodbatlas" {
Planning failed. Terraform encountered an error while generating this plan.
Error: EmptyStaticCreds: static credentials are empty
with provider["registry.terraform.io/mongodb/mongodbatlas"],
on providers.tf line 23, in provider "mongodbatlas":
23: provider "mongodbatlas" {data.aws_lambda_function.function_name: Reading...
module.events.aws_cloudwatch_event_rule.lambda_cron_every_day_at_5_am_utc: Refreshing state... [id=lambda-cron-every-day-at-5-am-utc]
data.aws_lambda_function.function_name: Read complete after 0s [id=security_exposed_key_ids_prod]
module.events.aws_cloudwatch_event_target.trigger_lambda_on_schedule: Refreshing state... [id=lambda-cron-every-day-at-5-am-utc-terraform-20240606134957731400000005]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:
# module.events.aws_cloudwatch_event_rule.lambda_cron_every_day_at_5_am_utc has been deleted
- resource "aws_cloudwatch_event_rule" "lambda_cron_every_day_at_5_am_utc" {
- arn = "arn:aws:events:us-east-1:100478842646:rule/lambda-cron-every-day-at-5-am-utc" -> null
- description = "Run every day at 5am UTC" -> null
- event_bus_name = "default" -> null
- force_destroy = false -> null
- id = "lambda-cron-every-day-at-5-am-utc" -> null
- is_enabled = true -> null
- name = "lambda-cron-every-day-at-5-am-utc" -> null
- schedule_expression = "cron(0 5 * * ? *)" -> null
- state = "ENABLED" -> null
- tags = {} -> null
- tags_all = {} -> null
}
Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.
─────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.events.aws_cloudwatch_event_rule.lambda_cron_every_day_at_5_am_utc will be created
+ resource "aws_cloudwatch_event_rule" "lambda_cron_every_day_at_5_am_utc" {
+ arn = (known after apply)
+ description = "Run every day at 5am UTC"
+ event_bus_name = "default"
+ force_destroy = false
+ id = (known after apply)
+ name = "lambda-cron-every-day-at-5-am-utc"
+ name_prefix = (known after apply)
+ schedule_expression = "cron(0 5 * * ? *)"
+ tags_all = (known after apply)
}
# module.events.aws_cloudwatch_event_target.trigger_lambda_on_schedule will be created
+ resource "aws_cloudwatch_event_target" "trigger_lambda_on_schedule" {
+ arn = "arn:aws:lambda:us-east-1:100478842646:function:security_exposed_key_ids_prod"
+ event_bus_name = "default"
+ force_destroy = false
+ id = (known after apply)
+ rule = "lambda-cron-every-day-at-5-am-utc"
+ target_id = (known after apply)
}
Plan: 2 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.module.iam.aws_iam_role.vpc_client_vpn_endpoint_azure_clientvpn_role[0]: Refreshing state... [id=vpc_client_vpn_endpoint_azure_clientvpn_role_prod]
module.iam.aws_iam_policy.lambda_security_exposed_keywords_policy[0]: Refreshing state... [id=arn:aws:iam::100478842646:policy/lambda_security_exposed_keywords_policy_prod]
module.iam.aws_iam_user.temporary_users["christoph-genster"]: Refreshing state... [id=temp-christoph-genster]
module.iam.data.aws_caller_identity.current: Reading...
module.iam.aws_iam_user.s3_users[1]: Refreshing state... [id=s3_r-console-data]
module.iam.aws_iam_user.s3_users[0]: Refreshing state... [id=s3_knewton]
module.iam.aws_iam_role.cloudwatch_apm_synthetics_canary[0]: Refreshing state... [id=cloudwatch_apm_synthetics_canary_role]
module.iam.aws_iam_policy.cloudwatch_apm_synthetics_canary_policy[0]: Refreshing state... [id=arn:aws:iam::100478842646:policy/cloudwatch_apm_synthetics_canary_policy_prod]
module.iam.aws_iam_role.lambda_security_exposed_keywords_role[0]: Refreshing state... [id=lambda_security_exposed_keywords_role_prod]
module.iam.aws_iam_user.temporary_users["enrique-pennimpede"]: Refreshing state... [id=temp-enrique-pennimpede]
module.iam.data.aws_caller_identity.current: Read complete after 0s [id=100478842646]
module.iam.aws_iam_user.temporary_users["francisco-carena"]: Refreshing state... [id=temp-francisco-carena]
module.iam.aws_iam_policy.sftp_user_policy["r-console-data"]: Refreshing state... [id=arn:aws:iam::100478842646:policy/sftp_user_policy_r-console-data_prod]
module.iam.aws_iam_policy.gitlab_oidc_pipeline[0]: Refreshing state... [id=arn:aws:iam::100478842646:policy/platform-infra-pipeline-prod-policy]
module.iam.aws_iam_policy.lambda_security_exposed_key_ids_policy[0]: Refreshing state... [id=arn:aws:iam::100478842646:policy/lambda_security_exposed_key_ids_policy_prod]
module.iam.aws_iam_policy.lambda_monitoring_vpn_routes_policy[0]: Refreshing state... [id=arn:aws:iam::100478842646:policy/lambda_monitoring_vpn_routes_policy_prod]
module.iam.aws_iam_role.sftp_user_role["r-console-data"]: Refreshing state... [id=sftp_user_role_r-console-data_prod]
module.iam.aws_iam_policy.s3_users_policy[0]: Refreshing state... [id=arn:aws:iam::100478842646:policy/s3_users_policy_knewton_prod]
module.iam.aws_iam_policy.s3_users_policy[1]: Refreshing state... [id=arn:aws:iam::100478842646:policy/s3_users_policy_r-console-data_prod]
data.aws_secretsmanager_secret.gitlab_access_token_secret: Reading...
module.iam.aws_iam_role.lambda_monitoring_vpn_routes_role[0]: Refreshing state... [id=lambda_monitoring_vpn_routes_role_prod]
module.iam.aws_iam_openid_connect_provider.gitlab[0]: Refreshing state... [id=arn:aws:iam::100478842646:oidc-provider/gitlab.com]
module.iam.aws_iam_role.lambda_security_exposed_key_ids_role[0]: Refreshing state... [id=lambda_security_exposed_key_ids_role_prod]
module.iam.aws_iam_access_key.s3_users[0]: Refreshing state... [id=AKIAROZIBO4LLB2Q2SI7]
data.aws_secretsmanager_secret.gitlab_access_token_secret: Read complete after 0s [id=arn:aws:secretsmanager:us-east-1:100478842646:secret:gitlab_access_token-5Pz3f6]
module.iam.aws_iam_access_key.s3_users[1]: Refreshing state... [id=AKIAROZIBO4LC5M43BD4]
module.iam.aws_iam_user_login_profile.temporary_users_console["francisco-carena"]: Refreshing state... [id=temp-francisco-carena]
module.iam.aws_iam_access_key.temporary_users["christoph-genster"]: Refreshing state... [id=AKIAROZIBO4LCW4L7YEL]
module.iam.aws_iam_policy.temporary_expiration_policy["enrique-pennimpede"]: Refreshing state... [id=arn:aws:iam::100478842646:policy/temporary/temporary-expiration-enrique-pennimpede-prod]
module.iam.aws_iam_user_login_profile.temporary_users_console["enrique-pennimpede"]: Refreshing state... [id=temp-enrique-pennimpede]
module.iam.aws_iam_user_login_profile.temporary_users_console["christoph-genster"]: Refreshing state... [id=temp-christoph-genster]
module.iam.aws_iam_policy.temporary_expiration_policy["francisco-carena"]: Refreshing state... [id=arn:aws:iam::100478842646:policy/temporary/temporary-expiration-francisco-carena-prod]
module.iam.aws_iam_policy.temporary_expiration_policy["christoph-genster"]: Refreshing state... [id=arn:aws:iam::100478842646:policy/temporary/temporary-expiration-christoph-genster-prod]
module.iam.aws_secretsmanager_secret.temporary_user_credentials["enrique-pennimpede"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:100478842646:secret:temporary-user-enrique-pennimpede-credentials-prod-gmGWM7]
module.iam.aws_iam_access_key.temporary_users["francisco-carena"]: Refreshing state... [id=AKIAROZIBO4LDWIH3BGL]
module.iam.aws_iam_access_key.temporary_users["enrique-pennimpede"]: Refreshing state... [id=AKIAROZIBO4LED5J2YTI]
module.iam.aws_secretsmanager_secret.temporary_user_credentials["francisco-carena"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:100478842646:secret:temporary-user-francisco-carena-credentials-prod-JaesV1]
module.iam.aws_secretsmanager_secret.temporary_user_credentials["christoph-genster"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:100478842646:secret:temporary-user-christoph-genster-credentials-prod-Yz3Eae]
module.iam.aws_iam_policy.temporary_user_policy["christoph-genster"]: Refreshing state... [id=arn:aws:iam::100478842646:policy/temporary/temporary-user-christoph-genster-policy-prod]
module.iam.aws_iam_policy.temporary_user_policy["enrique-pennimpede"]: Refreshing state... [id=arn:aws:iam::100478842646:policy/temporary/temporary-user-enrique-pennimpede-policy-prod]
module.iam.aws_iam_policy.temporary_user_policy["francisco-carena"]: Refreshing state... [id=arn:aws:iam::100478842646:policy/temporary/temporary-user-francisco-carena-policy-prod]
module.iam.aws_iam_role_policy_attachment.vpc_client_vpn_endpoint_azure_clientvpn_policy_attachment[0]: Refreshing state... [id=vpc_client_vpn_endpoint_azure_clientvpn_role_prod-20250328184118196000000001]
module.iam.aws_iam_role_policy_attachment.lambda_security_exposed_keywords_policy_attachment[0]: Refreshing state... [id=lambda_security_exposed_keywords_role_prod-20240808205405331200000002]
module.iam.aws_iam_role_policy_attachment.canary_basic_execution[0]: Refreshing state... [id=cloudwatch_apm_synthetics_canary_role-20251022184047269000000002]
module.iam.aws_iam_role_policy_attachment.cloudwatch_apm_synthetics_canary_policy_attachment[0]: Refreshing state... [id=cloudwatch_apm_synthetics_canary_role-20251022184047251600000001]
module.iam.aws_iam_role_policy_attachment.canary_synthetics_full_access[0]: Refreshing state... [id=cloudwatch_apm_synthetics_canary_role-20251022184047269900000003]
module.iam.aws_iam_user_policy_attachment.s3_users_policy_attachment[0]: Refreshing state... [id=s3_knewton-20250606144325852200000001]
module.iam.aws_iam_user_policy_attachment.s3_users_policy_attachment[1]: Refreshing state... [id=s3_r-console-data-20240723221919950000000002]
module.iam.aws_iam_role_policy_attachment.sftp_user_policy_attachment["r-console-data"]: Refreshing state... [id=sftp_user_role_r-console-data_prod-20240723183845504000000001]
module.iam.aws_iam_role_policy_attachment.lambda_monitoring_vpn_routes_policy_attachment[0]: Refreshing state... [id=lambda_monitoring_vpn_routes_role_prod-20250328182930989200000001]
module.iam.aws_iam_user_policy_attachment.temporary_expiration_attachment["enrique-pennimpede"]: Refreshing state... [id=temp-enrique-pennimpede-20250606144326120800000008]
module.iam.aws_iam_user_policy_attachment.temporary_expiration_attachment["christoph-genster"]: Refreshing state... [id=temp-christoph-genster-2025060614432620840000000d]
module.iam.aws_iam_user_policy_attachment.temporary_expiration_attachment["francisco-carena"]: Refreshing state... [id=temp-francisco-carena-20250606144326121700000009]
module.iam.aws_iam_role_policy_attachment.lambda_security_exposed_key_ids_policy_attachment[0]: Refreshing state... [id=lambda_security_exposed_key_ids_role_prod-20240606134944067000000002]
module.iam.aws_iam_role.gitlab_oidc_pipeline[0]: Refreshing state... [id=platform-infra-pipeline-prod]
module.iam.data.aws_iam_policy_document.secrets_manager_policy[0]: Reading...
module.iam.data.aws_iam_policy_document.secrets_manager_policy[0]: Read complete after 0s [id=1000248799]
module.iam.aws_secretsmanager_secret_version.temporary_user_credentials_version["christoph-genster"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:100478842646:secret:temporary-user-christoph-genster-credentials-prod-Yz3Eae|terraform-2025060614432614300000000a]
module.iam.aws_secretsmanager_secret_version.temporary_user_credentials_version["enrique-pennimpede"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:100478842646:secret:temporary-user-enrique-pennimpede-credentials-prod-gmGWM7|terraform-2025060614432614620000000b]
module.iam.aws_secretsmanager_secret_version.temporary_user_credentials_version["francisco-carena"]: Refreshing state... [id=arn:aws:secretsmanager:us-east-1:100478842646:secret:temporary-user-francisco-carena-credentials-prod-JaesV1|terraform-2025060614432614980000000c]
module.iam.aws_iam_policy.lambda_secret_policy[0]: Refreshing state... [id=arn:aws:iam::100478842646:policy/lambda_secret_role_prod]
module.iam.aws_iam_user_policy_attachment.temporary_user_policy_attachment["francisco-carena"]: Refreshing state... [id=temp-francisco-carena-20250606144326057200000007]
module.iam.aws_iam_user_policy_attachment.temporary_user_policy_attachment["enrique-pennimpede"]: Refreshing state... [id=temp-enrique-pennimpede-20250606144326052700000005]
module.iam.aws_iam_user_policy_attachment.temporary_user_policy_attachment["christoph-genster"]: Refreshing state... [id=temp-christoph-genster-20250606144326054800000006]
module.iam.aws_iam_role_policy_attachment.lambda_secret_policy_attachment_keywords[0]: Refreshing state... [id=lambda_security_exposed_keywords_role_prod-20240808205405282100000001]
module.iam.aws_iam_role_policy_attachment.lambda_secret_policy_attachment[0]: Refreshing state... [id=lambda_security_exposed_key_ids_role_prod-20240606134944160800000003]
module.iam.aws_iam_role_policy_attachment.gitlab_oidc_pipeline[0]: Refreshing state... [id=platform-infra-pipeline-prod-20260511151802893600000001]
module.iam.data.aws_iam_policy_document.mongodbatlas_assume_role_trust[0]: Reading...
module.iam.data.aws_iam_policy_document.mongodbatlas_assume_role_trust[0]: Read complete after 0s [id=257774811]
module.iam.aws_iam_role.mongodbatlas_assume_role[0]: Refreshing state... [id=mongodbatlas_assume_role_prod]
module.iam.aws_iam_role_policy_attachment.mongodbatlas_assume_policy_attachment[0]: Refreshing state... [id=mongodbatlas_assume_role_prod-20251022184047279700000004]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
<= read (data resources)
Terraform will perform the following actions:
# module.iam.data.aws_iam_policy_document.gitlab_oidc_trust[0] will be read during apply
# (depends on a resource or a module with changes pending)
<= data "aws_iam_policy_document" "gitlab_oidc_trust" {
+ id = (known after apply)
+ json = (known after apply)
+ minified_json = (known after apply)
+ statement {
+ actions = [
+ "sts:AssumeRoleWithWebIdentity",
]
+ effect = "Allow"
+ condition {
+ test = "StringEquals"
+ values = [
+ "https://gitlab.com",
]
+ variable = "gitlab.com:aud"
}
+ condition {
+ test = "StringLike"
+ values = [
+ "project_path:wwnorton/ops/infrastructure:*",
]
+ variable = "gitlab.com:sub"
}
+ principals {
+ identifiers = [
+ "arn:aws:iam::100478842646:oidc-provider/gitlab.com",
]
+ type = "Federated"
}
}
}
# module.iam.aws_iam_openid_connect_provider.gitlab[0] will be updated in-place
~ resource "aws_iam_openid_connect_provider" "gitlab" {
id = "arn:aws:iam::100478842646:oidc-provider/gitlab.com"
tags = {}
~ thumbprint_list = [
- "d89e3bd43d5d909b47a18977aa9d5ce36cee184c",
]
# (4 unchanged attributes hidden)
}
# module.iam.aws_iam_role.gitlab_oidc_pipeline[0] will be updated in-place
~ resource "aws_iam_role" "gitlab_oidc_pipeline" {
~ assume_role_policy = jsonencode(
{
- Statement = [
- {
- Action = "sts:AssumeRoleWithWebIdentity"
- Condition = {
- StringEquals = {
- "gitlab.com:aud" = "https://gitlab.com"
}
- StringLike = {
- "gitlab.com:sub" = "project_path:wwnorton/ops/infrastructure:*"
}
}
- Effect = "Allow"
- Principal = {
- Federated = "arn:aws:iam::100478842646:oidc-provider/gitlab.com"
}
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
id = "platform-infra-pipeline-prod"
name = "platform-infra-pipeline-prod"
tags = {
"Description" = "GitLab OIDC pipeline role for prod"
"Environment" = "prod"
"ManagedBy" = "terraform"
"Ticket" = "PLAT-993"
}
# (8 unchanged attributes hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.module.rds.data.aws_secretsmanager_secret_version.db_passwords["sw5-prd"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["sw5-prd-1"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["hypothesis-prod"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["knewton"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["knewton"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["sw5-prd"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["genai"]: Reading...
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["hypothesis-prod"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["genai"]: Reading...
module.rds.data.aws_security_group.existing_replica_security_groups_by_id["sw5-prd-1-2"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["hypothesis-prod"]: Read complete after 0s [id=production/labs/rds/hypothesis-prod|AWSCURRENT]
module.rds.data.aws_db_subnet_group.existing_replica_subnet_groups_by_name["sw5-prd-1"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["sw5-prd"]: Read complete after 0s [id=production/labs/rds/sw5-prd|AWSCURRENT]
module.rds.data.aws_security_group.existing_replica_security_groups_by_id["sw5-prd-1-0"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["genai"]: Read complete after 0s [id=production/labs/rds/genai|AWSCURRENT]
module.rds.data.aws_security_group.existing_replica_security_groups_by_id["sw5-prd-1-1"]: Reading...
module.rds.data.aws_secretsmanager_secret_version.db_passwords["knewton"]: Read complete after 0s [id=rds!db-d07796eb-3595-4ad7-972c-a9e53384d44d|AWSCURRENT]
module.rds.data.aws_security_group.existing_security_groups_by_id["genai-0"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["sw5-prd-1"]: Read complete after 0s [id=sg-207a5751]
module.rds.data.aws_security_group.existing_security_groups_by_id["hypothesis-prod-0"]: Reading...
module.rds.data.aws_security_group.existing_replica_security_groups_by_id["sw5-prd-1-2"]: Read complete after 0s [id=sg-093de6c8c0a431471]
module.rds.data.aws_security_group.existing_security_groups_by_id["knewton-0"]: Reading...
module.rds.data.aws_security_group.existing_replica_security_groups_by_id["sw5-prd-1-1"]: Read complete after 0s [id=sg-207a5751]
module.rds.data.aws_security_group.existing_security_groups_by_id["sw5-prd-0"]: Reading...
module.rds.data.aws_security_group.existing_security_groups_by_id["hypothesis-prod-0"]: Read complete after 0s [id=sg-0ec8114e41abf4063]
module.rds.data.aws_security_group.existing_security_groups_by_id["knewton-0"]: Read complete after 0s [id=sg-0ec8114e41abf4063]
module.rds.data.aws_security_group.existing_security_groups_by_id["genai-0"]: Read complete after 0s [id=sg-0ec8114e41abf4063]
module.rds.data.aws_security_group.existing_replica_security_groups_by_id["sw5-prd-1-0"]: Read complete after 0s [id=sg-682c1116]
module.rds.data.aws_security_group.existing_security_groups_by_id["sw5-prd-0"]: Read complete after 0s [id=sg-682c1116]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["hypothesis-prod"]: Read complete after 0s [id=prod-group]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["genai"]: Read complete after 0s [id=prod-group]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["knewton"]: Read complete after 0s [id=prod-group]
module.rds.data.aws_db_subnet_group.existing_subnet_groups_by_name["sw5-prd"]: Read complete after 0s [id=default]
module.rds.aws_db_instance.rds_instances_traditional_password["genai"]: Refreshing state... [id=db-2U6Q5G7LG7UTQTE5RTLUYLULRU]
module.rds.aws_db_instance.rds_instances_managed_password["knewton"]: Refreshing state... [id=db-ZLWGDMMWWPNTN3GB7FHT3UUFTE]
module.rds.aws_db_instance.rds_instances_traditional_password["sw5-prd"]: Refreshing state... [id=db-JX63HZ2HTTWTCO4VEUINTZ4LBM]
module.rds.aws_db_instance.rds_instances_traditional_password["hypothesis-prod"]: Refreshing state... [id=db-HQY2V5EPBL432HF7WZ2NEFXN3I]
module.rds.data.aws_db_subnet_group.existing_replica_subnet_groups_by_name["sw5-prd-1"]: Read complete after 0s [id=default]
module.rds.aws_db_instance.rds_read_replicas["sw5-prd-1"]: Refreshing state... [id=db-GJMHNVGZOUMVAZDPLU5QPC555Y]
Changes to Outputs:
~ database_instances = {
~ sw5-prd = {
~ engine_version = "8.0.42" -> "8.0.44"
id = "db-JX63HZ2HTTWTCO4VEUINTZ4LBM"
tags = {
BusinessUnit = "engineering"
CreatedBy = "terraform"
Environment = "prod"
Product = "testmaker"
Team = "smartwork"
}
# (33 unchanged attributes hidden)
}
~ sw5-prd-1 = {
~ engine_version = "8.0.42" -> "8.0.44"
id = "db-GJMHNVGZOUMVAZDPLU5QPC555Y"
tags = {}
# (36 unchanged attributes hidden)
}
# (3 unchanged attributes hidden)
}
You can apply this plan to save these new output values to the Terraform
state, without changing any real infrastructure.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.module.s3_to_loki["alb"].data.archive_file.lambda_zip: Reading...
module.s3_to_loki["alb"].data.archive_file.lambda_zip: Read complete after 0s [id=847a0f2737eebccba52f9184683d055e9deafbec]
module.s3_to_loki["alb"].aws_iam_role.s3_to_loki: Refreshing state... [id=s3_to_loki_alb_role_prod]
module.s3_to_loki["alb"].aws_iam_policy.s3_to_loki: Refreshing state... [id=arn:aws:iam::100478842646:policy/s3_to_loki_alb_policy_prod]
module.s3_to_loki["alb"].aws_iam_role_policy_attachment.s3_to_loki: Refreshing state... [id=s3_to_loki_alb_role_prod-20260302201513481600000001]
module.s3_to_loki["alb"].aws_lambda_function.s3_to_loki: Refreshing state... [id=s3_to_loki_alb_prod]
module.s3_to_loki["alb"].aws_lambda_permission.s3_invoke["eks-elb-logs-prod"]: Refreshing state... [id=AllowS3Invoke-eks-elb-logs-prod]
module.s3_to_loki["alb"].aws_s3_bucket_notification.s3_to_loki_trigger["eks-elb-logs-prod"]: Refreshing state... [id=eks-elb-logs-prod]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.s3_to_loki["alb"].aws_iam_policy.s3_to_loki will be updated in-place
~ resource "aws_iam_policy" "s3_to_loki" {
id = "arn:aws:iam::100478842646:policy/s3_to_loki_alb_policy_prod"
name = "s3_to_loki_alb_policy_prod"
~ policy = jsonencode(
~ {
~ Statement = [
{
Action = [
"s3:GetObject",
]
Effect = "Allow"
Resource = [
"arn:aws:s3:::eks-elb-logs-prod/*",
]
},
- {
- Action = [
- "s3:GetObject",
- "s3:ListBucket",
]
- Effect = "Allow"
- Resource = [
- "arn:aws:s3:::eks-elb-logs-prod",
- "arn:aws:s3:::eks-elb-logs-prod/*",
]
},
{
Action = [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
]
Effect = "Allow"
Resource = "*"
},
# (1 unchanged element hidden)
]
# (1 unchanged attribute hidden)
}
)
tags = {}
# (6 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.module.sns.aws_sns_topic.wwnorton_sns_topics["WWN-LOWER-ECW"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-LOWER-ECW]
module.sns.aws_sns_topic.wwnorton_sns_topics["aws-daily-security-reports"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:aws-daily-security-reports]
module.sns.aws_sns_topic.wwnorton_sns_topics["wwnorton-security-alerts"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:wwnorton-security-alerts]
module.sns.aws_sns_topic.wwnorton_sns_topics["ACM_PROD_Certificate_Renewal_Action"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:ACM_PROD_Certificate_Renewal_Action]
module.sns.aws_sns_topic.wwnorton_sns_topics["Site-to-site-VPN-Topic"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:Site-to-site-VPN-Topic]
module.sns.aws_sns_topic.wwnorton_sns_topics["aws-cloudtrail-logs-100478842646-2ef82391"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:aws-cloudtrail-logs-100478842646-2ef82391]
module.sns.aws_sns_topic.wwnorton_sns_topics["notification-service-test"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:notification-service-test]
module.sns.aws_sns_topic.wwnorton_sns_topics["email-bounce-notifications"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:email-bounce-notifications]
module.sns.aws_sns_topic.wwnorton_sns_topics["cloudcms-iig"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:cloudcms-iig]
module.sns.aws_sns_topic.wwnorton_sns_topics["CloudStorageSecNotificationsTopic-584z55e"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:CloudStorageSecNotificationsTopic-584z55e]
module.sns.aws_sns_topic.wwnorton_sns_topics["email-volume-exceeds-threshold"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:email-volume-exceeds-threshold]
module.sns.aws_sns_topic.wwnorton_sns_topics["RDS-DB-Event"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:RDS-DB-Event]
module.sns.aws_sns_topic.wwnorton_sns_topics["security-group-alerts"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:security-group-alerts]
module.sns.aws_sns_topic.wwnorton_sns_topics["ncia-grade-sync"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:ncia-grade-sync]
module.sns.aws_sns_topic.wwnorton_sns_topics["Flashcards-auto-scaling"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:Flashcards-auto-scaling]
module.sns.aws_sns_topic.wwnorton_sns_topics["consolidated-security-notifications"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:consolidated-security-notifications]
module.sns.aws_sns_topic.wwnorton_sns_topics["WWN-PRD-ASG"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-PRD-ASG]
module.sns.aws_sns_topic.wwnorton_sns_topics["searchandiser-update"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-update]
module.sns.aws_sns_topic.wwnorton_sns_topics["WWN-LOWER-ASG"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-LOWER-ASG]
module.sns.aws_sns_topic.wwnorton_sns_topics["email-account-tracing"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:email-account-tracing]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-sync-success"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-success]
module.sns.aws_sns_topic.wwnorton_sns_topics["CloudWatch_Alarms_Topic-Test_rcrisial"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:CloudWatch_Alarms_Topic-Test_rcrisial]
module.sns.aws_sns_topic.wwnorton_sns_topics["searchandiser-iig-nightly"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-iig-nightly]
module.sns.aws_sns_topic.wwnorton_sns_topics["devops-alert"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:devops-alert]
module.sns.aws_sns_topic.wwnorton_sns_topics["SW5-AS-Devops"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:SW5-AS-Devops]
module.sns.aws_sns_topic.wwnorton_sns_topics["grade-sync-daily-reports"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:grade-sync-daily-reports]
module.sns.aws_sns_topic.wwnorton_sns_topics["EKS-CloudWatch-Alarm-SNS-Topic-prod"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:EKS-CloudWatch-Alarm-SNS-Topic-prod]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-sync-production"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-production]
module.sns.aws_sns_topic.wwnorton_sns_topics["cosmos-game-update"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:cosmos-game-update]
module.sns.aws_sns_topic.wwnorton_sns_topics["NCI-PRD-AS-ELB"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:NCI-PRD-AS-ELB]
module.sns.aws_sns_topic.wwnorton_sns_topics["email-complaint-notifications"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:email-complaint-notifications]
module.sns.aws_sns_topic.wwnorton_sns_topics["Norton-WAF-Backup-Notifications"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:Norton-WAF-Backup-Notifications]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-sync-dev"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-dev]
module.sns.aws_sns_topic.wwnorton_sns_topics["aws-cloudtrail-logs-100478842646-7553d9e8"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:aws-cloudtrail-logs-100478842646-7553d9e8]
module.sns.aws_sns_topic.wwnorton_sns_topics["DevOps_CloudWatch_Alarms_Topic"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:DevOps_CloudWatch_Alarms_Topic]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-error-notification"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-error-notification]
module.sns.aws_sns_topic.wwnorton_sns_topics["Shield-Alarms"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:Shield-Alarms]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-success-dev"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-success-dev]
module.sns.aws_sns_topic.wwnorton_sns_topics["url-monitoring-alerts"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:url-monitoring-alerts]
module.sns.aws_sns_topic.wwnorton_sns_topics["CloudWatch-Prod-Cluster-Alarm"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:CloudWatch-Prod-Cluster-Alarm]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-err-dev"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-err-dev]
module.sns.aws_sns_topic.wwnorton_sns_topics["WWN-PROD-ASG"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-PROD-ASG]
module.sns.aws_sns_topic.wwnorton_sns_topics["WWNKC"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWNKC]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-sync-start-dev"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-start-dev]
module.sns.aws_sns_topic.wwnorton_sns_topics["dinesh-test-alarm"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:dinesh-test-alarm]
module.sns.aws_sns_topic.wwnorton_sns_topics["SNStopicForAllCISAlarms"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:SNStopicForAllCISAlarms]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-sync-to-queue"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-to-queue]
module.sns.aws_sns_topic.wwnorton_sns_topics["CloudStorageSecTopic-584z55e"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:CloudStorageSecTopic-584z55e]
module.sns.aws_sns_topic.wwnorton_sns_topics["clever-sync-start"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-start]
module.sns.aws_sns_topic.wwnorton_sns_topics["WWN-LOWER-WRK"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-LOWER-WRK]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["searchandiser-update-lambda-arnawslambdauseast1100478842646functionpushToSlack"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-update:f52bce0b-81b1-4e7e-ae90-f63b6c60f594]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-to-queue-email-sdikewwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-to-queue:3f34723e-05ee-43ea-9827-c0ea79996520]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["dinesh-test-alarm-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:dinesh-test-alarm:1c72d4d0-896a-4278-8caa-49b5f34c4711]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-success-dev-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-success-dev:91e3780f-a5b8-4fa0-832e-b1796de7c20c]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["aws-daily-security-reports-email-devsecopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:aws-daily-security-reports:3032f4b3-2222-4371-addb-8477f4d34ffd]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["cloudcms-iig-sqs-arnawssqsuseast1100478842646iignodejs"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:cloudcms-iig:cc1266b5-43fd-49f8-aa3a-2f85d2415ea0]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["SW5-AS-Devops-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:SW5-AS-Devops:c19fd052-5df0-4070-a08a-c3ac906a3df2]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-error-notification-email-sdikewwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-error-notification:5b63f1ed-628f-4151-91b9-cdb4f4c86ef6]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-to-queue-sqs-arnawssqsuseast1100478842646CleverSyncErrors"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-to-queue:70134f75-38ee-4d3c-8c85-54e5e483a6a6]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-start-email-sdikewwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-start:d38373fa-f2a6-45d9-ad1b-c3df08cff3cc]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["CloudWatch-Prod-Cluster-Alarm-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:CloudWatch-Prod-Cluster-Alarm:824b7de7-7c2d-4cab-9c98-1d2f2efcad35]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-success-lambda-arnawslambdauseast1100478842646functionSNStoTeamsWorkflow"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-success:599201d4-0ed1-46ac-96d6-1131f8b6b2e1]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["WWN-LOWER-ASG-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-LOWER-ASG:3cc61c3b-83b8-414b-9ef5-cd90160e55f1]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-error-notification-email-sshindewwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-error-notification:b85db5e4-a786-4ae7-b103-cf15c49e0fbb]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["searchandiser-iig-nightly-lambda-arnawslambdauseast1100478842646functionpushToSlack"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-iig-nightly:4a1118b4-e949-4dcf-833b-012ca94add41]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["ACM_PROD_Certificate_Renewal_Action-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:ACM_PROD_Certificate_Renewal_Action:87178173-c97d-4acf-9e31-32aff0656d27]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-start-email-vprabhunewwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-start:6aa4c73d-bfbb-4725-bfe5-48a94f6a6f13]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-production-lambda-arnawslambdauseast1100478842646functionSNStoTeamsWorkflow"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-production:c21a29cd-3fc5-49d2-81f2-a4c62b8e6c54]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["cosmos-game-update-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:cosmos-game-update:fe0c952e-14dc-48ec-b014-b3bb31802a47]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["DevOps_CloudWatch_Alarms_Topic-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:DevOps_CloudWatch_Alarms_Topic:38ecb0a7-635a-4775-9db1-fb819d1e4c1a]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["searchandiser-iig-nightly-lambda-arnawslambdauseast1100478842646functionNotificationsStackteamsmessage567993698spmZH2LysQP"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-iig-nightly:ce49201f-ac03-46bd-8a2e-e6287f499907]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["devops-alert-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:devops-alert:be343c74-ba9f-46d9-9915-c22a12195a89]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-dev-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-dev:24e92b53-294d-4011-9d2b-83157f4cd66f]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["devops-alert-email-aelsasserwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:devops-alert:afb1a2c3-755c-486e-a9b3-c6529d08e550]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["SW5-AS-Devops-email-skambampatiwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:SW5-AS-Devops:f0aed3e3-4245-4bc3-a399-78721fc50189]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["email-account-tracing-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:email-account-tracing:9aae36dd-df71-4113-8928-31c8b4f30165]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["WWN-LOWER-ECW-email-aelsasserwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-LOWER-ECW:bc1ecdf1-fd4a-4886-af3d-26087b3fc10e]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["dinesh-test-alarm-email-dreddywwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:dinesh-test-alarm:80ae9064-0cc8-4089-aa5b-43ddaca8fdc3]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["searchandiser-iig-nightly-email-webdevsupportwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-iig-nightly:94d54b04-06ae-4dc0-b9dc-385d23978b2f]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["searchandiser-update-lambda-arnawslambdauseast1100478842646functionNotificationsStackteamsmessage567993698spmZH2LysQP"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-update:926a45e6-beaf-4ccf-afbd-76689bd26daa]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-dev-lambda-arnawslambdauseast1100478842646functionSNStoTeamsWorkflow3"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-dev:881f1b53-ab1a-4479-9b6a-1e9a8f88ba72]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-err-dev-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-err-dev:46cb09ba-c200-4a30-b012-144432da897a]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["email-bounce-notifications-email-digitaldevwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:email-bounce-notifications:76cfa1ff-21d1-407a-a529-00cb3a2ff478]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["wwnorton-security-alerts-email-devsecopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:wwnorton-security-alerts:982aef23-8e55-4903-be99-d12e2073b94f]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-error-notification-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-error-notification:b4b9b75e-5113-4877-8e81-9c64f54118fb]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["email-volume-exceeds-threshold-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:email-volume-exceeds-threshold:74934a7c-7492-4504-b8bf-5acdb31abbeb]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["WWN-PROD-ASG-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-PROD-ASG:e72830b1-7ff9-4f8c-b2f3-d4ebd331e1ca]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-to-queue-email-mzappwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-to-queue:3cd7bae5-2407-4f56-978e-0901208769d0]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-to-queue-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-to-queue:c8640c7f-2eb7-42b9-9e6f-65f620827216]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["searchandiser-iig-nightly-lambda-arnawslambdauseast1100478842646functionpushToTeams"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-iig-nightly:708fb0a7-0e89-4691-aba0-8f66d3cc7556]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["EKS-CloudWatch-Alarm-SNS-Topic-prod-https-httpsglobalsnsapichatbotamazonawscom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:EKS-CloudWatch-Alarm-SNS-Topic-prod:2f9c21d7-5d58-46d0-b4a5-48afda06f5c9]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-error-notification-email-rsrivastavawwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-error-notification:08f35a5e-931e-4e87-bcc7-45777a4af557]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["CloudStorageSecTopic-584z55e-sqs-arnawssqsuseast1100478842646CloudStorageSecQueue584z55e"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:CloudStorageSecTopic-584z55e:305bbc6a-552d-4fd9-9b74-ea97f23392d8]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-to-queue-email-sshindewwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-to-queue:f734d233-8bec-4bc3-9ced-dbb0ffc7a022]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-start-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-start:d7364805-e89b-4663-80d5-28ddfdf62f48]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["notification-service-test-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:notification-service-test:c457307f-4707-41f9-9c4f-6e4a8d51a342]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["devops-alert-sqs-arnawssqsuseast1100478842646DevOpsAlert"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:devops-alert:d16fd23d-34e0-443d-9244-97b6f919c160]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["email-complaint-notifications-email-digitaldevwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:email-complaint-notifications:430412d3-2bb0-4328-a7ef-4c7b78032b87]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["searchandiser-update-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-update:627af33e-649c-4308-a084-47612b9c6a48]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["searchandiser-update-lambda-arnawslambdauseast1100478842646functionpushToTeams"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:searchandiser-update:45d33d53-2933-42db-a47f-9469a018d79b]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["Norton-WAF-Backup-Notifications-email-devsecopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:Norton-WAF-Backup-Notifications:12e6dbcb-b33f-4e0d-9c10-1e0bb50e98f3]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-production-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-production:b08ec282-9be7-4b5d-8230-c61cb6939372]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["WWNKC-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWNKC:d6b5d714-b411-4806-b81f-843e3b5a0337]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-dev-email-sdikewwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-dev:b8f9f159-a8a7-49b4-ba9f-b25dd325f0a4]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["WWN-LOWER-WRK-email-aelsasserwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-LOWER-WRK:c8b3f43e-d65d-4419-9a96-2fb58205e61c]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["Flashcards-auto-scaling-email-devopswwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:Flashcards-auto-scaling:758a9480-82cb-4758-9a63-4d9e6160788b]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["WWN-PRD-ASG-email-mzappwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:WWN-PRD-ASG:afd57cdb-069e-4286-acfc-d6690ec07063]
module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["clever-sync-start-dev-email-pdietrichwwnortoncom"]: Refreshing state... [id=arn:aws:sns:us-east-1:100478842646:clever-sync-start-dev:ff98852b-8c6b-44ca-b79e-b0661b33dca2]
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["Norton-WAF-Backup-Notifications-email-devsecopswwnortoncom"] will be created
+ resource "aws_sns_topic_subscription" "wwnorton_sns_topic_subscriptions" {
+ arn = (known after apply)
+ confirmation_timeout_in_minutes = 1
+ confirmation_was_authenticated = (known after apply)
+ endpoint = "devsecops@wwnorton.com"
+ endpoint_auto_confirms = false
+ filter_policy_scope = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ pending_confirmation = (known after apply)
+ protocol = "email"
+ raw_message_delivery = false
+ topic_arn = "arn:aws:sns:us-east-1:100478842646:Norton-WAF-Backup-Notifications"
}
# module.sns.aws_sns_topic_subscription.wwnorton_sns_topic_subscriptions["wwnorton-security-alerts-email-devsecopswwnortoncom"] will be created
+ resource "aws_sns_topic_subscription" "wwnorton_sns_topic_subscriptions" {
+ arn = (known after apply)
+ confirmation_timeout_in_minutes = 1
+ confirmation_was_authenticated = (known after apply)
+ endpoint = "devsecops@wwnorton.com"
+ endpoint_auto_confirms = false
+ filter_policy_scope = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ pending_confirmation = (known after apply)
+ protocol = "email"
+ raw_message_delivery = false
+ topic_arn = "arn:aws:sns:us-east-1:100478842646:wwnorton-security-alerts"
}
Plan: 2 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.Planning failed. Terraform encountered an error while generating this plan. Error: Invalid provider configuration Provider "registry.terraform.io/hashicorp/aws" requires explicit configuration. Add a provider block to the root module and configure the provider's required arguments as described in the provider documentation. Error: role ARN is not set with provider["registry.terraform.io/hashicorp/aws"], on <empty> line 0: (source code not available)
Planning failed. Terraform encountered an error while generating this plan. Error: Invalid provider configuration Provider "registry.terraform.io/hashicorp/aws" requires explicit configuration. Add a provider block to the root module and configure the provider's required arguments as described in the provider documentation. Error: role ARN is not set with provider["registry.terraform.io/hashicorp/aws"], on <empty> line 0: (source code not available)
Planning failed. Terraform encountered an error while generating this plan. Error: Invalid provider configuration Provider "registry.terraform.io/hashicorp/aws" requires explicit configuration. Add a provider block to the root module and configure the provider's required arguments as described in the provider documentation. Error: role ARN is not set with provider["registry.terraform.io/hashicorp/aws"], on <empty> line 0: (source code not available)