BCP early stages #1226
Closed
BCP early stages #1226
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ben851
reviewed
Mar 26, 2024
aws/common/s3.tf
Outdated
| @@ -25,6 +25,7 @@ resource "aws_s3_bucket" "csv_bucket" { | |||
|
|
|||
| #tfsec:ignore:AWS077 - Versioning is not enabled | |||
| logging { | |||
| target_prefix = var.env | |||
There was a problem hiding this comment.
We had to add this in order to get the s3 buckets to deploy - this must be a new requirement by SRE.
There was a problem hiding this comment.
Followed up with SRE, it's actually a new requirement from the AWS API.
This shouldn't really belong in scratch. it doesn't apply and could be confusing
|
Will wait to merge this in the am 👍 |
…rm into scratch-env
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
fixing staging and fixed checkov |
Staging: quicksight✅ Terraform Init: Plan: 0 to add, 0 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_quicksight_account_subscription.subscription[0] will be destroyed
# (because index [0] is out of range for count)
# (moved from aws_quicksight_account_subscription.subscription)
- resource "aws_quicksight_account_subscription" "subscription" {
- account_name = "quicksight-staging-239043911459" -> null
- account_subscription_status = "ACCOUNT_CREATED" -> null
- authentication_method = "IAM_ONLY" -> null
- edition = "ENTERPRISE" -> null
- id = "239043911459" -> null
- notification_email = "[email protected]" -> null
}
Plan: 0 to add, 0 to change, 1 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_cloudformation_stack.sms-usage-notifications"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight-rds"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight-s3-usage"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight_vpc_connection_ec2"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.quicksight_vpc_connection_iam"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.quicksight"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.vpc_connection_role"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.jobs"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.login_events"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.notifications"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.organisation"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.services"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.sms_usage"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.templates"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_set.users"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_source.rds"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_data_source.s3_sms_usage"]
WARN - plan.json - main - Missing Common Tags: ["aws_quicksight_vpc_connection.rds"]
WARN - plan.json - main - Missing Common Tags: ["aws_s3_object.manifest_file"]
38 tests, 19 passed, 19 warnings, 0 failures, 0 exceptions
|
Staging: common✅ Terraform Init: Plan: 0 to add, 0 to change, 15 to destroyShow summary
Show planResource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_acm_certificate.client_vpn will be destroyed
# (because aws_acm_certificate.client_vpn is not in configuration)
- resource "aws_acm_certificate" "client_vpn" {
- arn = "arn:aws:acm:ca-central-1:239043911459:certificate/4a2d1268-b54e-4643-9fac-cc6a241d963b" -> null
- certificate_body = <<-EOT
-----BEGIN CERTIFICATE-----
MIIDNDCCAhygAwIBAgIRAPNJVVYqgxJFRPxWO/PRza0wDQYJKoZIhvcNAQELBQAw
LTErMCkGA1UEAxMidnBuLnN0YWdpbmcubm90aWZpY2F0aW9uLmNhbmFkYS5jYTAe
Fw0yNDAxMTAxNDE1NTZaFw0yOTAxMDgxNDE1NTZaMC0xKzApBgNVBAMTInZwbi5z
dGFnaW5nLm5vdGlmaWNhdGlvbi5jYW5hZGEuY2EwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR9rB9AqpWHh5qc8gLYzi5wqLqANfSsvF+ldYMqm4pj01U
1XDgq9yZXLmJTY/U4bJ8bPyg5GOtsK78YlpgvGlQ44pGDIV+1zKhQ7KwiBun2uPm
pTDYba9N/4l5jmk51ZZHzDJKwJAUz5N4fNTOt8OlQd4keTPzbScOtJzCp6JRiIr0
0ZZHcmBXVIRaQUjEwl+lUxkIK6Pvsq6COxhAsNf9LhXoN3pSbfwm5+kGsKfSnytx
WNLYVzXhJGAZlOgmpGDKGjdIfpf1mH8UnANINn9BUKgSMZ2gjqbdcBL219jH5raY
iy4AnzGQmvpd3QyS6jobSNafsaJoCwyVl2BenTt5AgMBAAGjTzBNMA4GA1UdDwEB
/wQEAwICpDAtBgNVHSUEJjAkBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMG
BgRVHSUAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAFbZAlivYFin
FzcrTHX9G7GXzNqXQdoI4iOAsAtYrxnZh/oLUnl7fhuAsph1C74ZBRoNiVNfjpWO
/jQcvg4MPHus2H9Of/oz2HwL0frXQ24Rh1RUnH201qS4LOPhCoA2dHrPsrplDV7H
Z5gjyGnxsRxTIaWb9Pv/VYnnZd88TWj5Ds3cH1vInv8Y4nq8d5CY7xR1txGyASf5
lpDm+JfugwDRPlJQEJ9ST2xIAAP+GCOJk+59PefylI2dH3EGwgRh7831Bsine64l
blDP2vMM4oA+ocAR422QE2xv22NpZDss1ZJmEunm946Jw/YpKihXFunID4r4sdWg
TFrv5DzvP7w=
-----END CERTIFICATE-----
EOT -> null
- domain_name = "vpn.staging.notification.canada.ca" -> null
- domain_validation_options = [] -> null
- id = "arn:aws:acm:ca-central-1:239043911459:certificate/4a2d1268-b54e-4643-9fac-cc6a241d963b" -> null
- key_algorithm = "RSA_2048" -> null
- not_after = "2029-01-08T14:15:56Z" -> null
- not_before = "2024-01-10T14:15:56Z" -> null
- pending_renewal = false -> null
- private_key = (sensitive value) -> null
- renewal_eligibility = "INELIGIBLE" -> null
- renewal_summary = [] -> null
- status = "ISSUED" -> null
- subject_alternative_names = [
- "vpn.staging.notification.canada.ca",
] -> null
- tags = {
- "CostCenter" = "notification-canada-ca-staging"
- "Name" = "notification-canada-ca"
} -> null
- tags_all = {
- "CostCenter" = "notification-canada-ca-staging"
- "Name" = "notification-canada-ca"
} -> null
- type = "IMPORTED" -> null
- validation_emails = [] -> null
- validation_method = "NONE" -> null
- options {
- certificate_transparency_logging_preference = "DISABLED" -> null
}
}
# tls_private_key.client_vpn will be destroyed
# (because tls_private_key.client_vpn is not in configuration)
- resource "tls_private_key" "client_vpn" {
- algorithm = "RSA" -> null
- ecdsa_curve = "P224" -> null
- id = "38efaed91d8861d9881ea9199f77a26dc796fa96" -> null
- private_key_openssh = (sensitive value) -> null
- private_key_pem = (sensitive value) -> null
- private_key_pem_pkcs8 = (sensitive value) -> null
- public_key_fingerprint_md5 = "0c:93:bf:d6:23:e6:15:43:ae:d8:72:26:6a:7b:92:91" -> null
- public_key_fingerprint_sha256 = "SHA256:oV0t0wNoWdcCWBJBsOMYlZ+yGyTF1Zw+hZLgQou6Fto" -> null
- public_key_openssh = <<-EOT
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR9rB9AqpWHh5qc8gLYzi5wqLqANfSsvF+ldYMqm4pj01U1XDgq9yZXLmJTY/U4bJ8bPyg5GOtsK78YlpgvGlQ44pGDIV+1zKhQ7KwiBun2uPmpTDYba9N/4l5jmk51ZZHzDJKwJAUz5N4fNTOt8OlQd4keTPzbScOtJzCp6JRiIr00ZZHcmBXVIRaQUjEwl+lUxkIK6Pvsq6COxhAsNf9LhXoN3pSbfwm5+kGsKfSnytxWNLYVzXhJGAZlOgmpGDKGjdIfpf1mH8UnANINn9BUKgSMZ2gjqbdcBL219jH5raYiy4AnzGQmvpd3QyS6jobSNafsaJoCwyVl2BenTt5
EOT -> null
- public_key_pem = <<-EOT
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fawfQKqVh4eanPIC2M4
ucKi6gDX0rLxfpXWDKpuKY9NVNVw4KvcmVy5iU2P1OGyfGz8oORjrbCu/GJaYLxp
UOOKRgyFftcyoUOysIgbp9rj5qUw2G2vTf+JeY5pOdWWR8wySsCQFM+TeHzUzrfD
pUHeJHkz820nDrScwqeiUYiK9NGWR3JgV1SEWkFIxMJfpVMZCCuj77KugjsYQLDX
/S4V6Dd6Um38JufpBrCn0p8rcVjS2Fc14SRgGZToJqRgyho3SH6X9Zh/FJwDSDZ/
QVCoEjGdoI6m3XAS9tfYx+a2mIsuAJ8xkJr6Xd0Mkuo6G0jWn7GiaAsMlZdgXp07
eQIDAQAB
-----END PUBLIC KEY-----
EOT -> null
- rsa_bits = 2048 -> null
}
# tls_self_signed_cert.client_vpn will be destroyed
# (because tls_self_signed_cert.client_vpn is not in configuration)
- resource "tls_self_signed_cert" "client_vpn" {
- allowed_uses = [
- "key_encipherment",
- "digital_signature",
- "server_auth",
- "ipsec_end_system",
- "ipsec_tunnel",
- "any_extended",
- "cert_signing",
] -> null
- cert_pem = <<-EOT
-----BEGIN CERTIFICATE-----
MIIDNDCCAhygAwIBAgIRAPNJVVYqgxJFRPxWO/PRza0wDQYJKoZIhvcNAQELBQAw
LTErMCkGA1UEAxMidnBuLnN0YWdpbmcubm90aWZpY2F0aW9uLmNhbmFkYS5jYTAe
Fw0yNDAxMTAxNDE1NTZaFw0yOTAxMDgxNDE1NTZaMC0xKzApBgNVBAMTInZwbi5z
dGFnaW5nLm5vdGlmaWNhdGlvbi5jYW5hZGEuY2EwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDR9rB9AqpWHh5qc8gLYzi5wqLqANfSsvF+ldYMqm4pj01U
1XDgq9yZXLmJTY/U4bJ8bPyg5GOtsK78YlpgvGlQ44pGDIV+1zKhQ7KwiBun2uPm
pTDYba9N/4l5jmk51ZZHzDJKwJAUz5N4fNTOt8OlQd4keTPzbScOtJzCp6JRiIr0
0ZZHcmBXVIRaQUjEwl+lUxkIK6Pvsq6COxhAsNf9LhXoN3pSbfwm5+kGsKfSnytx
WNLYVzXhJGAZlOgmpGDKGjdIfpf1mH8UnANINn9BUKgSMZ2gjqbdcBL219jH5raY
iy4AnzGQmvpd3QyS6jobSNafsaJoCwyVl2BenTt5AgMBAAGjTzBNMA4GA1UdDwEB
/wQEAwICpDAtBgNVHSUEJjAkBggrBgEFBQcDAQYIKwYBBQUHAwUGCCsGAQUFBwMG
BgRVHSUAMAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAFbZAlivYFin
FzcrTHX9G7GXzNqXQdoI4iOAsAtYrxnZh/oLUnl7fhuAsph1C74ZBRoNiVNfjpWO
/jQcvg4MPHus2H9Of/oz2HwL0frXQ24Rh1RUnH201qS4LOPhCoA2dHrPsrplDV7H
Z5gjyGnxsRxTIaWb9Pv/VYnnZd88TWj5Ds3cH1vInv8Y4nq8d5CY7xR1txGyASf5
lpDm+JfugwDRPlJQEJ9ST2xIAAP+GCOJk+59PefylI2dH3EGwgRh7831Bsine64l
blDP2vMM4oA+ocAR422QE2xv22NpZDss1ZJmEunm946Jw/YpKihXFunID4r4sdWg
TFrv5DzvP7w=
-----END CERTIFICATE-----
EOT -> null
- early_renewal_hours = 672 -> null
- id = "323383171478002712126485895393399917997" -> null
- is_ca_certificate = false -> null
- key_algorithm = "RSA" -> null
- private_key_pem = (sensitive value) -> null
- ready_for_renewal = false -> null
- set_authority_key_id = false -> null
- set_subject_key_id = false -> null
- validity_end_time = "2029-01-08T14:15:56.516415877Z" -> null
- validity_period_hours = 43800 -> null
- validity_start_time = "2024-01-10T14:15:56.516415877Z" -> null
- subject {
- common_name = "vpn.staging.notification.canada.ca" -> null
}
}
# module.vpn.aws_cloudwatch_log_group.this will be destroyed
# (because aws_cloudwatch_log_group.this is not in configuration)
- resource "aws_cloudwatch_log_group" "this" {
- arn = "arn:aws:logs:ca-central-1:239043911459:log-group:/aws/client-vpn-endpoint/private-subnets" -> null
- id = "/aws/client-vpn-endpoint/private-subnets" -> null
- log_group_class = "STANDARD" -> null
- name = "/aws/client-vpn-endpoint/private-subnets" -> null
- retention_in_days = 14 -> null
- skip_destroy = false -> null
- tags = {
- "CostCentre" = "notification-canada-ca-staging"
- "Source" = "cds-snc/terraform-modules/client_vpn"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "notification-canada-ca-staging"
- "Source" = "cds-snc/terraform-modules/client_vpn"
- "Terraform" = "true"
} -> null
}
# module.vpn.aws_ec2_client_vpn_authorization_rule.this_internal_dns will be destroyed
# (because aws_ec2_client_vpn_authorization_rule.this_internal_dns is not in configuration)
- resource "aws_ec2_client_vpn_authorization_rule" "this_internal_dns" {
- authorize_all_groups = true -> null
- client_vpn_endpoint_id = "cvpn-endpoint-09a79e8845a82dbf3" -> null
- description = "Authorization for private-subnets to DNS" -> null
- id = "cvpn-endpoint-09a79e8845a82dbf3,10.0.0.2/32" -> null
- target_network_cidr = "10.0.0.2/32" -> null
}
# module.vpn.aws_ec2_client_vpn_authorization_rule.this_subnets["10.0.0.0/24"] will be destroyed
# (because aws_ec2_client_vpn_authorization_rule.this_subnets is not in configuration)
- resource "aws_ec2_client_vpn_authorization_rule" "this_subnets" {
- access_group_id = (sensitive value) -> null
- authorize_all_groups = false -> null
- client_vpn_endpoint_id = "cvpn-endpoint-09a79e8845a82dbf3" -> null
- description = "Rule name: 10.0.0.0/24" -> null
- id = "cvpn-endpoint-09a79e8845a82dbf3,10.0.0.0/24,bccdd5c8-d0b1-7014-c729-0a82eb2c7c36" -> null
- target_network_cidr = "10.0.0.0/24" -> null
}
# module.vpn.aws_ec2_client_vpn_authorization_rule.this_subnets["10.0.1.0/24"] will be destroyed
# (because aws_ec2_client_vpn_authorization_rule.this_subnets is not in configuration)
- resource "aws_ec2_client_vpn_authorization_rule" "this_subnets" {
- access_group_id = (sensitive value) -> null
- authorize_all_groups = false -> null
- client_vpn_endpoint_id = "cvpn-endpoint-09a79e8845a82dbf3" -> null
- description = "Rule name: 10.0.1.0/24" -> null
- id = "cvpn-endpoint-09a79e8845a82dbf3,10.0.1.0/24,bccdd5c8-d0b1-7014-c729-0a82eb2c7c36" -> null
- target_network_cidr = "10.0.1.0/24" -> null
}
# module.vpn.aws_ec2_client_vpn_authorization_rule.this_subnets["10.0.2.0/24"] will be destroyed
# (because aws_ec2_client_vpn_authorization_rule.this_subnets is not in configuration)
- resource "aws_ec2_client_vpn_authorization_rule" "this_subnets" {
- access_group_id = (sensitive value) -> null
- authorize_all_groups = false -> null
- client_vpn_endpoint_id = "cvpn-endpoint-09a79e8845a82dbf3" -> null
- description = "Rule name: 10.0.2.0/24" -> null
- id = "cvpn-endpoint-09a79e8845a82dbf3,10.0.2.0/24,bccdd5c8-d0b1-7014-c729-0a82eb2c7c36" -> null
- target_network_cidr = "10.0.2.0/24" -> null
}
# module.vpn.aws_ec2_client_vpn_endpoint.this will be destroyed
# (because aws_ec2_client_vpn_endpoint.this is not in configuration)
- resource "aws_ec2_client_vpn_endpoint" "this" {
- arn = "arn:aws:ec2:ca-central-1:239043911459:client-vpn-endpoint/cvpn-endpoint-09a79e8845a82dbf3" -> null
- client_cidr_block = "172.16.0.0/22" -> null
- description = "private-subnets" -> null
- dns_name = "*.cvpn-endpoint-09a79e8845a82dbf3.prod.clientvpn.ca-central-1.amazonaws.com" -> null
- dns_servers = [
- "10.0.0.2",
- "8.8.8.8",
] -> null
- id = "cvpn-endpoint-09a79e8845a82dbf3" -> null
- security_group_ids = [
- "sg-0bdfbec43e2883daa",
] -> null
- self_service_portal = "disabled" -> null
- server_certificate_arn = "arn:aws:acm:ca-central-1:239043911459:certificate/4a2d1268-b54e-4643-9fac-cc6a241d963b" -> null
- session_timeout_hours = 8 -> null
- split_tunnel = true -> null
- tags = {
- "CostCentre" = "notification-canada-ca-staging"
- "Source" = "cds-snc/terraform-modules/client_vpn"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "notification-canada-ca-staging"
- "Source" = "cds-snc/terraform-modules/client_vpn"
- "Terraform" = "true"
} -> null
- transport_protocol = "udp" -> null
- vpc_id = "vpc-097508d1f5e243195" -> null
- vpn_port = 443 -> null
- authentication_options {
- saml_provider_arn = "arn:aws:iam::239043911459:saml-provider/client-vpn" -> null
- type = "federated-authentication" -> null
}
- client_connect_options {
- enabled = false -> null
}
- client_login_banner_options {
- banner_text = "Welcome to the Notify STAGING Environment. This is a private network. Only authorized users may connect and should take care not to cause service disruptions." -> null
- enabled = true -> null
}
- connection_log_options {
- cloudwatch_log_group = "/aws/client-vpn-endpoint/private-subnets" -> null
- cloudwatch_log_stream = "cvpn-endpoint-09a79e8845a82dbf3-ca-central-1-2024/01/10-oicqEo4xho6L" -> null
- enabled = true -> null
}
}
# module.vpn.aws_ec2_client_vpn_network_association.this_subnets["subnet-001e585d12cce4d1e"] will be destroyed
# (because aws_ec2_client_vpn_network_association.this_subnets is not in configuration)
- resource "aws_ec2_client_vpn_network_association" "this_subnets" {
- association_id = "cvpn-assoc-03fc64a2c500dd4b9" -> null
- client_vpn_endpoint_id = "cvpn-endpoint-09a79e8845a82dbf3" -> null
- id = "cvpn-assoc-03fc64a2c500dd4b9" -> null
- subnet_id = "subnet-001e585d12cce4d1e" -> null
- vpc_id = "vpc-097508d1f5e243195" -> null
}
# module.vpn.aws_ec2_client_vpn_network_association.this_subnets["subnet-08de34a9e1a7458dc"] will be destroyed
# (because aws_ec2_client_vpn_network_association.this_subnets is not in configuration)
- resource "aws_ec2_client_vpn_network_association" "this_subnets" {
- association_id = "cvpn-assoc-0017d2ca75427e2fa" -> null
- client_vpn_endpoint_id = "cvpn-endpoint-09a79e8845a82dbf3" -> null
- id = "cvpn-assoc-0017d2ca75427e2fa" -> null
- subnet_id = "subnet-08de34a9e1a7458dc" -> null
- vpc_id = "vpc-097508d1f5e243195" -> null
}
# module.vpn.aws_ec2_client_vpn_network_association.this_subnets["subnet-0af8b8402f1d605ff"] will be destroyed
# (because aws_ec2_client_vpn_network_association.this_subnets is not in configuration)
- resource "aws_ec2_client_vpn_network_association" "this_subnets" {
- association_id = "cvpn-assoc-03b273db07dac4779" -> null
- client_vpn_endpoint_id = "cvpn-endpoint-09a79e8845a82dbf3" -> null
- id = "cvpn-assoc-03b273db07dac4779" -> null
- subnet_id = "subnet-0af8b8402f1d605ff" -> null
- vpc_id = "vpc-097508d1f5e243195" -> null
}
# module.vpn.aws_iam_saml_provider.client_vpn will be destroyed
# (because aws_iam_saml_provider.client_vpn is not in configuration)
- resource "aws_iam_saml_provider" "client_vpn" {
- arn = "arn:aws:iam::239043911459:saml-provider/client-vpn" -> null
- id = "arn:aws:iam::239043911459:saml-provider/client-vpn" -> null
- name = "client-vpn" -> null
- saml_metadata_document = (sensitive value) -> null
- tags = {
- "CostCentre" = "notification-canada-ca-staging"
- "Source" = "cds-snc/terraform-modules/client_vpn"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "notification-canada-ca-staging"
- "Source" = "cds-snc/terraform-modules/client_vpn"
- "Terraform" = "true"
} -> null
- valid_until = "2124-01-10T14:15:57Z" -> null
}
# module.vpn.aws_security_group.this will be destroyed
# (because aws_security_group.this is not in configuration)
- resource "aws_security_group" "this" {
- arn = "arn:aws:ec2:ca-central-1:239043911459:security-group/sg-0bdfbec43e2883daa" -> null
- description = "Egress All. Used to allow access to other security groups." -> null
- egress = [
- {
- cidr_blocks = [
- "0.0.0.0/0",
]
- description = ""
- from_port = 0
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "-1"
- security_groups = []
- self = false
- to_port = 0
},
] -> null
- id = "sg-0bdfbec43e2883daa" -> null
- ingress = [] -> null
- name = "client-vpn-endpoint-private-subnets" -> null
- owner_id = "239043911459" -> null
- revoke_rules_on_delete = false -> null
- tags = {
- "CostCentre" = "notification-canada-ca-staging"
- "Source" = "cds-snc/terraform-modules/client_vpn"
- "Terraform" = "true"
} -> null
- tags_all = {
- "CostCentre" = "notification-canada-ca-staging"
- "Source" = "cds-snc/terraform-modules/client_vpn"
- "Terraform" = "true"
} -> null
- vpc_id = "vpc-097508d1f5e243195" -> null
}
# module.vpn.aws_security_group_rule.egress_all will be destroyed
# (because aws_security_group_rule.egress_all is not in configuration)
- resource "aws_security_group_rule" "egress_all" {
- cidr_blocks = [
- "0.0.0.0/0",
] -> null
- from_port = 0 -> null
- id = "sgrule-1967491702" -> null
- protocol = "-1" -> null
- security_group_id = "sg-0bdfbec43e2883daa" -> null
- security_group_rule_id = "sgr-0823288f3fe6bcdda" -> null
- self = false -> null
- to_port = 0 -> null
- type = "egress" -> null
}
Plan: 0 to add, 0 to change, 15 to destroy.
Changes to Outputs:
- client_vpn_cloudwatch_log_group_name = "/aws/client-vpn-endpoint/private-subnets" -> null
- client_vpn_security_group_id = "sg-0bdfbec43e2883daa" -> null
+ vpc_private_subnet_cidr_blocks = [
+ "10.0.0.0/24",
+ "10.0.1.0/24",
+ "10.0.2.0/24",
]
Warning: Argument is deprecated
with aws_s3_bucket.csv_bucket,
on s3.tf line 5, in resource "aws_s3_bucket" "csv_bucket":
5: resource "aws_s3_bucket" "csv_bucket" {
Use the aws_s3_bucket_server_side_encryption_configuration resource instead
(and 63 more similar warnings elsewhere)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_athena_workgroup.ad_hoc"]
WARN - plan.json - main - Missing Common Tags: ["aws_athena_workgroup.build_tables"]
WARN - plan.json - main - Missing Common Tags: ["aws_athena_workgroup.primary"]
WARN - plan.json - main - Missing Common Tags: ["aws_athena_workgroup.support"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_event_rule.aws_health[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.route53_resolver_query_log[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sns_deliveries[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sns_deliveries_failures[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sns_deliveries_failures_us_west_2[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sns_deliveries_us_west_2[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.bulk-bulk-not-being-processed-critical[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.bulk-bulk-not-being-processed-warning[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.bulk-inflights-not-being-processed-critical[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.bulk-inflights-not-being-processed-warning[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.bulk-not-being-processed-critical[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.bulk-not-being-processed-warning[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.contact-3-500-error-15-minutes-critical[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.document-download-bucket-size-warning[0]"]
WARN - plan.json - main - Missing Common Tags:... |
Staging: eks✅ Terraform Init: Plan: 14 to add, 0 to change, 2 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_acm_certificate.client_vpn will be created
+ resource "aws_acm_certificate" "client_vpn" {
+ arn = (known after apply)
+ certificate_body = (known after apply)
+ domain_name = (known after apply)
+ domain_validation_options = (known after apply)
+ id = (known after apply)
+ key_algorithm = (known after apply)
+ not_after = (known after apply)
+ not_before = (known after apply)
+ pending_renewal = (known after apply)
+ private_key = (sensitive value)
+ renewal_eligibility = (known after apply)
+ renewal_summary = (known after apply)
+ status = (known after apply)
+ subject_alternative_names = (known after apply)
+ tags = {
+ "CostCenter" = "notification-canada-ca-staging"
+ "Name" = "notification-canada-ca"
}
+ tags_all = {
+ "CostCenter" = "notification-canada-ca-staging"
+ "Name" = "notification-canada-ca"
}
+ type = (known after apply)
+ validation_emails = (known after apply)
+ validation_method = (known after apply)
}
# aws_security_group_rule.client-vpn-ingress-database must be replaced
-/+ resource "aws_security_group_rule" "client-vpn-ingress-database" {
~ id = "sgrule-3436605651" -> (known after apply)
~ security_group_rule_id = "sgr-0fcff47c2d5190689" -> (known after apply)
~ source_security_group_id = "sg-0bdfbec43e2883daa" # forces replacement -> (known after apply) # forces replacement
# (7 unchanged attributes hidden)
}
# aws_security_group_rule.client-vpn-ingress-redis must be replaced
-/+ resource "aws_security_group_rule" "client-vpn-ingress-redis" {
~ id = "sgrule-607171000" -> (known after apply)
~ security_group_rule_id = "sgr-0d57e7af11a0f46a3" -> (known after apply)
~ source_security_group_id = "sg-0bdfbec43e2883daa" # forces replacement -> (known after apply) # forces replacement
# (7 unchanged attributes hidden)
}
# tls_private_key.client_vpn will be created
+ resource "tls_private_key" "client_vpn" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
# tls_self_signed_cert.client_vpn will be created
+ resource "tls_self_signed_cert" "client_vpn" {
+ allowed_uses = [
+ "key_encipherment",
+ "digital_signature",
+ "server_auth",
+ "ipsec_end_system",
+ "ipsec_tunnel",
+ "any_extended",
+ "cert_signing",
]
+ cert_pem = (known after apply)
+ early_renewal_hours = 672
+ id = (known after apply)
+ is_ca_certificate = false
+ key_algorithm = (known after apply)
+ private_key_pem = (sensitive value)
+ ready_for_renewal = false
+ set_authority_key_id = false
+ set_subject_key_id = false
+ validity_end_time = (known after apply)
+ validity_period_hours = 43800
+ validity_start_time = (known after apply)
+ subject {
+ common_name = "vpn.staging.notification.canada.ca"
}
}
# module.vpn.aws_cloudwatch_log_group.this will be created
+ resource "aws_cloudwatch_log_group" "this" {
+ arn = (known after apply)
+ id = (known after apply)
+ log_group_class = (known after apply)
+ name = "/aws/client-vpn-endpoint/private-subnets"
+ name_prefix = (known after apply)
+ retention_in_days = 14
+ skip_destroy = false
+ tags = {
+ "CostCentre" = "notification-canada-ca-staging"
+ "Source" = "cds-snc/terraform-modules/client_vpn"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "notification-canada-ca-staging"
+ "Source" = "cds-snc/terraform-modules/client_vpn"
+ "Terraform" = "true"
}
}
# module.vpn.aws_ec2_client_vpn_authorization_rule.this_internal_dns will be created
+ resource "aws_ec2_client_vpn_authorization_rule" "this_internal_dns" {
+ authorize_all_groups = true
+ client_vpn_endpoint_id = (known after apply)
+ description = "Authorization for private-subnets to DNS"
+ id = (known after apply)
+ target_network_cidr = "10.0.0.2/32"
}
# module.vpn.aws_ec2_client_vpn_endpoint.this will be created
+ resource "aws_ec2_client_vpn_endpoint" "this" {
+ arn = (known after apply)
+ client_cidr_block = "172.16.0.0/22"
+ description = "private-subnets"
+ dns_name = (known after apply)
+ dns_servers = [
+ "10.0.0.2",
+ "8.8.8.8",
]
+ id = (known after apply)
+ security_group_ids = (known after apply)
+ self_service_portal = "disabled"
+ self_service_portal_url = (known after apply)
+ server_certificate_arn = (known after apply)
+ session_timeout_hours = 8
+ split_tunnel = true
+ tags = {
+ "CostCentre" = "notification-canada-ca-staging"
+ "Source" = "cds-snc/terraform-modules/client_vpn"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "notification-canada-ca-staging"
+ "Source" = "cds-snc/terraform-modules/client_vpn"
+ "Terraform" = "true"
}
+ transport_protocol = "udp"
+ vpc_id = "vpc-097508d1f5e243195"
+ vpn_port = 443
+ authentication_options {
+ saml_provider_arn = (known after apply)
+ type = "federated-authentication"
}
+ client_login_banner_options {
+ banner_text = "Welcome to the Notify STAGING Environment. This is a private network. Only authorized users may connect and should take care not to cause service disruptions."
+ enabled = true
}
+ connection_log_options {
+ cloudwatch_log_group = "/aws/client-vpn-endpoint/private-subnets"
+ cloudwatch_log_stream = (known after apply)
+ enabled = true
}
}
# module.vpn.aws_ec2_client_vpn_network_association.this_subnets["subnet-001e585d12cce4d1e"] will be created
+ resource "aws_ec2_client_vpn_network_association" "this_subnets" {
+ association_id = (known after apply)
+ client_vpn_endpoint_id = (known after apply)
+ id = (known after apply)
+ subnet_id = "subnet-001e585d12cce4d1e"
+ vpc_id = (known after apply)
}
# module.vpn.aws_ec2_client_vpn_network_association.this_subnets["subnet-08de34a9e1a7458dc"] will be created
+ resource "aws_ec2_client_vpn_network_association" "this_subnets" {
+ association_id = (known after apply)
+ client_vpn_endpoint_id = (known after apply)
+ id = (known after apply)
+ subnet_id = "subnet-08de34a9e1a7458dc"
+ vpc_id = (known after apply)
}
# module.vpn.aws_ec2_client_vpn_network_association.this_subnets["subnet-0af8b8402f1d605ff"] will be created
+ resource "aws_ec2_client_vpn_network_association" "this_subnets" {
+ association_id = (known after apply)
+ client_vpn_endpoint_id = (known after apply)
+ id = (known after apply)
+ subnet_id = "subnet-0af8b8402f1d605ff"
+ vpc_id = (known after apply)
}
# module.vpn.aws_iam_saml_provider.client_vpn will be created
+ resource "aws_iam_saml_provider" "client_vpn" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "client-vpn"
+ saml_metadata_document = (sensitive value)
+ tags = {
+ "CostCentre" = "notification-canada-ca-staging"
+ "Source" = "cds-snc/terraform-modules/client_vpn"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "notification-canada-ca-staging"
+ "Source" = "cds-snc/terraform-modules/client_vpn"
+ "Terraform" = "true"
}
+ valid_until = (known after apply)
}
# module.vpn.aws_security_group.this will be created
+ resource "aws_security_group" "this" {
+ arn = (known after apply)
+ description = "Egress All. Used to allow access to other security groups."
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "client-vpn-endpoint-private-subnets"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "CostCentre" = "notification-canada-ca-staging"
+ "Source" = "cds-snc/terraform-modules/client_vpn"
+ "Terraform" = "true"
}
+ tags_all = {
+ "CostCentre" = "notification-canada-ca-staging"
+ "Source" = "cds-snc/terraform-modules/client_vpn"
+ "Terraform" = "true"
}
+ vpc_id = "vpc-097508d1f5e243195"
}
# module.vpn.aws_security_group_rule.egress_all will be created
+ resource "aws_security_group_rule" "egress_all" {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ from_port = 0
+ id = (known after apply)
+ protocol = "-1"
+ security_group_id = (known after apply)
+ security_group_rule_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 0
+ type = "egress"
}
Plan: 14 to add, 0 to change, 2 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.client_vpn"]
WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.notification-canada-ca"]
WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.notification-canada-ca-alt[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb.notification-canada-ca"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener.internal_alb_tls"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb_listener.notification-canada-ca"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.internal_nginx_http"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-admin"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-api"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-document"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-document-api"]
WARN - plan.json - main - Missing Common Tags: ["aws_alb_target_group.notification-canada-ca-documentation"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-cluster-logs[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-evicted-pods[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-pods-high-cpu-warning[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-pods-high-memory-warning[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.admin-replicas-unavailable[0]"]
WARN - plan.json - main - Missing Common Tags:... |
Staging: lambda-api✅ Terraform Init: Plan: 5 to add, 1 to change, 1 to destroyShow summary
Show planResource actions are indicated with the following symbols:
+ create
~ update in-place
+/- create replacement and then destroy
Terraform will perform the following actions:
# aws_api_gateway_account.main will be created
+ resource "aws_api_gateway_account" "main" {
+ api_key_version = (known after apply)
+ cloudwatch_role_arn = (known after apply)
+ features = (known after apply)
+ id = (known after apply)
+ throttle_settings = (known after apply)
}
# aws_api_gateway_deployment.api must be replaced
+/- resource "aws_api_gateway_deployment" "api" {
~ created_date = "2023-06-19T14:45:00Z" -> (known after apply)
~ execution_arn = "arn:aws:execute-api:ca-central-1:239043911459:74i43aysii/" -> (known after apply)
~ id = "pz9kw6" -> (known after apply)
~ invoke_url = "https://74i43aysii.execute-api.ca-central-1.amazonaws.com/" -> (known after apply)
~ triggers = { # forces replacement
~ "redeployment" = "771de08b434b39f13fbd080f8c35eb1d4c785b84" -> "b36f076ab4b108580e32ec9af1b0697a029145b0"
}
# (1 unchanged attribute hidden)
}
# aws_api_gateway_method_settings.api_settings will be created
+ resource "aws_api_gateway_method_settings" "api_settings" {
+ id = (known after apply)
+ method_path = "*/*"
+ rest_api_id = "74i43aysii"
+ stage_name = "v1"
+ settings {
+ cache_data_encrypted = true
+ cache_ttl_in_seconds = (known after apply)
+ caching_enabled = true
+ data_trace_enabled = false
+ logging_level = "INFO"
+ metrics_enabled = true
+ require_authorization_for_cache_control = (known after apply)
+ throttling_burst_limit = -1
+ throttling_rate_limit = -1
+ unauthorized_cache_control_header_strategy = (known after apply)
}
}
# aws_api_gateway_stage.api will be updated in-place
~ resource "aws_api_gateway_stage" "api" {
~ deployment_id = "pz9kw6" -> (known after apply)
id = "ags-74i43aysii-v1"
tags = {}
# (10 unchanged attributes hidden)
# (1 unchanged block hidden)
}
# aws_iam_role.main will be created
+ resource "aws_iam_role" "main" {
+ arn = (known after apply)
+ assume_role_policy = jsonencode(
{
+ Statement = [
+ {
+ Action = "sts:AssumeRole"
+ Effect = "Allow"
+ Principal = {
+ Service = "apigateway.amazonaws.com"
}
+ Sid = ""
},
]
+ Version = "2012-10-17"
}
)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "api-gateway-logs-role"
+ name_prefix = (known after apply)
+ path = "/"
+ tags_all = (known after apply)
+ unique_id = (known after apply)
}
# aws_iam_role_policy_attachment.main will be created
+ resource "aws_iam_role_policy_attachment" "main" {
+ id = (known after apply)
+ policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
+ role = "api-gateway-logs-role"
}
Plan: 5 to add, 1 to change, 1 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_domain_name.alt_api_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_domain_name.api"]
WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_domain_name.api_lambda"]
WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_rest_api.api"]
WARN - plan.json - main - Missing Common Tags: ["aws_api_gateway_stage.api"]
WARN - plan.json - main - Missing Common Tags: ["aws_appautoscaling_target.api"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.api_gateway_log_group"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.api_lambda_log_group[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.failed-login-count-5-minute-warning[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-1-error-1-minute-warning-lambda-api[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-1-error-1-minute-warning-salesforce-api[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.logs-10-error-5-minutes-critical-lambda-api[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.api"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.ecr"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.api"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.api_cloudwatch[0]"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.main"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_user.ecr-user"]
WARN - plan.json - main - Missing Common Tags: ["aws_kinesis_firehose_delivery_stream.firehose-api-lambda-waf-logs"]
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.api"]
WARN - plan.json - main - Missing Common Tags: ["aws_secretsmanager_secret.new-relic-license-key"]
WARN - plan.json - main - Missing Common Tags:... |
Staging: database-tools❌ Terraform Init: Show Init resultstime=2024-04-17T18:07:58Z level=error msg=/home/runner/work/notification-terraform/notification-terraform/env/staging/database-tools/terragrunt.hcl:55,11-12: Unclosed configuration block; There is no closing brace for this block before the end of the file. This may be caused by incorrect brace nesting elsewhere in this file.
time=2024-04-17T18:07:58Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
Show Validate resultstime=2024-04-17T18:07:58Z level=error msg=/home/runner/work/notification-terraform/notification-terraform/env/staging/database-tools/terragrunt.hcl:55,11-12: Unclosed configuration block; There is no closing brace for this block before the end of the file. This may be caused by incorrect brace nesting elsewhere in this file.
time=2024-04-17T18:07:58Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
Show plantime=2024-04-17T18:07:58Z level=error msg=/home/runner/work/notification-terraform/notification-terraform/env/staging/database-tools/terragrunt.hcl:55,11-12: Unclosed configuration block; There is no closing brace for this block before the end of the file. This may be caused by incorrect brace nesting elsewhere in this file.
time=2024-04-17T18:07:58Z level=error msg=Unable to determine underlying exit code, so Terragrunt will exit with error code 1
|
…rm into scratch-env
…rior to creating other dependent resources
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary | Résumé
Working on the BCP and documented and fixed the first 4 steps. Figured that's enough changes (plus we need to merge it to staging to work) for our first PR
Related Issues | Cartes liées
https://app.zenhub.com/workspaces/notify-planning-core-6411dfb7c95fb80014e0cab0/issues/gh/cds-snc/notification-planning-core/58
Test instructions | Instructions pour tester la modification
complete the documentation in SCRATCH!
Release Instructions | Instructions pour le déploiement
None.
Reviewer checklist | Liste de vérification du réviseur