feat(otel): adding in basic tracing via otel

[bassrock]

Goal

Setup APM via Otel to gain insights into system performance.

Note: In dev testing this increased memory by 2%. The OTEL collector also has memory protection in place to drop spans if it gets too big.

We also have Logs in GCP.

Moving forward

Based on our system and how tracing works, I believe our future iterations should focus mainly on Sampling from within Client API and allow the downstream services to sample based on their parent trace OR if they have an error only.

Right now having the ability to sample each service based on a % is useful for debugging as we roll this out, but for day to day observability it is more helpful to only capture full system traces, which we will only get if Client API decides to sample a trace and all downstream calls. Follow up ticket here.

Local Screenshot

GCP Screenshot

Example

[github-actions]

Plan Result (user-api-cdk-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 2 to change, 1 to destroy.

• Create
  • aws_cloudwatch_log_group.otel-collector-log-group
• Update
  • aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-execution-role-policy_2D469A77
  • aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6
• Replace
  • aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4

Change Result (Click me)

  # aws_cloudwatch_log_group.otel-collector-log-group will be created
  + resource "aws_cloudwatch_log_group" "otel-collector-log-group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/Backend/UserAPI-Prod/ecs/otel-collector"
      + name_prefix       = (known after apply)
      + retention_in_days = 90
      + skip_destroy      = true
      + tags              = {
          + "app_code"       = "pocket"
          + "component_code" = "pocket-userapi"
          + "costCenter"     = "Pocket"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "UserAPI"
        }
      + tags_all          = {
          + "app_code"       = "pocket"
          + "component_code" = "pocket-userapi"
          + "costCenter"     = "Pocket"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "UserAPI"
        }
    }

  # aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4 must be replaced
-/+ resource "aws_ecs_task_definition" "application_ecs_service_ecs-task_461CC9D4" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/UserAPI-Prod:585" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/UserAPI-Prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                    name                   = "app"
                  ~ secrets                = [
                        # (13 unchanged elements hidden)
                        {
                            name      = "SENTRY_DSN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserAPI/Prod/SENTRY_DSN"
                        },
                      + {
                          + name      = "UNLEASH_ENDPOINT"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod/UNLEASH_ENDPOINT"
                        },
                      + {
                          + name      = "UNLEASH_KEY"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserAPI/Prod/UNLEASH_KEY"
                        },
                    ]
                    # (10 unchanged attributes hidden)
                },
              + {
                  + environment            = [
                      + {
                          + name  = "DEPLOYMENT_ENVIRONMENT_NAME"
                          + value = "prod"
                        },
                    ]
                  + essential              = true
                  + image                  = "pocket/opentelemetry-collector-contrib"
                  + logConfiguration       = {
                      + logDriver     = "awslogs"
                      + options       = {
                          + awslogs-group             = "/Backend/UserAPI-Prod/ecs/otel-collector"
                          + awslogs-multiline-pattern = "^\\S.+"
                          + awslogs-region            = "us-east-1"
                          + awslogs-stream-prefix     = "ecs"
                        }
                      + secretOptions = []
                    }
                  + mountPoints            = []
                  + name                   = "otel-collector"
                  + portMappings           = [
                      + {
                          + containerPort = 4138
                          + hostPort      = 4138
                          + protocol      = "tcp"
                        },
                      + {
                          + containerPort = 4137
                          + hostPort      = 4137
                          + protocol      = "tcp"
                        },
                      + {
                          + containerPort = 55681
                          + hostPort      = 55681
                          + protocol      = "tcp"
                        },
                    ]
                  + readonlyRootFilesystem = false
                  + repositoryCredentials  = {
                      + credentialsParameter = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/DockerHub"
                    }
                  + secrets                = [
                      + {
                          + name      = "GOOGLE_APPLICATION_CREDENTIALS_JSON"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/GCP_SA_TRACES:::"
                        },
                    ]
                  + systemControls         = []
                  + volumesFrom            = []
                },
            ] # forces replacement
        )
      ~ id                       = "UserAPI-Prod" -> (known after apply)
      ~ revision                 = 585 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket"
            "component_code" = "pocket-userapi"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "UserAPI"
        }
        # (12 unchanged attributes hidden)
    }

  # aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-execution-role-policy_2D469A77 will be updated in-place
  ~ resource "aws_iam_policy" "application_ecs_service_ecs-iam_ecs-task-execution-role-policy_2D469A77" {
        id               = "arn:aws:iam::996905175585:policy/UserAPI-Prod-TaskExecutionRolePolicy"
        name             = "UserAPI-Prod-TaskExecutionRolePolicy"
      ~ policy           = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      - Sid      = ""
                        # (3 unchanged attributes hidden)
                    },
                  ~ {
                      ~ Resource = [
                            # (1 unchanged element hidden)
                            "arn:aws:ssm:us-east-1:996905175585:parameter/UserAPI/Prod",
                          + "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod/*",
                          + "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod",
                        ]
                      - Sid      = ""
                        # (2 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        tags             = {
            "app_code"       = "pocket"
            "component_code" = "pocket-userapi"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "UserAPI"
        }
        # (7 unchanged attributes hidden)
    }

  # aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 will be updated in-place
  ~ resource "aws_iam_policy" "application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6" {
        id               = "arn:aws:iam::996905175585:policy/UserAPI-Prod-TaskRolePolicy"
        name             = "UserAPI-Prod-TaskRolePolicy"
      ~ policy           = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action   = [
                          - "xray:PutTraceSegments",
                          - "xray:PutTelemetryRecords",
                          - "xray:GetSamplingTargets",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingRules",
                            "logs:PutLogEvents",
                            # (4 unchanged elements hidden)
                        ]
                        # (2 unchanged attributes hidden)
                    },
                    {
                        Action   = "events:PutEvents"
                        Effect   = "Allow"
                        Resource = "arn:aws:events:us-east-1:996905175585:event-bus/PocketEventBridge-Prod-Shared-Event-Bus"
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        tags             = {
            "app_code"       = "pocket"
            "component_code" = "pocket-userapi"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "UserAPI"
        }
        # (7 unchanged attributes hidden)
    }

Plan: 2 to add, 2 to change, 1 to destroy.

Changes to Outputs:
  ~ ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/UserAPI-Prod:585" -> (known after apply)

[github-actions]

Plan Result (user-list-search-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 0 to change, 2 to destroy.

• Replace
  • aws_ecs_task_definition.apollo
  • aws_ecs_task_definition.queue_users

Change Result (Click me)

  # aws_ecs_task_definition.apollo must be replaced
+/- resource "aws_ecs_task_definition" "apollo" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/UserListSearch-Prod-Apollo:625" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/UserListSearch-Prod-Apollo" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  - command                = [
                      - "--config=/etc/ecs/ecs-xray.yaml",
                    ]
                  - cpu                    = 0
                  ~ environment            = [
                      + {
                          + name  = "AWS_APP_PREFIX"
                          + value = "UserListSearch-Prod"
                        },
                      + {
                          + name  = "AWS_SQS_ENDPOINT"
                          + value = "https://sqs.us-east-1.amazonaws.com"
                        },
                      + {
                          + name  = "CORPUS_INDEX_DE"
                          + value = "corpus_de"
                        },
                      + {
                          + name  = "CORPUS_INDEX_EN"
                          + value = "corpus_en_luc"
                        },
                      + {
                          + name  = "CORPUS_INDEX_ES"
                          + value = "corpus_es"
                        },
                      + {
                          + name  = "CORPUS_INDEX_FR"
                          + value = "corpus_fr"
                        },
                      + {
                          + name  = "CORPUS_INDEX_IT"
                          + value = "corpus_it"
                        },
                      + {
                          + name  = "CORPUS_SEARCH_DOMAIN"
                          + value = "corpusembeddings-prod"
                        },
                      + {
                          + name  = "CORPUS_SEARCH_ENDPOINT"
                          + value = "vpc-corpusembeddings-prod-xmtxj7lpdwwpi2w7l2zt2i256m.us-east-1.es.amazonaws.com"
                        },
                      + {
                          + name  = "ELASTICSEARCH_DOMAIN"
                          + value = "userlistsearch-prod-v2"
                        },
                      + {
                          + name  = "ELASTICSEARCH_HOST"
                          + value = "vpc-userlistsearch-prod-v2-ee5gxwjmletue32zx64clfmdxu.us-east-1.es.amazonaws.com"
                        },
                      + {
                          + name  = "ELASTICSEARCH_INDEX"
                          + value = "list"
                        },
                      + {
                          + name  = "EMBEDDINGS_ENDPOINT"
                          + value = "CorpusEmbeddings-Prod-ep-mltvhddp"
                        },
                      + {
                          + name  = "EVENT_BUS_NAME"
                          + value = "PocketEventBridge-Prod-Shared-Event-Bus"
                        },
                      + {
                          + name  = "NODE_ENV"
                          + value = "production"
                        },
                      + {
                          + name  = "SQS_USER_ITEMS_UPDATE_BACKFILL_URL"
                          + value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserItemsUpdateBackfill"
                        },
                      + {
                          + name  = "SQS_USER_ITEMS_UPDATE_URL"
                          + value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserItemsUpdate"
                        },
                      + {
                          + name  = "SQS_USER_LIST_IMPORT_BACKFILL_URL"
                          + value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserListImportBackfill"
                        },
                    ]
                  ~ image                  = "amazon/aws-otel-collector" -> "996905175585.dkr.ecr.us-east-1.amazonaws.com/userlistsearch-prod:latest"
                  ~ logConfiguration       = {
                      ~ options       = {
                          ~ awslogs-group         = "/ecs/UserListSearch/Prod/xray" -> "/ecs/UserListSearch/Prod/Apollo/node"
                            # (2 unchanged attributes hidden)
                        }
                        # (2 unchanged attributes hidden)
                    }
                  - mountPoints            = []
                  ~ name                   = "aws-otel-collector" -> "node"
                  ~ portMappings           = [
                      ~ {
                          ~ containerPort = 4138 -> 4000
                          ~ hostPort      = 4138 -> 4000
                            # (1 unchanged attribute hidden)
                        },
                      - {
                          - containerPort = 4137
                          - hostPort      = 4137
                          - protocol      = "tcp"
                        },
                    ]
                  - repositoryCredentials  = {
                      - credentialsParameter = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/DockerHub"
                    }
                  + secrets                = [
                      + {
                          + name      = "CONTENT_AURORA_DB"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/ParserAuroraDbCredentials"
                        },
                      + {
                          + name      = "PARSER_PRIVILEGED_SERVICE_ID"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserListSearch/Prod/PARSER_PRIVILEGED_SERVICE_ID"
                        },
                      + {
                          + name      = "READITLA_DB"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/DatabaseCredentials"
                        },
                      + {
                          + name      = "READITLA_DB_W"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/DatabaseCredentials_w"
                        },
                      + {
                          + name      = "SENTRY_DSN"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserListSearch/Prod/SENTRY_DSN"
                        },
                      + {
                          + name      = "UNLEASH_ENDPOINT"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod/UNLEASH_ENDPOINT"
                        },
                      + {
                          + name      = "UNLEASH_KEY"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/UNLEASH_KEY"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (2 unchanged attributes hidden)
                },
              ~ {
                  - cpu                    = 0
                  ~ environment            = [
                      ~ {
                          ~ name  = "AWS_APP_PREFIX" -> "DEPLOYMENT_ENVIRONMENT_NAME"
                          ~ value = "UserListSearch-Prod" -> "prod"
                        },
                      - {
                          - name  = "AWS_SQS_ENDPOINT"
                          - value = "https://sqs.us-east-1.amazonaws.com"
                        },
                      - {
                          - name  = "CORPUS_INDEX_DE"
                          - value = "corpus_de"
                        },
                      - {
                          - name  = "CORPUS_INDEX_EN"
                          - value = "corpus_en_luc"
                        },
                      - {
                          - name  = "CORPUS_INDEX_ES"
                          - value = "corpus_es"
                        },
                      - {
                          - name  = "CORPUS_INDEX_FR"
                          - value = "corpus_fr"
                        },
                      - {
                          - name  = "CORPUS_INDEX_IT"
                          - value = "corpus_it"
                        },
                      - {
                          - name  = "CORPUS_SEARCH_DOMAIN"
                          - value = "corpusembeddings-prod"
                        },
                      - {
                          - name  = "CORPUS_SEARCH_ENDPOINT"
                          - value = "vpc-corpusembeddings-prod-xmtxj7lpdwwpi2w7l2zt2i256m.us-east-1.es.amazonaws.com"
                        },
                      - {
                          - name  = "ELASTICSEARCH_DOMAIN"
                          - value = "userlistsearch-prod-v2"
                        },
                      - {
                          - name  = "ELASTICSEARCH_HOST"
                          - value = "vpc-userlistsearch-prod-v2-ee5gxwjmletue32zx64clfmdxu.us-east-1.es.amazonaws.com"
                        },
                      - {
                          - name  = "ELASTICSEARCH_INDEX"
                          - value = "list"
                        },
                      - {
                          - name  = "EMBEDDINGS_ENDPOINT"
                          - value = "CorpusEmbeddings-Prod-ep-mltvhddp"
                        },
                      - {
                          - name  = "EVENT_BUS_NAME"
                          - value = "PocketEventBridge-Prod-Shared-Event-Bus"
                        },
                      - {
                          - name  = "NODE_ENV"
                          - value = "production"
                        },
                      - {
                          - name  = "SQS_USER_ITEMS_UPDATE_BACKFILL_URL"
                          - value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserItemsUpdateBackfill"
                        },
                      - {
                          - name  = "SQS_USER_ITEMS_UPDATE_URL"
                          - value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserItemsUpdate"
                        },
                      - {
                          - name  = "SQS_USER_LIST_IMPORT_BACKFILL_URL"
                          - value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserListImportBackfill"
                        },
                    ]
                  ~ image                  = "996905175585.dkr.ecr.us-east-1.amazonaws.com/userlistsearch-prod:latest" -> "pocket/opentelemetry-collector-contrib"
                  ~ logConfiguration       = {
                      ~ options       = {
                          ~ awslogs-group         = "/ecs/UserListSearch/Prod/Apollo/node" -> "/ecs/UserListSearch/Prod/xray"
                            # (2 unchanged attributes hidden)
                        }
                        # (2 unchanged attributes hidden)
                    }
                  - mountPoints            = []
                  ~ name                   = "node" -> "otel-collector"
                  ~ portMappings           = [
                      ~ {
                          ~ containerPort = 4000 -> 4138
                          ~ hostPort      = 4000 -> 4138
                          - protocol      = "tcp"
                        },
                      + {
                          + containerPort = 4137
                          + hostPort      = 4137
                        },
                      + {
                          + containerPort = 55681
                          + hostPort      = 55681
                        },
                    ]
                  + repositoryCredentials  = {
                      + credentialsParameter = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/DockerHub"
                    }
                  ~ secrets                = [
                      ~ {
                          ~ name      = "CONTENT_AURORA_DB" -> "GOOGLE_APPLICATION_CREDENTIALS_JSON"
                          ~ valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/ParserAuroraDbCredentials" -> "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/GCP_SA_TRACES:::"
                        },
                      - {
                          - name      = "PARSER_PRIVILEGED_SERVICE_ID"
                          - valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserListSearch/Prod/PARSER_PRIVILEGED_SERVICE_ID"
                        },
                      - {
                          - name      = "READITLA_DB"
                          - valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/DatabaseCredentials"
                        },
                      - {
                          - name      = "READITLA_DB_W"
                          - valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/DatabaseCredentials_w"
                        },
                      - {
                          - name      = "SENTRY_DSN"
                          - valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserListSearch/Prod/SENTRY_DSN"
                        },
                      - {
                          - name      = "UNLEASH_ENDPOINT"
                          - valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod/UNLEASH_ENDPOINT"
                        },
                      - {
                          - name      = "UNLEASH_KEY"
                          - valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/UNLEASH_KEY"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (2 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "UserListSearch-Prod-Apollo" -> (known after apply)
      ~ revision                 = 625 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket"
            "component_code" = "pocket-userlistsearch"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "UserListSearch"
        }
        # (12 unchanged attributes hidden)
    }

  # aws_ecs_task_definition.queue_users must be replaced
-/+ resource "aws_ecs_task_definition" "queue_users" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/UserListSearch-Prod-QueueUsers:11" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/UserListSearch-Prod-QueueUsers" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  ~ command                = [
                      - "--config=/etc/ecs/ecs-xray.yaml",
                      + "pnpm",
                      + "run",
                      + "task:queue-all-premium-users-for-backfill",
                    ]
                  - cpu                    = 0
                  ~ environment            = [
                      + {
                          + name  = "AWS_APP_PREFIX"
                          + value = "UserListSearch-Prod"
                        },
                      + {
                          + name  = "AWS_SQS_ENDPOINT"
                          + value = "https://sqs.us-east-1.amazonaws.com"
                        },
                      + {
                          + name  = "ELASTICSEARCH_DOMAIN"
                          + value = "userlistsearch-prod-v2"
                        },
                      + {
                          + name  = "ELASTICSEARCH_HOST"
                          + value = "vpc-userlistsearch-prod-v2-ee5gxwjmletue32zx64clfmdxu.us-east-1.es.amazonaws.com"
                        },
                      + {
                          + name  = "NODE_ENV"
                          + value = "production"
                        },
                      + {
                          + name  = "SQS_USER_ITEMS_UPDATE_URL"
                          + value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserItemsUpdateBackfill"
                        },
                      + {
                          + name  = "SQS_USER_LIST_IMPORT_URL"
                          + value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserListImportBackfill"
                        },
                    ]
                  ~ image                  = "amazon/aws-otel-collector" -> "996905175585.dkr.ecr.us-east-1.amazonaws.com/userlistsearch-prod:latest"
                  ~ logConfiguration       = {
                      ~ options       = {
                          ~ awslogs-group         = "/ecs/UserListSearch/Prod/xray" -> "/ecs/UserListSearch/Prod/QueueUsers/node"
                            # (2 unchanged attributes hidden)
                        }
                        # (2 unchanged attributes hidden)
                    }
                  - mountPoints            = []
                  ~ name                   = "aws-otel-collector" -> "node"
                  ~ portMappings           = [
                      ~ {
                          ~ containerPort = 4138 -> 4000
                          ~ hostPort      = 4138 -> 4000
                            # (1 unchanged attribute hidden)
                        },
                      - {
                          - containerPort = 4137
                          - hostPort      = 4137
                          - protocol      = "tcp"
                        },
                    ]
                  - repositoryCredentials  = {
                      - credentialsParameter = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/DockerHub"
                    }
                  + secrets                = [
                      + {
                          + name      = "CONTENT_AURORA_DB"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/ParserAuroraDbCredentials"
                        },
                      + {
                          + name      = "PARSER_PRIVILEGED_SERVICE_ID"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserListSearch/Prod/PARSER_PRIVILEGED_SERVICE_ID"
                        },
                      + {
                          + name      = "READITLA_DB"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/DatabaseCredentials"
                        },
                      + {
                          + name      = "READITLA_DB_W"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/DatabaseCredentials_w"
                        },
                      + {
                          + name      = "SENTRY_DSN"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserListSearch/Prod/SENTRY_DSN"
                        },
                      + {
                          + name      = "UNLEASH_ENDPOINT"
                          + valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod/UNLEASH_ENDPOINT"
                        },
                      + {
                          + name      = "UNLEASH_KEY"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/UNLEASH_KEY"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (2 unchanged attributes hidden)
                },
              ~ {
                  - command                = [
                      - "pnpm",
                      - "run",
                      - "task:queue-all-premium-users-for-backfill",
                    ]
                  - cpu                    = 0
                  ~ environment            = [
                      ~ {
                          ~ name  = "AWS_APP_PREFIX" -> "DEPLOYMENT_ENVIRONMENT_NAME"
                          ~ value = "UserListSearch-Prod" -> "prod"
                        },
                      - {
                          - name  = "AWS_SQS_ENDPOINT"
                          - value = "https://sqs.us-east-1.amazonaws.com"
                        },
                      - {
                          - name  = "ELASTICSEARCH_DOMAIN"
                          - value = "userlistsearch-prod-v2"
                        },
                      - {
                          - name  = "ELASTICSEARCH_HOST"
                          - value = "vpc-userlistsearch-prod-v2-ee5gxwjmletue32zx64clfmdxu.us-east-1.es.amazonaws.com"
                        },
                      - {
                          - name  = "NODE_ENV"
                          - value = "production"
                        },
                      - {
                          - name  = "SQS_USER_ITEMS_UPDATE_URL"
                          - value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserItemsUpdateBackfill"
                        },
                      - {
                          - name  = "SQS_USER_LIST_IMPORT_URL"
                          - value = "https://sqs.us-east-1.amazonaws.com/996905175585/UserListSearch-Prod-UserListImportBackfill"
                        },
                    ]
                  ~ image                  = "996905175585.dkr.ecr.us-east-1.amazonaws.com/userlistsearch-prod:latest" -> "pocket/opentelemetry-collector-contrib"
                  ~ logConfiguration       = {
                      ~ options       = {
                          ~ awslogs-group         = "/ecs/UserListSearch/Prod/QueueUsers/node" -> "/ecs/UserListSearch/Prod/xray"
                            # (2 unchanged attributes hidden)
                        }
                        # (2 unchanged attributes hidden)
                    }
                  - mountPoints            = []
                  ~ name                   = "node" -> "otel-collector"
                  ~ portMappings           = [
                      ~ {
                          ~ containerPort = 4000 -> 4138
                          ~ hostPort      = 4000 -> 4138
                          - protocol      = "tcp"
                        },
                      + {
                          + containerPort = 4137
                          + hostPort      = 4137
                        },
                      + {
                          + containerPort = 55681
                          + hostPort      = 55681
                        },
                    ]
                  + repositoryCredentials  = {
                      + credentialsParameter = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/DockerHub"
                    }
                  ~ secrets                = [
                      ~ {
                          ~ name      = "CONTENT_AURORA_DB" -> "GOOGLE_APPLICATION_CREDENTIALS_JSON"
                          ~ valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/ParserAuroraDbCredentials" -> "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/GCP_SA_TRACES:::"
                        },
                      - {
                          - name      = "PARSER_PRIVILEGED_SERVICE_ID"
                          - valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserListSearch/Prod/PARSER_PRIVILEGED_SERVICE_ID"
                        },
                      - {
                          - name      = "READITLA_DB"
                          - valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/DatabaseCredentials"
                        },
                      - {
                          - name      = "READITLA_DB_W"
                          - valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/DatabaseCredentials_w"
                        },
                      - {
                          - name      = "SENTRY_DSN"
                          - valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/UserListSearch/Prod/SENTRY_DSN"
                        },
                      - {
                          - name      = "UNLEASH_ENDPOINT"
                          - valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod/UNLEASH_ENDPOINT"
                        },
                      - {
                          - name      = "UNLEASH_KEY"
                          - valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:UserListSearch/Prod/UNLEASH_KEY"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (2 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "UserListSearch-Prod-QueueUsers" -> (known after apply)
      ~ revision                 = 11 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket"
            "component_code" = "pocket-userlistsearch"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "UserListSearch"
        }
        # (12 unchanged attributes hidden)
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Changes to Outputs:
  ~ ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/UserListSearch-Prod-Apollo:625" -> (known after apply)

[github-actions]

Plan Result (list-api-cdk-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 1 to change, 1 to destroy.

• Create
  • aws_cloudwatch_log_group.otel-collector-log-group
• Update
  • aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6
• Replace
  • aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4

Change Result (Click me)

  # aws_cloudwatch_log_group.otel-collector-log-group will be created
  + resource "aws_cloudwatch_log_group" "otel-collector-log-group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/Backend/ListAPI-Prod/ecs/otel-collector"
      + name_prefix       = (known after apply)
      + retention_in_days = 90
      + skip_destroy      = true
      + tags              = {
          + "app_code"       = "pocket"
          + "component_code" = "pocket-listapi"
          + "costCenter"     = "Pocket"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "ListAPI"
        }
      + tags_all          = {
          + "app_code"       = "pocket"
          + "component_code" = "pocket-listapi"
          + "costCenter"     = "Pocket"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "ListAPI"
        }
    }

  # aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4 must be replaced
-/+ resource "aws_ecs_task_definition" "application_ecs_service_ecs-task_461CC9D4" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/ListAPI-Prod:1271" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/ListAPI-Prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
                {
                    environment            = [
                        {
                            name  = "DATABASE_READ_PORT"
                            value = "3306"
                        },
                        {
                            name  = "DATABASE_TZ"
                            value = "US/Central"
                        },
                        {
                            name  = "DATABASE_WRITE_PORT"
                            value = "3306"
                        },
                        {
                            name  = "EVENT_BUS_NAME"
                            value = "PocketEventBridge-Prod-Shared-Event-Bus"
                        },
                        {
                            name  = "KINESIS_UNIFIED_EVENT_STREAM"
                            value = "unified_event"
                        },
                        {
                            name  = "NODE_ENV"
                            value = "production"
                        },
                        {
                            name  = "SQS_BATCH_DELETE_QUEUE_URL"
                            value = "https://sqs.us-east-1.amazonaws.com/996905175585/ListAPI-Prod-Sqs-Batch-Delete-Consumer-Queue"
                        },
                        {
                            name  = "SQS_PERMLIB_ITEMMAIN_QUEUE_URL"
                            value = "https://sqs.us-east-1.amazonaws.com/996905175585/PermLib-Prod-ItemMain"
                        },
                        {
                            name  = "SQS_PUBLISHER_DATA_QUEUE_URL"
                            value = "https://sqs.us-east-1.amazonaws.com/996905175585/pocket-publisher-data-queue"
                        },
                    ]
                    essential              = true
                    healthCheck            = {
                        command     = [
                            "CMD-SHELL",
                            "curl -f http://localhost:4005/.well-known/apollo/server-health || exit 1",
                        ]
                        interval    = 15
                        retries     = 3
                        startPeriod = 0
                        timeout     = 5
                    }
                    image                  = "996905175585.dkr.ecr.us-east-1.amazonaws.com/listapi-prod-app:latest"
                    logConfiguration       = {
                        logDriver     = "awslogs"
                        options       = {
                            awslogs-group             = "/Backend/ListAPI-Prod/ecs/app"
                            awslogs-multiline-pattern = "^\\S.+"
                            awslogs-region            = "us-east-1"
                            awslogs-stream-prefix     = "ecs"
                        }
                        secretOptions = []
                    }
                    mountPoints            = []
                    name                   = "app"
                    portMappings           = [
                        {
                            containerPort = 4005
                            hostPort      = 4005
                            protocol      = "tcp"
                        },
                    ]
                    readonlyRootFilesystem = false
                    secrets                = [
                        {
                            name      = "CHARACTER_MAP"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:characterMap::"
                        },
                        {
                            name      = "DATABASE_READ_HOST"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ListAPI/Prod/READITLA_DB:read_host::"
                        },
                        {
                            name      = "DATABASE_READ_PASSWORD"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ListAPI/Prod/READITLA_DB:read_password::"
                        },
                        {
                            name      = "DATABASE_READ_USER"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ListAPI/Prod/READITLA_DB:read_username::"
                        },
                        {
                            name      = "DATABASE_WRITE_HOST"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ListAPI/Prod/READITLA_DB:write_host::"
                        },
                        {
                            name      = "DATABASE_WRITE_PASSWORD"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ListAPI/Prod/READITLA_DB:write_password::"
                        },
                        {
                            name      = "DATABASE_WRITE_USER"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ListAPI/Prod/READITLA_DB:write_username::"
                        },
                        {
                            name      = "LETTER_INDEX"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:letterIndex::"
                        },
                        {
                            name      = "MD5_RANDOMIZER"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:md5Randomizer::"
                        },
                        {
                            name      = "PARSER_DOMAIN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/ListAPI/Prod/PARSER_DOMAIN"
                        },
                        {
                            name      = "POSITION_MAP"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:positionMap::"
                        },
                        {
                            name      = "SALT_1"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:salt1::"
                        },
                        {
                            name      = "SALT_2"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:salt2::"
                        },
                        {
                            name      = "SENTRY_DSN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/ListAPI/Prod/SENTRY_DSN"
                        },
                        {
                            name      = "SNOWPLOW_ENDPOINT"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/ListAPI/Prod/SNOWPLOW_ENDPOINT"
                        },
                        {
                            name      = "UNLEASH_ENDPOINT"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/ListAPI/Prod/UNLEASH_ENDPOINT"
                        },
                        {
                            name      = "UNLEASH_KEY"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ListAPI/Prod/UNLEASH_KEY"
                        },
                    ]
                    systemControls         = []
                    volumesFrom            = []
                },
              + {
                  + environment            = [
                      + {
                          + name  = "DEPLOYMENT_ENVIRONMENT_NAME"
                          + value = "prod"
                        },
                    ]
                  + essential              = true
                  + image                  = "pocket/opentelemetry-collector-contrib"
                  + logConfiguration       = {
                      + logDriver     = "awslogs"
                      + options       = {
                          + awslogs-group             = "/Backend/ListAPI-Prod/ecs/otel-collector"
                          + awslogs-multiline-pattern = "^\\S.+"
                          + awslogs-region            = "us-east-1"
                          + awslogs-stream-prefix     = "ecs"
                        }
                      + secretOptions = []
                    }
                  + mountPoints            = []
                  + name                   = "otel-collector"
                  + portMappings           = [
                      + {
                          + containerPort = 4138
                          + hostPort      = 4138
                          + protocol      = "tcp"
                        },
                      + {
                          + containerPort = 4137
                          + hostPort      = 4137
                          + protocol      = "tcp"
                        },
                      + {
                          + containerPort = 55681
                          + hostPort      = 55681
                          + protocol      = "tcp"
                        },
                    ]
                  + readonlyRootFilesystem = false
                  + repositoryCredentials  = {
                      + credentialsParameter = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/DockerHub"
                    }
                  + secrets                = [
                      + {
                          + name      = "GOOGLE_APPLICATION_CREDENTIALS_JSON"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/GCP_SA_TRACES:::"
                        },
                    ]
                  + systemControls         = []
                  + volumesFrom            = []
                },
            ] # forces replacement
        )
      ~ id                       = "ListAPI-Prod" -> (known after apply)
      ~ revision                 = 1271 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket"
            "component_code" = "pocket-listapi"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "ListAPI"
        }
        # (12 unchanged attributes hidden)
    }

  # aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 will be updated in-place
  ~ resource "aws_iam_policy" "application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6" {
        id               = "arn:aws:iam::996905175585:policy/ListAPI-Prod-TaskRolePolicy"
        name             = "ListAPI-Prod-TaskRolePolicy"
      ~ policy           = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action   = [
                          - "xray:PutTraceSegments",
                          - "xray:PutTelemetryRecords",
                          - "xray:GetSamplingTargets",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingRules",
                            "logs:PutLogEvents",
                            # (4 unchanged elements hidden)
                        ]
                      - Sid      = ""
                        # (2 unchanged attributes hidden)
                    },
                  ~ {
                      - Sid      = ""
                        # (3 unchanged attributes hidden)
                    },
                  ~ {
                      - Sid      = ""
                        # (3 unchanged attributes hidden)
                    },
                  ~ {
                      - Sid      = ""
                        # (3 unchanged attributes hidden)
                    },
                  ~ {
                      - Sid      = ""
                        # (3 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        tags             = {
            "app_code"       = "pocket"
            "component_code" = "pocket-listapi"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "ListAPI"
        }
        # (7 unchanged attributes hidden)
    }

Plan: 2 to add, 1 to change, 1 to destroy.

Changes to Outputs:
  ~ ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/ListAPI-Prod:1271" -> (known after apply)

[github-actions]

Plan Result (v3-proxy-api-cdk-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 0 to change, 4 to destroy.

• Create
  • aws_cloudwatch_log_group.otel-collector-log-group
• Delete
  • aws_cloudwatch_log_group.aws-otel-collector-log-group
  • aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6
  • aws_iam_role_policy_attachment.application_ecs_service_ecs-iam_ecs-task-custom-attachment_F8DDD355
• Replace
  • aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4

Change Result (Click me)

  # aws_cloudwatch_log_group.aws-otel-collector-log-group will be destroyed
  # (because aws_cloudwatch_log_group.aws-otel-collector-log-group is not in configuration)
  - resource "aws_cloudwatch_log_group" "aws-otel-collector-log-group" {
      - arn               = "arn:aws:logs:us-east-1:996905175585:log-group:/Backend/V3ProxyApi-Prod/ecs/aws-otel-collector" -> null
      - id                = "/Backend/V3ProxyApi-Prod/ecs/aws-otel-collector" -> null
      - log_group_class   = "STANDARD" -> null
      - name              = "/Backend/V3ProxyApi-Prod/ecs/aws-otel-collector" -> null
      - retention_in_days = 90 -> null
      - skip_destroy      = true -> null
      - tags              = {
          - "app_code"       = "pocket"
          - "component_code" = "pocket-v3proxyapi"
          - "costCenter"     = "Pocket"
          - "env_code"       = "prod"
          - "environment"    = "Prod"
          - "owner"          = "Pocket"
          - "service"        = "V3ProxyApi"
        } -> null
      - tags_all          = {
          - "app_code"       = "pocket"
          - "component_code" = "pocket-v3proxyapi"
          - "costCenter"     = "Pocket"
          - "env_code"       = "prod"
          - "environment"    = "Prod"
          - "owner"          = "Pocket"
          - "service"        = "V3ProxyApi"
        } -> null
        # (2 unchanged attributes hidden)
    }

  # aws_cloudwatch_log_group.otel-collector-log-group will be created
  + resource "aws_cloudwatch_log_group" "otel-collector-log-group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/Backend/V3ProxyApi-Prod/ecs/otel-collector"
      + name_prefix       = (known after apply)
      + retention_in_days = 90
      + skip_destroy      = true
      + tags              = {
          + "app_code"       = "pocket"
          + "component_code" = "pocket-v3proxyapi"
          + "costCenter"     = "Pocket"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "V3ProxyApi"
        }
      + tags_all          = {
          + "app_code"       = "pocket"
          + "component_code" = "pocket-v3proxyapi"
          + "costCenter"     = "Pocket"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "V3ProxyApi"
        }
    }

  # aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4 must be replaced
-/+ resource "aws_ecs_task_definition" "application_ecs_service_ecs-task_461CC9D4" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/V3ProxyApi-Prod:309" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/V3ProxyApi-Prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
                {
                    environment            = [
                        {
                            name  = "ENVIRONMENT"
                            value = "production"
                        },
                        {
                            name  = "NODE_ENV"
                            value = "production"
                        },
                    ]
                    essential              = true
                    healthCheck            = {
                        command     = [
                            "CMD-SHELL",
                            "curl -f http://localhost:4030/.well-known/server-health || exit 1",
                        ]
                        interval    = 15
                        retries     = 3
                        startPeriod = 0
                        timeout     = 5
                    }
                    image                  = "996905175585.dkr.ecr.us-east-1.amazonaws.com/v3proxyapi-prod-app:latest"
                    logConfiguration       = {
                        logDriver     = "awslogs"
                        options       = {
                            awslogs-group             = "/Backend/V3ProxyApi-Prod/ecs/app"
                            awslogs-multiline-pattern = "^\\S.+"
                            awslogs-region            = "us-east-1"
                            awslogs-stream-prefix     = "ecs"
                        }
                        secretOptions = []
                    }
                    mountPoints            = []
                    name                   = "app"
                    portMappings           = [
                        {
                            containerPort = 4030
                            hostPort      = 4030
                            protocol      = "tcp"
                        },
                    ]
                    readonlyRootFilesystem = false
                    secrets                = [
                        {
                            name      = "SENTRY_DSN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/V3ProxyApi/Prod/SENTRY_DSN"
                        },
                        {
                            name      = "UNLEASH_ENDPOINT"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod/UNLEASH_ENDPOINT"
                        },
                        {
                            name      = "UNLEASH_KEY"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:V3ProxyApi/Prod/UNLEASH_KEY"
                        },
                    ]
                    systemControls         = []
                    volumesFrom            = []
                },
              ~ {
                  - command                = [
                      - "--config=/etc/ecs/ecs-xray.yaml",
                    ]
                  ~ environment            = [
                      + {
                          + name  = "DEPLOYMENT_ENVIRONMENT_NAME"
                          + value = "prod"
                        },
                    ]
                  ~ image                  = "amazon/aws-otel-collector" -> "pocket/opentelemetry-collector-contrib"
                  ~ logConfiguration       = {
                      ~ options       = {
                          ~ awslogs-group             = "/Backend/V3ProxyApi-Prod/ecs/aws-otel-collector" -> "/Backend/V3ProxyApi-Prod/ecs/otel-collector"
                            # (3 unchanged attributes hidden)
                        }
                        # (2 unchanged attributes hidden)
                    }
                  ~ name                   = "aws-otel-collector" -> "otel-collector"
                  ~ portMappings           = [
                        # (1 unchanged element hidden)
                        {
                            containerPort = 4137
                            hostPort      = 4137
                            protocol      = "tcp"
                        },
                      + {
                          + containerPort = 55681
                          + hostPort      = 55681
                          + protocol      = "tcp"
                        },
                    ]
                  + secrets                = [
                      + {
                          + name      = "GOOGLE_APPLICATION_CREDENTIALS_JSON"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/GCP_SA_TRACES:::"
                        },
                    ]
                    # (6 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "V3ProxyApi-Prod" -> (known after apply)
      ~ revision                 = 309 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket"
            "component_code" = "pocket-v3proxyapi"
            "costCenter"     = "Pocket"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "V3ProxyApi"
        }
        # (12 unchanged attributes hidden)
    }

  # aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 will be destroyed
  # (because aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 is not in configuration)
  - resource "aws_iam_policy" "application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6" {
      - arn              = "arn:aws:iam::996905175585:policy/V3ProxyApi-Prod-TaskRolePolicy" -> null
      - attachment_count = 1 -> null
      - id               = "arn:aws:iam::996905175585:policy/V3ProxyApi-Prod-TaskRolePolicy" -> null
      - name             = "V3ProxyApi-Prod-TaskRolePolicy" -> null
      - path             = "/" -> null
      - policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "xray:PutTraceSegments",
                          - "xray:PutTelemetryRecords",
                          - "xray:GetSamplingTargets",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingRules",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id        = "ANPA6QHBNZIQ3AF57MQGY" -> null
      - tags             = {
          - "app_code"       = "pocket"
          - "component_code" = "pocket-v3proxyapi"
          - "costCenter"     = "Pocket"
          - "env_code"       = "prod"
          - "environment"    = "Prod"
          - "owner"          = "Pocket"
          - "service"        = "V3ProxyApi"
        } -> null
      - tags_all         = {
          - "app_code"       = "pocket"
          - "component_code" = "pocket-v3proxyapi"
          - "costCenter"     = "Pocket"
          - "env_code"       = "prod"
          - "environment"    = "Prod"
          - "owner"          = "Pocket"
          - "service"        = "V3ProxyApi"
        } -> null
        # (2 unchanged attributes hidden)
    }

  # aws_iam_role_policy_attachment.application_ecs_service_ecs-iam_ecs-task-custom-attachment_F8DDD355 will be destroyed
  # (because aws_iam_role_policy_attachment.application_ecs_service_ecs-iam_ecs-task-custom-attachment_F8DDD355 is not in configuration)
  - resource "aws_iam_role_policy_attachment" "application_ecs_service_ecs-iam_ecs-task-custom-attachment_F8DDD355" {
      - id         = "V3ProxyApi-Prod-TaskRole-2023021323181831660000000a" -> null
      - policy_arn = "arn:aws:iam::996905175585:policy/V3ProxyApi-Prod-TaskRolePolicy" -> null
      - role       = "V3ProxyApi-Prod-TaskRole" -> null
    }

Plan: 2 to add, 0 to change, 4 to destroy.

Changes to Outputs:
  ~ ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/V3ProxyApi-Prod:309" -> (known after apply)

[github-actions]

Plan Result (parser-graphql-wrapper-cdk-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 1 to change, 1 to destroy.

• Create
  • aws_cloudwatch_log_group.otel-collector-log-group
• Update
  • aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6
• Replace
  • aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4

Change Result (Click me)

  # aws_cloudwatch_log_group.otel-collector-log-group will be created
  + resource "aws_cloudwatch_log_group" "otel-collector-log-group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/Backend/ParserGraphQLWrapper-Prod/ecs/otel-collector"
      + name_prefix       = (known after apply)
      + retention_in_days = 90
      + skip_destroy      = true
      + tags              = {
          + "app_code"       = "pocket-content-shared"
          + "component_code" = "pocket-content-shared-parsergraphqlwrapper"
          + "costCenter"     = "Shared"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "ParserGraphQLWrapper"
        }
      + tags_all          = {
          + "app_code"       = "pocket-content-shared"
          + "component_code" = "pocket-content-shared-parsergraphqlwrapper"
          + "costCenter"     = "Shared"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "ParserGraphQLWrapper"
        }
    }

  # aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4 must be replaced
-/+ resource "aws_ecs_task_definition" "application_ecs_service_ecs-task_461CC9D4" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/ParserGraphQLWrapper-Prod:996" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/ParserGraphQLWrapper-Prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
                {
                    environment            = [
                        {
                            name  = "AWS_REGION"
                            value = "us-east-1"
                        },
                        {
                            name  = "ENVIRONMENT"
                            value = "production"
                        },
                        {
                            name  = "ITEM_SUMMARY_TABLE"
                            value = "PARSER-Prod-item-summary"
                        },
                        {
                            name  = "REDIS_IS_CLUSTER"
                            value = "false"
                        },
                        {
                            name  = "REDIS_IS_TLS"
                            value = "false"
                        },
                        {
                            name  = "REDIS_PRIMARY_ENDPOINT"
                            value = "parsergraphqlwrapper-prod-reserved.zcx42u.ng.0001.use1.cache.amazonaws.com"
                        },
                        {
                            name  = "REDIS_READER_ENDPOINT"
                            value = "parsergraphqlwrapper-prod-reserved-ro.zcx42u.ng.0001.use1.cache.amazonaws.com"
                        },
                    ]
                    essential              = true
                    healthCheck            = {
                        command     = [
                            "CMD-SHELL",
                            "curl -f http://localhost:4001/.well-known/apollo/server-health || exit 1",
                        ]
                        interval    = 5
                        retries     = 3
                        startPeriod = 30
                        timeout     = 5
                    }
                    image                  = "996905175585.dkr.ecr.us-east-1.amazonaws.com/parsergraphqlwrapper-prod-app:latest"
                    logConfiguration       = {
                        logDriver     = "awslogs"
                        options       = {
                            awslogs-group             = "/Backend/ParserGraphQLWrapper-Prod/ecs/app"
                            awslogs-multiline-pattern = "^\\S.+"
                            awslogs-region            = "us-east-1"
                            awslogs-stream-prefix     = "ecs"
                        }
                        secretOptions = []
                    }
                    mountPoints            = []
                    name                   = "app"
                    portMappings           = [
                        {
                            containerPort = 4001
                            hostPort      = 4001
                            protocol      = "tcp"
                        },
                    ]
                    readonlyRootFilesystem = false
                    secrets                = [
                        {
                            name      = "CHARACTER_MAP"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:characterMap::"
                        },
                        {
                            name      = "DB_HOST"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserGraphQLWrapper/Prod/READITLA_DB:host::"
                        },
                        {
                            name      = "DB_PASSWORD"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserGraphQLWrapper/Prod/READITLA_DB:password::"
                        },
                        {
                            name      = "DB_USERNAME"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserGraphQLWrapper/Prod/READITLA_DB:username::"
                        },
                        {
                            name      = "LETTER_INDEX"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:letterIndex::"
                        },
                        {
                            name      = "MD5_RANDOMIZER"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:md5Randomizer::"
                        },
                        {
                            name      = "PARSER_BASE_ENDPOINT"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserWrapperApi/Prod/SECRETS:parser_base_endpoint::"
                        },
                        {
                            name      = "PARSER_DATA_PATH"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserWrapperApi/Prod/SECRETS:parser_data_path::"
                        },
                        {
                            name      = "POCKET_SHARES_DATABASE_WRITE_HOST"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserWrapperApi/Prod/POCKET_SHARES:host::"
                        },
                        {
                            name      = "POCKET_SHARES_DATABASE_WRITE_PASSWORD"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserWrapperApi/Prod/POCKET_SHARES:password::"
                        },
                        {
                            name      = "POCKET_SHARES_DATABASE_WRITE_USER"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserWrapperApi/Prod/POCKET_SHARES:username::"
                        },
                        {
                            name      = "POSITION_MAP"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:positionMap::"
                        },
                        {
                            name      = "SALT_1"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:salt1::"
                        },
                        {
                            name      = "SALT_2"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/IntMask:salt2::"
                        },
                        {
                            name      = "SENTRY_DSN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/ParserGraphQLWrapper/Prod/SENTRY_DSN"
                        },
                        {
                            name      = "SHORT_CODE_CHARS"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserWrapperApi/Prod/SECRETS:short_code_chars::"
                        },
                        {
                            name      = "SHORT_PREFIX"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserWrapperApi/Prod/SECRETS:short_prefix::"
                        },
                        {
                            name      = "SHORT_PREFIX_SECURE"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserWrapperApi/Prod/SECRETS:short_prefix_secure::"
                        },
                        {
                            name      = "UNLEASH_ENDPOINT"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/Shared/Prod/UNLEASH_ENDPOINT"
                        },
                        {
                            name      = "UNLEASH_KEY"
                            valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:ParserGraphQLWrapper/Prod/UNLEASH_KEY"
                        },
                    ]
                    systemControls         = []
                    volumesFrom            = []
                },
              + {
                  + environment            = [
                      + {
                          + name  = "DEPLOYMENT_ENVIRONMENT_NAME"
                          + value = "prod"
                        },
                    ]
                  + essential              = true
                  + image                  = "pocket/opentelemetry-collector-contrib"
                  + logConfiguration       = {
                      + logDriver     = "awslogs"
                      + options       = {
                          + awslogs-group             = "/Backend/ParserGraphQLWrapper-Prod/ecs/otel-collector"
                          + awslogs-multiline-pattern = "^\\S.+"
                          + awslogs-region            = "us-east-1"
                          + awslogs-stream-prefix     = "ecs"
                        }
                      + secretOptions = []
                    }
                  + mountPoints            = []
                  + name                   = "otel-collector"
                  + portMappings           = [
                      + {
                          + containerPort = 4138
                          + hostPort      = 4138
                          + protocol      = "tcp"
                        },
                      + {
                          + containerPort = 4137
                          + hostPort      = 4137
                          + protocol      = "tcp"
                        },
                      + {
                          + containerPort = 55681
                          + hostPort      = 55681
                          + protocol      = "tcp"
                        },
                    ]
                  + readonlyRootFilesystem = false
                  + repositoryCredentials  = {
                      + credentialsParameter = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/DockerHub"
                    }
                  + secrets                = [
                      + {
                          + name      = "GOOGLE_APPLICATION_CREDENTIALS_JSON"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/GCP_SA_TRACES"
                        },
                    ]
                  + systemControls         = []
                  + volumesFrom            = []
                },
            ] # forces replacement
        )
      ~ id                       = "ParserGraphQLWrapper-Prod" -> (known after apply)
      ~ revision                 = 996 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket-content-shared"
            "component_code" = "pocket-content-shared-parsergraphqlwrapper"
            "costCenter"     = "Shared"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "ParserGraphQLWrapper"
        }
        # (12 unchanged attributes hidden)
    }

  # aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 will be updated in-place
  ~ resource "aws_iam_policy" "application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6" {
        id               = "arn:aws:iam::996905175585:policy/ParserGraphQLWrapper-Prod-TaskRolePolicy"
        name             = "ParserGraphQLWrapper-Prod-TaskRolePolicy"
      ~ policy           = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action   = [
                          - "xray:PutTraceSegments",
                          - "xray:PutTelemetryRecords",
                          - "xray:GetSamplingTargets",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingRules",
                            "logs:PutLogEvents",
                            # (4 unchanged elements hidden)
                        ]
                        # (2 unchanged attributes hidden)
                    },
                    {
                        Action   = [
                            "dynamodb:UpdateItem",
                            "dynamodb:Scan",
                            "dynamodb:Query",
                            "dynamodb:PutItem",
                            "dynamodb:Get*",
                            "dynamodb:DescribeTable",
                            "dynamodb:Delete*",
                            "dynamodb:BatchWrite*",
                            "dynamodb:BatchGet*",
                        ]
                        Effect   = "Allow"
                        Resource = [
                            "arn:aws:dynamodb:us-east-1:996905175585:table/PARSER-Prod-item-summary/*",
                            "arn:aws:dynamodb:us-east-1:996905175585:table/PARSER-Prod-item-summary",
                        ]
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        tags             = {
            "app_code"       = "pocket-content-shared"
            "component_code" = "pocket-content-shared-parsergraphqlwrapper"
            "costCenter"     = "Shared"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "ParserGraphQLWrapper"
        }
        # (7 unchanged attributes hidden)
    }

Plan: 2 to add, 1 to change, 1 to destroy.

Changes to Outputs:
  ~ ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/ParserGraphQLWrapper-Prod:996" -> (known after apply)

[github-actions]

Plan Result (client-api-cdk-production)

CI link

⚠️ Resource Deletion will happen ⚠️

This plan contains resource delete operation. Please check the plan result very carefully!

Plan: 2 to add, 0 to change, 3 to destroy.

• Create
  • aws_cloudwatch_log_group.otel-collector-log-group
• Delete
  • aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6
  • aws_iam_role_policy_attachment.application_ecs_service_ecs-iam_ecs-task-custom-attachment_F8DDD355
• Replace
  • aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4

Change Result (Click me)

  # aws_cloudwatch_log_group.otel-collector-log-group will be created
  + resource "aws_cloudwatch_log_group" "otel-collector-log-group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/Backend/ClientAPI-Prod/ecs/otel-collector"
      + name_prefix       = (known after apply)
      + retention_in_days = 90
      + skip_destroy      = true
      + tags              = {
          + "app_code"       = "pocket-content-shared"
          + "component_code" = "pocket-content-shared-clientapi"
          + "costCenter"     = "Shared"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "ClientAPI"
        }
      + tags_all          = {
          + "app_code"       = "pocket-content-shared"
          + "component_code" = "pocket-content-shared-clientapi"
          + "costCenter"     = "Shared"
          + "env_code"       = "prod"
          + "environment"    = "Prod"
          + "owner"          = "Pocket"
          + "service"        = "ClientAPI"
        }
    }

  # aws_ecs_task_definition.application_ecs_service_ecs-task_461CC9D4 must be replaced
-/+ resource "aws_ecs_task_definition" "application_ecs_service_ecs-task_461CC9D4" {
      ~ arn                      = "arn:aws:ecs:us-east-1:996905175585:task-definition/ClientAPI-Prod:465" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-1:996905175585:task-definition/ClientAPI-Prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
                {
                    environment            = [
                        {
                            name  = "APOLLO_GRAPH_REF"
                            value = "pocket-client-api@current"
                        },
                        {
                            name  = "APP_ENVIRONMENT"
                            value = "production"
                        },
                        {
                            name  = "OTLP_COLLECTOR_HOST"
                            value = "localhost"
                        },
                        {
                            name  = "PORT"
                            value = "4001"
                        },
                        {
                            name  = "REDIS_ENDPOINT"
                            value = "clientapi-prod-serverless-zcx42u.serverless.use1.cache.amazonaws.com"
                        },
                    ]
                    essential              = true
                    healthCheck            = {
                        command     = [
                            "CMD-SHELL",
                            "curl -f http://localhost:4001/.well-known/apollo/server-health || exit 1",
                        ]
                        interval    = 15
                        retries     = 3
                        startPeriod = 0
                        timeout     = 5
                    }
                    image                  = "996905175585.dkr.ecr.us-east-1.amazonaws.com/clientapi-prod-app:latest"
                    logConfiguration       = {
                        logDriver     = "awslogs"
                        options       = {
                            awslogs-group             = "/Backend/ClientAPI-Prod/ecs/app"
                            awslogs-multiline-pattern = "^\\S.+"
                            awslogs-region            = "us-east-1"
                            awslogs-stream-prefix     = "ecs"
                        }
                        secretOptions = []
                    }
                    mountPoints            = []
                    name                   = "app"
                    portMappings           = [
                        {
                            containerPort = 4001
                            hostPort      = 4001
                            protocol      = "tcp"
                        },
                    ]
                    readonlyRootFilesystem = false
                    secrets                = [
                        {
                            name      = "APOLLO_KEY"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/ClientAPI/Prod/APOLLO_KEY"
                        },
                        {
                            name      = "SENTRY_DSN"
                            valueFrom = "arn:aws:ssm:us-east-1:996905175585:parameter/ClientAPI/Prod/SENTRY_DSN"
                        },
                    ]
                    systemControls         = []
                    volumesFrom            = []
                },
              + {
                  + environment            = [
                      + {
                          + name  = "DEPLOYMENT_ENVIRONMENT_NAME"
                          + value = "prod"
                        },
                    ]
                  + essential              = true
                  + image                  = "pocket/opentelemetry-collector-contrib"
                  + logConfiguration       = {
                      + logDriver     = "awslogs"
                      + options       = {
                          + awslogs-group             = "/Backend/ClientAPI-Prod/ecs/otel-collector"
                          + awslogs-multiline-pattern = "^\\S.+"
                          + awslogs-region            = "us-east-1"
                          + awslogs-stream-prefix     = "ecs"
                        }
                      + secretOptions = []
                    }
                  + mountPoints            = []
                  + name                   = "otel-collector"
                  + portMappings           = [
                      + {
                          + containerPort = 4138
                          + hostPort      = 4138
                          + protocol      = "tcp"
                        },
                      + {
                          + containerPort = 4137
                          + hostPort      = 4137
                          + protocol      = "tcp"
                        },
                      + {
                          + containerPort = 55681
                          + hostPort      = 55681
                          + protocol      = "tcp"
                        },
                    ]
                  + readonlyRootFilesystem = false
                  + repositoryCredentials  = {
                      + credentialsParameter = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/DockerHub"
                    }
                  + secrets                = [
                      + {
                          + name      = "GOOGLE_APPLICATION_CREDENTIALS_JSON"
                          + valueFrom = "arn:aws:secretsmanager:us-east-1:996905175585:secret:Shared/GCP_SA_TRACES:::"
                        },
                    ]
                  + systemControls         = []
                  + volumesFrom            = []
                },
            ] # forces replacement
        )
      ~ id                       = "ClientAPI-Prod" -> (known after apply)
      ~ revision                 = 465 -> (known after apply)
        tags                     = {
            "app_code"       = "pocket-content-shared"
            "component_code" = "pocket-content-shared-clientapi"
            "costCenter"     = "Shared"
            "env_code"       = "prod"
            "environment"    = "Prod"
            "owner"          = "Pocket"
            "service"        = "ClientAPI"
        }
        # (12 unchanged attributes hidden)
    }

  # aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 will be destroyed
  # (because aws_iam_policy.application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6 is not in configuration)
  - resource "aws_iam_policy" "application_ecs_service_ecs-iam_ecs-task-role-policy_6FC89FB6" {
      - arn              = "arn:aws:iam::996905175585:policy/ClientAPI-Prod-TaskRolePolicy" -> null
      - attachment_count = 1 -> null
      - id               = "arn:aws:iam::996905175585:policy/ClientAPI-Prod-TaskRolePolicy" -> null
      - name             = "ClientAPI-Prod-TaskRolePolicy" -> null
      - path             = "/" -> null
      - policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "xray:PutTraceSegments",
                          - "xray:PutTelemetryRecords",
                          - "xray:GetSamplingTargets",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingRules",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> null
      - policy_id        = "ANPA6QHBNZIQ32KV3R2ZP" -> null
      - tags             = {
          - "app_code"       = "pocket-content-shared"
          - "component_code" = "pocket-content-shared-clientapi"
          - "costCenter"     = "Shared"
          - "env_code"       = "prod"
          - "environment"    = "Prod"
          - "owner"          = "Pocket"
          - "service"        = "ClientAPI"
        } -> null
      - tags_all         = {
          - "app_code"       = "pocket-content-shared"
          - "component_code" = "pocket-content-shared-clientapi"
          - "costCenter"     = "Shared"
          - "env_code"       = "prod"
          - "environment"    = "Prod"
          - "owner"          = "Pocket"
          - "service"        = "ClientAPI"
        } -> null
        # (2 unchanged attributes hidden)
    }

  # aws_iam_role_policy_attachment.application_ecs_service_ecs-iam_ecs-task-custom-attachment_F8DDD355 will be destroyed
  # (because aws_iam_role_policy_attachment.application_ecs_service_ecs-iam_ecs-task-custom-attachment_F8DDD355 is not in configuration)
  - resource "aws_iam_role_policy_attachment" "application_ecs_service_ecs-iam_ecs-task-custom-attachment_F8DDD355" {
      - id         = "ClientAPI-Prod-TaskRole-2021011323491699060000000c" -> null
      - policy_arn = "arn:aws:iam::996905175585:policy/ClientAPI-Prod-TaskRolePolicy" -> null
      - role       = "ClientAPI-Prod-TaskRole" -> null
    }

Plan: 2 to add, 0 to change, 3 to destroy.

Changes to Outputs:
  ~ ecs-task-arn           = "arn:aws:ecs:us-east-1:996905175585:task-definition/ClientAPI-Prod:465" -> (known after apply)

[bassrock]

These are headers that we add to our trace data, we could expand this in the future. This should be enough to correlate with sentry

[kschelonka]

does applicationname map to consumer key?

[github-actions]

🎉 This PR is included in version @pocket-tools/feature-flags-client-v1.0.0 🎉

The release is available on:

• @pocket-tools/feature-flags-client-v1.0.0
• GitHub release

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version @pocket-tools/sentry-v1.0.0 🎉

The release is available on:

• @pocket-tools/sentry-v1.0.0
• GitHub release

Your semantic-release bot 📦🚀