Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: intro to squaremap with paper #249

Merged
merged 1 commit into from
Jun 26, 2024
Merged

feat: intro to squaremap with paper #249

merged 1 commit into from
Jun 26, 2024

Conversation

ShotaroMatsuya
Copy link
Owner

No description provided.

github-actions[bot]
github-actions bot previously approved these changes Jun 26, 2024
View reviewed changes
@github-actions GitHub Actions
Copy link

terraform/scheduling

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 1s [id=-]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
data.aws_sns_topic.my_sns: Reading...
module.custom_nlb.module.nlb.data.aws_partition.current: Reading...
data.aws_security_group.fargate_sg: Reading...
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_caller_identity.current: Reading...
data.aws_iam_role.task_execution_role: Reading...
data.aws_vpc.myvpc: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_nlb.module.nlb.data.aws_partition.current: Read complete after 0s [id=aws]
data.aws_kms_key.my_kms: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_region.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_region.current: Read complete after 0s [id=ap-northeast-1]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=2690255455]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
module.custom_lambda.module.user_action_filter_function.data.aws_caller_identity.current: Read complete after 0s [id=528163014577]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 0s [id=Z006257634KDWA8TCRYLE]
data.aws_kms_key.my_kms: Read complete after 1s [id=fbe3a2e1-dee7-431a-8206-9cd2092c08df]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-07934f64784cd1b97]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-080b3749ba65ae3d7]
data.aws_subnets.my_subnets: Reading...
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.custom_cloudwatch.aws_cloudwatch_log_group.firelens will be created
  + resource "aws_cloudwatch_log_group" "firelens" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/aws/ecs/minecraft-firelens-logs"
      + name_prefix       = (known after apply)
      + retention_in_days = 14
      + skip_destroy      = false
      + tags_all          = (known after apply)
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.cpu_utilization will be created
  + resource "aws_cloudwatch_metric_alarm" "cpu_utilization" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-cpu_utilization"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "CPUUtilization"
      + namespace                             = "AWS/ECS"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 90
      + treat_missing_data                    = "missing"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.memory_utilization will be created
  + resource "aws_cloudwatch_metric_alarm" "memory_utilization" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-memory_utilization"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "MemoryUtilization"
      + namespace                             = "AWS/ECS"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 80
      + treat_missing_data                    = "missing"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check will be created
  + resource "aws_cloudwatch_metric_alarm" "target_group_health_check" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_description                     = "This metric monitors ecs health status"
      + alarm_name                            = "minecraft-test-targetgroup_healthy"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + dimensions                            = (known after apply)
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "HealthyHostCount"
      + namespace                             = "AWS/NetworkELB"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 1
      + treat_missing_data                    = "breaching"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.task_running_count will be created
  + resource "aws_cloudwatch_metric_alarm" "task_running_count" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-task_running_count"
      + arn                                   = (known after apply)
      + comparison_operator                   = "LessThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "RunningTaskCount"
      + namespace                             = "ECS/ContainerInsights"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Sum"
      + tags_all                              = (known after apply)
      + threshold                             = 1
      + treat_missing_data                    = "missing"
    }

  # module.custom_domain.aws_route53_record.apps_dns will be created
  + resource "aws_route53_record" "apps_dns" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "minecraft.smat710.com"
      + type            = "A"
      + zone_id         = "Z006257634KDWA8TCRYLE"

      + alias {
          + evaluate_target_health = true
          + name                   = (sensitive value)
          + zone_id                = (sensitive value)
        }
    }

  # module.custom_domain.aws_route53_record.squaremap_dns will be created
  + resource "aws_route53_record" "squaremap_dns" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "square.smat710.com"
      + type            = "A"
      + zone_id         = "Z006257634KDWA8TCRYLE"

      + alias {
          + evaluate_target_health = false
          + name                   = (sensitive value)
          + zone_id                = (sensitive value)
        }
    }

  # module.custom_ecs.aws_ecs_cluster.main will be created
  + resource "aws_ecs_cluster" "main" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "minecraft-test-cluster"
      + tags     = {
          + "environment" = "test"
          + "owners"      = "minecraft"
        }
      + tags_all = {
          + "environment" = "test"
          + "owners"      = "minecraft"
        }

      + configuration {
          + execute_command_configuration {
              + logging = "DEFAULT"
            }
        }

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # module.custom_ecs.aws_ecs_service.main will be created
  + resource "aws_ecs_service" "main" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = true
      + health_check_grace_period_seconds  = 60
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "minecraft-test-service"
      + platform_version                   = "LATEST"
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = (known after apply)
      + task_definition                    = "minecraft-test"
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + deployment_circuit_breaker {
          + enable   = true
          + rollback = true
        }

      + deployment_controller {
          + type = "ECS"
        }

      + load_balancer {
          + container_name   = "minecraft"
          + container_port   = 25565
          + target_group_arn = (known after apply)
        }
      + load_balancer {
          + container_name   = "minecraft"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = true
          + security_groups  = [
              + "sg-07934f64784cd1b97",
            ]
          + subnets          = [
              + "subnet-038ab87acb09d9140",
              + "subnet-0b514cfc7d0eb8f87",
            ]
        }
    }

  # module.custom_ecs.aws_ecs_task_definition.main will be created
  + resource "aws_ecs_task_definition" "main" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (sensitive value)
      + cpu                      = "2048"
      + execution_role_arn       = "arn:aws:iam::528163014577:role/minecraft-test-ecs_tasks_execution-role"
      + family                   = "minecraft-test"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags_all                 = (known after apply)
      + task_role_arn            = "arn:aws:iam::528163014577:role/ecs_tasks-minecraft-test-role"
      + track_latest             = false

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "data"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "log-volume"
        }
    }

  # module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"] will be created
  + resource "aws_cloudwatch_log_subscription_filter" "user-action_subscription" {
      + destination_arn = (known after apply)
      + distribution    = "ByLogStream"
      + filter_pattern  = "{ ($.level = \"ERROR\")}"
      + id              = (known after apply)
      + log_group_name  = "/aws/ecs/minecraft-firelens-logs"
      + name            = "user-action-subscription-0"
      + role_arn        = (known after apply)
    }

  # module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"] will be created
  + resource "aws_cloudwatch_log_subscription_filter" "user-action_subscription" {
      + destination_arn = (known after apply)
      + distribution    = "ByLogStream"
      + filter_pattern  = (sensitive value)
      + id              = (known after apply)
      + log_group_name  = "/aws/ecs/minecraft-firelens-logs"
      + name            = "user-action-subscription-1"
      + role_arn        = (known after apply)
    }

  # module.custom_lambda.aws_lambda_permission.log_permission will be created
  + resource "aws_lambda_permission" "log_permission" {
      + action              = "lambda:InvokeFunction"
      + function_name       = (known after apply)
      + id                  = (known after apply)
      + principal           = "logs.ap-northeast-1.amazonaws.com"
      + source_arn          = "arn:aws:logs:ap-northeast-1:528163014577:log-group:/aws/ecs/minecraft-firelens-logs:*"
      + statement_id        = (known after apply)
      + statement_id_prefix = (known after apply)
    }

  # module.custom_nlb.null_resource.send_slack_notification will be created
  + resource "null_resource" "send_slack_notification" {
      + id = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "logs" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = (known after apply)
        }
    }

  # module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0] will be created
  + resource "aws_cloudwatch_log_group" "lambda" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/aws/lambda/user-action-filter-function"
      + name_prefix       = (known after apply)
      + retention_in_days = 0
      + skip_destroy      = false
      + tags_all          = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0] will be created
  + resource "aws_iam_policy" "additional_json" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = "user-action-filter-function"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "SNS:Publish",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic"
                      + Sid      = ""
                    },
                  + {
                      + Action   = [
                          + "logs:CreateLogGroup",
                          + "logs:CreateLogStream",
                          + "logs:PutLogEvents",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:logs:ap-northeast-1:528163014577:log-group:/aws/ecs/minecraft-firelens-logs:*"
                      + Sid      = ""
                    },
                  + {
                      + Action   = [
                          + "kms:GenerateDataKey",
                          + "kms:Decrypt",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:kms:ap-northeast-1:528163014577:key/fbe3a2e1-dee7-431a-8206-9cd2092c08df"
                      + Sid      = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0] will be created
  + resource "aws_iam_policy" "logs" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = "user-action-filter-function-logs"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0] will be created
  + resource "aws_iam_role" "lambda" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "lambda.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = true
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "user-action-filter-function"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0] will be created
  + resource "aws_iam_role_policy_attachment" "additional_json" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "user-action-filter-function"
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0] will be created
  + resource "aws_iam_role_policy_attachment" "logs" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "user-action-filter-function"
    }

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be created
  + resource "aws_lambda_function" "this" {
      + architectures                  = [
          + "x86_64",
        ]
      + arn                            = (known after apply)
      + code_sha256                    = (known after apply)
      + description                    = "My awsome lambda function"
      + filename                       = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
      + function_name                  = "user-action-filter-function"
      + handler                        = "index.lambda_handler"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + package_type                   = "Zip"
      + publish                        = true
      + qualified_arn                  = (known after apply)
      + qualified_invoke_arn           = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = (known after apply)
      + runtime                        = "python3.9"
      + signing_job_arn                = (known after apply)
      + signing_profile_version_arn    = (known after apply)
      + skip_destroy                   = false
      + source_code_hash               = (known after apply)
      + source_code_size               = (known after apply)
      + tags                           = {
          + "terraform-aws-modules" = "lambda"
        }
      + tags_all                       = {
          + "terraform-aws-modules" = "lambda"
        }
      + timeout                        = 360
      + version                        = (known after apply)

      + environment {
          + variables = {
              + "ALARM_SUBJECT" = "【UserEvent Notification】"
              + "SNS_TOPIC_ARN" = "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic"
              + "WEB_HOOK_URL"  = (sensitive value)
            }
        }

      + ephemeral_storage {
          + size = 512
        }

      + logging_config {
          + log_format = "Text"
          + log_group  = (known after apply)
        }
    }

  # module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0] will be created
  + resource "local_file" "archive_plan" {
      + content              = jsonencode(
            {
              + artifacts_dir = "builds"
              + build_plan    = [
                  + [
                      + "zip",
                      + "../modules/lambda/fixtures/python3.9/index.py",
                      + null,
                    ],
                ]
              + filename      = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
              + runtime       = "python3.9"
            }
        )
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0755"
      + file_permission      = "0644"
      + filename             = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.plan.json"
      + id                   = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] will be created
  + resource "null_resource" "archive" {
      + id       = (known after apply)
      + triggers = {
          + "filename"  = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
          + "timestamp" = "<WARNING: Missing lambda zip artifacts wouldn't be restored>"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb.this[0] will be created
  + resource "aws_lb" "this" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + dns_name                                                     = (known after apply)
      + dns_record_client_routing_policy                             = "any_availability_zone"
      + enable_cross_zone_load_balancing                             = true
      + enable_deletion_protection                                   = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = "off"
      + id                                                           = (known after apply)
      + internal                                                     = (known after apply)
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "network"
      + name                                                         = "minecraft-test-nlb"
      + name_prefix                                                  = (known after apply)
      + security_groups                                              = (known after apply)
      + subnets                                                      = [
          + "subnet-038ab87acb09d9140",
          + "subnet-0b514cfc7d0eb8f87",
        ]
      + tags                                                         = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                                                     = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + vpc_id                                                       = (known after apply)
      + zone_id                                                      = (known after apply)

      + timeouts {}
    }

  # module.custom_nlb.module.nlb.aws_lb_listener.this["ex-one"] will be created
  + resource "aws_lb_listener" "this" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 25565
      + protocol          = "TCP"
      + ssl_policy        = (known after apply)
      + tags              = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all          = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_listener.this["ex-two"] will be created
  + resource "aws_lb_listener" "this" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 8080
      + protocol          = "TCP"
      + ssl_policy        = (known after apply)
      + tags              = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all          = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_target_group.this["ex-target-one"] will be created
  + resource "aws_lb_target_group" "this" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "10"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = "false"
      + name                               = (known after apply)
      + name_prefix                        = (known after apply)
      + port                               = 25565
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "TCP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                           = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + target_type                        = "ip"
      + vpc_id                             = "vpc-080b3749ba65ae3d7"

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = (known after apply)
          + path                = (known after apply)
          + port                = "traffic-port"
          + protocol            = "TCP"
          + timeout             = 5
          + unhealthy_threshold = 2
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_target_group.this["ex-target-two"] will be created
  + resource "aws_lb_target_group" "this" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "10"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = "false"
      + name                               = (known after apply)
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "TCP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                           = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + target_type                        = "ip"
      + vpc_id                             = "vpc-080b3749ba65ae3d7"
    }

  # module.custom_nlb.module.nlb.aws_security_group.this[0] will be created
  + resource "aws_security_group" "this" {
      + arn                    = (known after apply)
      + description            = "Security group for minecraft-test-nlb network load balancer"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "minecraft-test-nlb-"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + vpc_id                 = "vpc-080b3749ba65ae3d7"
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_egress_rule.this["all"] will be created
  + resource "aws_vpc_security_group_egress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "10.0.0.0/16"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_ingress_rule.this["app_tcp"] will be created
  + resource "aws_vpc_security_group_ingress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "TCP traffic"
      + from_port              = 25565
      + id                     = (known after apply)
      + ip_protocol            = "tcp"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + to_port                = 25565
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_ingress_rule.this["map_tcp"] will be created
  + resource "aws_vpc_security_group_ingress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "TCP traffic"
      + from_port              = 8080
      + id                     = (known after apply)
      + ip_protocol            = "tcp"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + to_port                = 8080
    }

Plan: 32 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ecs_task_definition       = (sensitive value)
  + nlb_target_group_arns     = [
      + (known after apply),
      + (known after apply),
    ]
  + target_group_arn_suffixes = [
      + (known after apply),
      + (known after apply),
    ]

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

terraform/keeping

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_slash_command.module.dispatch_backup_function.data.external.archive_prepare[0]: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=43add1749d6d9832e0a8fca0784941273380c63a]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_caller_identity.current: Reading...
module.custom_slash_command.module.dispatch_backup_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/dispatch_workflow_from_slack-function]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/dispatch_workflow_from_slack-function]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-080b3749ba65ae3d7]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=2690255455]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_slash_command.module.dispatch_backup_function.data.aws_caller_identity.current: Read complete after 1s [id=528163014577]
module.custom_slash_command.module.dispatch_backup_function.data.aws_partition.current: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_slash_command.module.dispatch_backup_function.data.aws_region.current: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_region.current: Read complete after 0s [id=ap-northeast-1]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role.lambda[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=fbe3a2e1-dee7-431a-8206-9cd2092c08df]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231214232321650500000002]
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=1844424421]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/dispatch_workflow_from_slack-function-logs]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231214232322111300000003]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_slash_command.module.dispatch_backup_function.data.external.archive_prepare[0]: Read complete after 1s [id=-]
module.custom_slash_command.module.dispatch_backup_function.local_file.archive_plan[0]: Refreshing state... [id=78f2020f239be6309b8af0fd851b4b39b0176a7d]
module.custom_slash_command.module.dispatch_backup_function.null_resource.archive[0]: Refreshing state... [id=6253861544655385946]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=dispatch_workflow_from_slack-function-20231214232321636700000001]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=dispatch_workflow_from_slack-function-20231214232322152400000004]
module.custom_slash_command.module.dispatch_backup_function.aws_lambda_function.this[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]
module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias: Refreshing state... [id=alias/cwa/for_encrypt_sns_topic]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
null_resource.name: Refreshing state... [id=7654444806662221133]
module.custom_vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0af9255bf2de56654]
module.custom_vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-0be4b180c2baaa074]
module.custom_vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-019542f68b3faf486]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-07934f64784cd1b97]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0b514cfc7d0eb8f87]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-05d700a42174e6bfa]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-038ab87acb09d9140]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-0c61e63473f694831]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09e08a3f393bc9cdd]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:dc0a832c-07a7-4d2f-8e2b-6de364155c79]
module.custom_slash_command.module.dispatch_backup_function.aws_lambda_function_url.this[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/ca09cc70-9ad7-11ee-83e2-0e9630bea38d]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09e08a3f393bc9cdd1080289494]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-2244126218]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3461214470]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3776291969]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1006910212]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1937134738]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0dd79ede70dc8f571]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-04380aaba84b96660]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+/- create replacement and then destroy

Terraform will perform the following actions:

  # module.custom_slash_command.module.dispatch_backup_function.null_resource.archive[0] must be replaced
+/- resource "null_resource" "archive" {
      ~ id       = "6253861544655385946" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1719363661912456000" -> "1719413425152170000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

Snyk Scan docker/minecraft/Dockerfile

Show Results 
Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   deb
Target file:       docker/minecraft/Dockerfile
Project name:      docker-image|minecraft/server
Docker image:      minecraft/server:latest
Platform:          linux/amd64
Base image:        itzg/minecraft-server@sha256:094fe93d45e1887eebfc0a3ce1f8320aa3df91334ab271aead6b3fe54cc132b1
Licenses:          enabled

✔ Tested 328 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /image
Project name:      minecraft/server:latest:/image
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Tested 73 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.scala-lang:scala-library@2.13.1 to org.scala-lang:scala-library@2.13.9 to fix
  ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in org.scala-lang:scala-library@2.13.1
    introduced by org.scala-lang:scala-library@2.13.1



Organization:      shotaromatsuya
Package manager:   maven
Target file:       /usr/share/mc-image-helper-1.39.0/lib
Project name:      minecraft/server:latest:/usr/share/mc-image-helper-1.39.0/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /opt/java/openjdk/lib
Project name:      minecraft/server:latest:/opt/java/openjdk/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-server-runner
Project name:      github.com/itzg/mc-server-runner
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 24 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-monitor
Project name:      github.com/itzg/mc-monitor
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 54 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/rcon-cli
Project name:      github.com/itzg/rcon-cli
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 45 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/restify
Project name:      github.com/itzg/restify
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/easy-add
Project name:      easy-add
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 2 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Allocation of Resources Without Limits or Throttling
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285
  Introduced through: golang.org/x/net/http2@v0.17.0
  From: golang.org/x/net/http2@v0.17.0
  Fixed in: 0.23.0



Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/git-lfs
Project name:      github.com/git-lfs/git-lfs/v3
Docker image:      minecraft/server:latest
Licenses:          enabled

Tested 63 dependencies for known issues, found 1 issue.

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`


Tested 10 projects, 2 contained vulnerable paths.```

</details>

github-actions[bot]
github-actions bot previously approved these changes Jun 26, 2024
View reviewed changes
@github-actions GitHub Actions
Copy link

Snyk Scan docker/minecraft/Dockerfile

Show Results 
Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   deb
Target file:       docker/minecraft/Dockerfile
Project name:      docker-image|minecraft/server
Docker image:      minecraft/server:latest
Platform:          linux/amd64
Base image:        itzg/minecraft-server@sha256:094fe93d45e1887eebfc0a3ce1f8320aa3df91334ab271aead6b3fe54cc132b1
Licenses:          enabled

✔ Tested 328 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /image
Project name:      minecraft/server:latest:/image
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Tested 73 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.scala-lang:scala-library@2.13.1 to org.scala-lang:scala-library@2.13.9 to fix
  ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in org.scala-lang:scala-library@2.13.1
    introduced by org.scala-lang:scala-library@2.13.1



Organization:      shotaromatsuya
Package manager:   maven
Target file:       /usr/share/mc-image-helper-1.39.0/lib
Project name:      minecraft/server:latest:/usr/share/mc-image-helper-1.39.0/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /opt/java/openjdk/lib
Project name:      minecraft/server:latest:/opt/java/openjdk/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-server-runner
Project name:      github.com/itzg/mc-server-runner
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 24 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-monitor
Project name:      github.com/itzg/mc-monitor
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 54 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/rcon-cli
Project name:      github.com/itzg/rcon-cli
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 45 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/restify
Project name:      github.com/itzg/restify
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/easy-add
Project name:      easy-add
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 2 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Allocation of Resources Without Limits or Throttling
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285
  Introduced through: golang.org/x/net/http2@v0.17.0
  From: golang.org/x/net/http2@v0.17.0
  Fixed in: 0.23.0



Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/git-lfs
Project name:      github.com/git-lfs/git-lfs/v3
Docker image:      minecraft/server:latest
Licenses:          enabled

Tested 63 dependencies for known issues, found 1 issue.

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`


Tested 10 projects, 2 contained vulnerable paths.```

</details>

@github-actions GitHub Actions
Copy link

terraform/scheduling

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 1s [id=-]
data.aws_sns_topic.my_sns: Reading...
data.aws_security_group.fargate_sg: Reading...
data.aws_iam_role.task_execution_role: Reading...
module.custom_nlb.module.nlb.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_caller_identity.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=2690255455]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_nlb.module.nlb.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_region.current: Reading...
data.aws_vpc.myvpc: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_region.current: Read complete after 0s [id=ap-northeast-1]
data.aws_kms_key.my_kms: Reading...
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 0s [id=Z006257634KDWA8TCRYLE]
module.custom_lambda.module.user_action_filter_function.data.aws_caller_identity.current: Read complete after 0s [id=528163014577]
data.aws_kms_key.my_kms: Read complete after 0s [id=fbe3a2e1-dee7-431a-8206-9cd2092c08df]
data.aws_sns_topic.my_sns: Read complete after 0s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-07934f64784cd1b97]
data.aws_vpc.myvpc: Read complete after 1s [id=vpc-080b3749ba65ae3d7]
data.aws_subnets.my_subnets: Reading...
data.aws_subnets.my_subnets: Read complete after 1s [id=ap-northeast-1]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.custom_cloudwatch.aws_cloudwatch_log_group.firelens will be created
  + resource "aws_cloudwatch_log_group" "firelens" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/aws/ecs/minecraft-firelens-logs"
      + name_prefix       = (known after apply)
      + retention_in_days = 14
      + skip_destroy      = false
      + tags_all          = (known after apply)
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.cpu_utilization will be created
  + resource "aws_cloudwatch_metric_alarm" "cpu_utilization" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-cpu_utilization"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "CPUUtilization"
      + namespace                             = "AWS/ECS"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 90
      + treat_missing_data                    = "missing"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.memory_utilization will be created
  + resource "aws_cloudwatch_metric_alarm" "memory_utilization" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-memory_utilization"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "MemoryUtilization"
      + namespace                             = "AWS/ECS"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 80
      + treat_missing_data                    = "missing"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check will be created
  + resource "aws_cloudwatch_metric_alarm" "target_group_health_check" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_description                     = "This metric monitors ecs health status"
      + alarm_name                            = "minecraft-test-targetgroup_healthy"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + dimensions                            = (known after apply)
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "HealthyHostCount"
      + namespace                             = "AWS/NetworkELB"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 1
      + treat_missing_data                    = "breaching"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.task_running_count will be created
  + resource "aws_cloudwatch_metric_alarm" "task_running_count" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-task_running_count"
      + arn                                   = (known after apply)
      + comparison_operator                   = "LessThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "RunningTaskCount"
      + namespace                             = "ECS/ContainerInsights"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Sum"
      + tags_all                              = (known after apply)
      + threshold                             = 1
      + treat_missing_data                    = "missing"
    }

  # module.custom_domain.aws_route53_record.apps_dns will be created
  + resource "aws_route53_record" "apps_dns" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "minecraft.smat710.com"
      + type            = "A"
      + zone_id         = "Z006257634KDWA8TCRYLE"

      + alias {
          + evaluate_target_health = true
          + name                   = (sensitive value)
          + zone_id                = (sensitive value)
        }
    }

  # module.custom_domain.aws_route53_record.squaremap_dns will be created
  + resource "aws_route53_record" "squaremap_dns" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "square.smat710.com"
      + type            = "A"
      + zone_id         = "Z006257634KDWA8TCRYLE"

      + alias {
          + evaluate_target_health = false
          + name                   = (sensitive value)
          + zone_id                = (sensitive value)
        }
    }

  # module.custom_ecs.aws_ecs_cluster.main will be created
  + resource "aws_ecs_cluster" "main" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "minecraft-test-cluster"
      + tags     = {
          + "environment" = "test"
          + "owners"      = "minecraft"
        }
      + tags_all = {
          + "environment" = "test"
          + "owners"      = "minecraft"
        }

      + configuration {
          + execute_command_configuration {
              + logging = "DEFAULT"
            }
        }

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # module.custom_ecs.aws_ecs_service.main will be created
  + resource "aws_ecs_service" "main" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = true
      + health_check_grace_period_seconds  = 60
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "minecraft-test-service"
      + platform_version                   = "LATEST"
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = (known after apply)
      + task_definition                    = "minecraft-test"
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + deployment_circuit_breaker {
          + enable   = true
          + rollback = true
        }

      + deployment_controller {
          + type = "ECS"
        }

      + load_balancer {
          + container_name   = "minecraft"
          + container_port   = 25565
          + target_group_arn = (known after apply)
        }
      + load_balancer {
          + container_name   = "minecraft"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = true
          + security_groups  = [
              + "sg-07934f64784cd1b97",
            ]
          + subnets          = [
              + "subnet-038ab87acb09d9140",
              + "subnet-0b514cfc7d0eb8f87",
            ]
        }
    }

  # module.custom_ecs.aws_ecs_task_definition.main will be created
  + resource "aws_ecs_task_definition" "main" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (sensitive value)
      + cpu                      = "2048"
      + execution_role_arn       = "arn:aws:iam::528163014577:role/minecraft-test-ecs_tasks_execution-role"
      + family                   = "minecraft-test"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags_all                 = (known after apply)
      + task_role_arn            = "arn:aws:iam::528163014577:role/ecs_tasks-minecraft-test-role"
      + track_latest             = false

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "data"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "log-volume"
        }
    }

  # module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"] will be created
  + resource "aws_cloudwatch_log_subscription_filter" "user-action_subscription" {
      + destination_arn = (known after apply)
      + distribution    = "ByLogStream"
      + filter_pattern  = "{ ($.level = \"ERROR\")}"
      + id              = (known after apply)
      + log_group_name  = "/aws/ecs/minecraft-firelens-logs"
      + name            = "user-action-subscription-0"
      + role_arn        = (known after apply)
    }

  # module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"] will be created
  + resource "aws_cloudwatch_log_subscription_filter" "user-action_subscription" {
      + destination_arn = (known after apply)
      + distribution    = "ByLogStream"
      + filter_pattern  = (sensitive value)
      + id              = (known after apply)
      + log_group_name  = "/aws/ecs/minecraft-firelens-logs"
      + name            = "user-action-subscription-1"
      + role_arn        = (known after apply)
    }

  # module.custom_lambda.aws_lambda_permission.log_permission will be created
  + resource "aws_lambda_permission" "log_permission" {
      + action              = "lambda:InvokeFunction"
      + function_name       = (known after apply)
      + id                  = (known after apply)
      + principal           = "logs.ap-northeast-1.amazonaws.com"
      + source_arn          = "arn:aws:logs:ap-northeast-1:528163014577:log-group:/aws/ecs/minecraft-firelens-logs:*"
      + statement_id        = (known after apply)
      + statement_id_prefix = (known after apply)
    }

  # module.custom_nlb.null_resource.send_slack_notification will be created
  + resource "null_resource" "send_slack_notification" {
      + id = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "logs" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = (known after apply)
        }
    }

  # module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0] will be created
  + resource "aws_cloudwatch_log_group" "lambda" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/aws/lambda/user-action-filter-function"
      + name_prefix       = (known after apply)
      + retention_in_days = 0
      + skip_destroy      = false
      + tags_all          = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0] will be created
  + resource "aws_iam_policy" "additional_json" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = "user-action-filter-function"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "SNS:Publish",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic"
                      + Sid      = ""
                    },
                  + {
                      + Action   = [
                          + "logs:CreateLogGroup",
                          + "logs:CreateLogStream",
                          + "logs:PutLogEvents",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:logs:ap-northeast-1:528163014577:log-group:/aws/ecs/minecraft-firelens-logs:*"
                      + Sid      = ""
                    },
                  + {
                      + Action   = [
                          + "kms:GenerateDataKey",
                          + "kms:Decrypt",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:kms:ap-northeast-1:528163014577:key/fbe3a2e1-dee7-431a-8206-9cd2092c08df"
                      + Sid      = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0] will be created
  + resource "aws_iam_policy" "logs" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = "user-action-filter-function-logs"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0] will be created
  + resource "aws_iam_role" "lambda" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "lambda.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = true
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "user-action-filter-function"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0] will be created
  + resource "aws_iam_role_policy_attachment" "additional_json" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "user-action-filter-function"
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0] will be created
  + resource "aws_iam_role_policy_attachment" "logs" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "user-action-filter-function"
    }

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be created
  + resource "aws_lambda_function" "this" {
      + architectures                  = [
          + "x86_64",
        ]
      + arn                            = (known after apply)
      + code_sha256                    = (known after apply)
      + description                    = "My awsome lambda function"
      + filename                       = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
      + function_name                  = "user-action-filter-function"
      + handler                        = "index.lambda_handler"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + package_type                   = "Zip"
      + publish                        = true
      + qualified_arn                  = (known after apply)
      + qualified_invoke_arn           = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = (known after apply)
      + runtime                        = "python3.9"
      + signing_job_arn                = (known after apply)
      + signing_profile_version_arn    = (known after apply)
      + skip_destroy                   = false
      + source_code_hash               = (known after apply)
      + source_code_size               = (known after apply)
      + tags                           = {
          + "terraform-aws-modules" = "lambda"
        }
      + tags_all                       = {
          + "terraform-aws-modules" = "lambda"
        }
      + timeout                        = 360
      + version                        = (known after apply)

      + environment {
          + variables = {
              + "ALARM_SUBJECT" = "【UserEvent Notification】"
              + "SNS_TOPIC_ARN" = "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic"
              + "WEB_HOOK_URL"  = (sensitive value)
            }
        }

      + ephemeral_storage {
          + size = 512
        }

      + logging_config {
          + log_format = "Text"
          + log_group  = (known after apply)
        }
    }

  # module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0] will be created
  + resource "local_file" "archive_plan" {
      + content              = jsonencode(
            {
              + artifacts_dir = "builds"
              + build_plan    = [
                  + [
                      + "zip",
                      + "../modules/lambda/fixtures/python3.9/index.py",
                      + null,
                    ],
                ]
              + filename      = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
              + runtime       = "python3.9"
            }
        )
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0755"
      + file_permission      = "0644"
      + filename             = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.plan.json"
      + id                   = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] will be created
  + resource "null_resource" "archive" {
      + id       = (known after apply)
      + triggers = {
          + "filename"  = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
          + "timestamp" = "<WARNING: Missing lambda zip artifacts wouldn't be restored>"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb.this[0] will be created
  + resource "aws_lb" "this" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + dns_name                                                     = (known after apply)
      + dns_record_client_routing_policy                             = "any_availability_zone"
      + enable_cross_zone_load_balancing                             = true
      + enable_deletion_protection                                   = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = "off"
      + id                                                           = (known after apply)
      + internal                                                     = (known after apply)
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "network"
      + name                                                         = "minecraft-test-nlb"
      + name_prefix                                                  = (known after apply)
      + security_groups                                              = (known after apply)
      + subnets                                                      = [
          + "subnet-038ab87acb09d9140",
          + "subnet-0b514cfc7d0eb8f87",
        ]
      + tags                                                         = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                                                     = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + vpc_id                                                       = (known after apply)
      + zone_id                                                      = (known after apply)

      + timeouts {}
    }

  # module.custom_nlb.module.nlb.aws_lb_listener.this["ex-one"] will be created
  + resource "aws_lb_listener" "this" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 25565
      + protocol          = "TCP"
      + ssl_policy        = (known after apply)
      + tags              = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all          = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_listener.this["ex-two"] will be created
  + resource "aws_lb_listener" "this" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 8080
      + protocol          = "TCP"
      + ssl_policy        = (known after apply)
      + tags              = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all          = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_target_group.this["ex-target-one"] will be created
  + resource "aws_lb_target_group" "this" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "10"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = "false"
      + name                               = (known after apply)
      + name_prefix                        = (known after apply)
      + port                               = 25565
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "TCP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                           = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + target_type                        = "ip"
      + vpc_id                             = "vpc-080b3749ba65ae3d7"

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = (known after apply)
          + path                = (known after apply)
          + port                = "traffic-port"
          + protocol            = "TCP"
          + timeout             = 5
          + unhealthy_threshold = 2
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_target_group.this["ex-target-two"] will be created
  + resource "aws_lb_target_group" "this" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "10"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = "false"
      + name                               = (known after apply)
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "TCP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                           = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + target_type                        = "ip"
      + vpc_id                             = "vpc-080b3749ba65ae3d7"
    }

  # module.custom_nlb.module.nlb.aws_security_group.this[0] will be created
  + resource "aws_security_group" "this" {
      + arn                    = (known after apply)
      + description            = "Security group for minecraft-test-nlb network load balancer"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "minecraft-test-nlb-"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + vpc_id                 = "vpc-080b3749ba65ae3d7"
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_egress_rule.this["all"] will be created
  + resource "aws_vpc_security_group_egress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "10.0.0.0/16"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_ingress_rule.this["app_tcp"] will be created
  + resource "aws_vpc_security_group_ingress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "TCP traffic"
      + from_port              = 25565
      + id                     = (known after apply)
      + ip_protocol            = "tcp"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + to_port                = 25565
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_ingress_rule.this["map_tcp"] will be created
  + resource "aws_vpc_security_group_ingress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "TCP traffic"
      + from_port              = 8080
      + id                     = (known after apply)
      + ip_protocol            = "tcp"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + to_port                = 8080
    }

Plan: 32 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ecs_task_definition       = (sensitive value)
  + nlb_target_group_arns     = [
      + (known after apply),
      + (known after apply),
    ]
  + target_group_arn_suffixes = [
      + (known after apply),
      + (known after apply),
    ]

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

terraform/keeping

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_slash_command.module.dispatch_backup_function.data.external.archive_prepare[0]: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=43add1749d6d9832e0a8fca0784941273380c63a]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_slash_command.module.dispatch_backup_function.data.aws_partition.current: Reading...
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-080b3749ba65ae3d7]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/dispatch_workflow_from_slack-function]
module.custom_slash_command.module.dispatch_backup_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=2690255455]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_slash_command.module.dispatch_backup_function.data.aws_caller_identity.current: Reading...
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_slash_command.module.dispatch_backup_function.data.aws_caller_identity.current: Read complete after 0s [id=528163014577]
module.custom_slash_command.module.dispatch_backup_function.data.aws_region.current: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_region.current: Read complete after 0s [id=ap-northeast-1]
module.custom_slash_command.module.dispatch_backup_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/dispatch_workflow_from_slack-function]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=fbe3a2e1-dee7-431a-8206-9cd2092c08df]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role.lambda[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231214232322111300000003]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231214232321650500000002]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=1844424421]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/dispatch_workflow_from_slack-function-logs]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=dispatch_workflow_from_slack-function-20231214232321636700000001]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=dispatch_workflow_from_slack-function-20231214232322152400000004]
module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias: Refreshing state... [id=alias/cwa/for_encrypt_sns_topic]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-019542f68b3faf486]
module.custom_vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-0be4b180c2baaa074]
null_resource.name: Refreshing state... [id=7654444806662221133]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-0c61e63473f694831]
module.custom_vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0af9255bf2de56654]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-05d700a42174e6bfa]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-07934f64784cd1b97]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09e08a3f393bc9cdd]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0b514cfc7d0eb8f87]
module.custom_slash_command.module.dispatch_backup_function.data.external.archive_prepare[0]: Read complete after 2s [id=-]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-038ab87acb09d9140]
module.custom_slash_command.module.dispatch_backup_function.local_file.archive_plan[0]: Refreshing state... [id=78f2020f239be6309b8af0fd851b4b39b0176a7d]
module.custom_slash_command.module.dispatch_backup_function.null_resource.archive[0]: Refreshing state... [id=6253861544655385946]
module.custom_slash_command.module.dispatch_backup_function.aws_lambda_function.this[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:dc0a832c-07a7-4d2f-8e2b-6de364155c79]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/ca09cc70-9ad7-11ee-83e2-0e9630bea38d]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09e08a3f393bc9cdd1080289494]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1937134738]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-2244126218]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3461214470]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3776291969]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1006910212]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-04380aaba84b96660]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0dd79ede70dc8f571]
module.custom_slash_command.module.dispatch_backup_function.aws_lambda_function_url.this[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+/- create replacement and then destroy

Terraform will perform the following actions:

  # module.custom_slash_command.module.dispatch_backup_function.null_resource.archive[0] must be replaced
+/- resource "null_resource" "archive" {
      ~ id       = "6253861544655385946" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1719363661912456000" -> "1719413956771899000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

Snyk Scan docker/minecraft/Dockerfile

Show Results 
Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   deb
Target file:       docker/minecraft/Dockerfile
Project name:      docker-image|minecraft/server
Docker image:      minecraft/server:latest
Platform:          linux/amd64
Base image:        itzg/minecraft-server@sha256:094fe93d45e1887eebfc0a3ce1f8320aa3df91334ab271aead6b3fe54cc132b1
Licenses:          enabled

✔ Tested 328 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /image
Project name:      minecraft/server:latest:/image
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Tested 73 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.scala-lang:scala-library@2.13.1 to org.scala-lang:scala-library@2.13.9 to fix
  ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in org.scala-lang:scala-library@2.13.1
    introduced by org.scala-lang:scala-library@2.13.1



Organization:      shotaromatsuya
Package manager:   maven
Target file:       /usr/share/mc-image-helper-1.39.0/lib
Project name:      minecraft/server:latest:/usr/share/mc-image-helper-1.39.0/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /opt/java/openjdk/lib
Project name:      minecraft/server:latest:/opt/java/openjdk/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-server-runner
Project name:      github.com/itzg/mc-server-runner
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 24 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-monitor
Project name:      github.com/itzg/mc-monitor
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 54 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/rcon-cli
Project name:      github.com/itzg/rcon-cli
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 45 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/restify
Project name:      github.com/itzg/restify
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/easy-add
Project name:      easy-add
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 2 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Allocation of Resources Without Limits or Throttling
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285
  Introduced through: golang.org/x/net/http2@v0.17.0
  From: golang.org/x/net/http2@v0.17.0
  Fixed in: 0.23.0



Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/git-lfs
Project name:      github.com/git-lfs/git-lfs/v3
Docker image:      minecraft/server:latest
Licenses:          enabled

Tested 63 dependencies for known issues, found 1 issue.

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`


Tested 10 projects, 2 contained vulnerable paths.```

</details>

@github-actions GitHub Actions
Copy link

terraform/scheduling

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_caller_identity.current: Reading...
module.custom_nlb.module.nlb.data.aws_partition.current: Reading...
data.aws_security_group.fargate_sg: Reading...
data.aws_sns_topic.my_sns: Reading...
data.aws_vpc.myvpc: Reading...
data.aws_iam_role.task_execution_role: Reading...
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_nlb.module.nlb.data.aws_partition.current: Read complete after 0s [id=aws]
data.aws_kms_key.my_kms: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_region.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_region.current: Read complete after 0s [id=ap-northeast-1]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=2690255455]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 1s [id=-]
module.custom_lambda.module.user_action_filter_function.data.aws_caller_identity.current: Read complete after 0s [id=528163014577]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 0s [id=Z006257634KDWA8TCRYLE]
data.aws_kms_key.my_kms: Read complete after 0s [id=fbe3a2e1-dee7-431a-8206-9cd2092c08df]
data.aws_sns_topic.my_sns: Read complete after 0s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-07934f64784cd1b97]
data.aws_vpc.myvpc: Read complete after 1s [id=vpc-080b3749ba65ae3d7]
data.aws_subnets.my_subnets: Reading...
data.aws_subnets.my_subnets: Read complete after 1s [id=ap-northeast-1]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # module.custom_cloudwatch.aws_cloudwatch_log_group.firelens will be created
  + resource "aws_cloudwatch_log_group" "firelens" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/aws/ecs/minecraft-firelens-logs"
      + name_prefix       = (known after apply)
      + retention_in_days = 14
      + skip_destroy      = false
      + tags_all          = (known after apply)
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.cpu_utilization will be created
  + resource "aws_cloudwatch_metric_alarm" "cpu_utilization" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-cpu_utilization"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "CPUUtilization"
      + namespace                             = "AWS/ECS"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 90
      + treat_missing_data                    = "missing"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.memory_utilization will be created
  + resource "aws_cloudwatch_metric_alarm" "memory_utilization" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-memory_utilization"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "MemoryUtilization"
      + namespace                             = "AWS/ECS"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 80
      + treat_missing_data                    = "missing"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check will be created
  + resource "aws_cloudwatch_metric_alarm" "target_group_health_check" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_description                     = "This metric monitors ecs health status"
      + alarm_name                            = "minecraft-test-targetgroup_healthy"
      + arn                                   = (known after apply)
      + comparison_operator                   = "GreaterThanThreshold"
      + dimensions                            = (known after apply)
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "HealthyHostCount"
      + namespace                             = "AWS/NetworkELB"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Maximum"
      + tags_all                              = (known after apply)
      + threshold                             = 1
      + treat_missing_data                    = "breaching"
    }

  # module.custom_cloudwatch.aws_cloudwatch_metric_alarm.task_running_count will be created
  + resource "aws_cloudwatch_metric_alarm" "task_running_count" {
      + actions_enabled                       = true
      + alarm_actions                         = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + alarm_name                            = "minecraft-test-task_running_count"
      + arn                                   = (known after apply)
      + comparison_operator                   = "LessThanThreshold"
      + datapoints_to_alarm                   = 1
      + dimensions                            = {
          + "ClusterName" = "minecraft-test-cluster"
          + "ServiceName" = "minecraft-test-service"
        }
      + evaluate_low_sample_count_percentiles = (known after apply)
      + evaluation_periods                    = 1
      + id                                    = (known after apply)
      + metric_name                           = "RunningTaskCount"
      + namespace                             = "ECS/ContainerInsights"
      + ok_actions                            = [
          + "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic",
        ]
      + period                                = 60
      + statistic                             = "Sum"
      + tags_all                              = (known after apply)
      + threshold                             = 1
      + treat_missing_data                    = "missing"
    }

  # module.custom_domain.aws_route53_record.apps_dns will be created
  + resource "aws_route53_record" "apps_dns" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "minecraft.smat710.com"
      + type            = "A"
      + zone_id         = "Z006257634KDWA8TCRYLE"

      + alias {
          + evaluate_target_health = true
          + name                   = (sensitive value)
          + zone_id                = (sensitive value)
        }
    }

  # module.custom_ecs.aws_ecs_cluster.main will be created
  + resource "aws_ecs_cluster" "main" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "minecraft-test-cluster"
      + tags     = {
          + "environment" = "test"
          + "owners"      = "minecraft"
        }
      + tags_all = {
          + "environment" = "test"
          + "owners"      = "minecraft"
        }

      + configuration {
          + execute_command_configuration {
              + logging = "DEFAULT"
            }
        }

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # module.custom_ecs.aws_ecs_service.main will be created
  + resource "aws_ecs_service" "main" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = true
      + health_check_grace_period_seconds  = 60
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "minecraft-test-service"
      + platform_version                   = "LATEST"
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = (known after apply)
      + task_definition                    = "minecraft-test"
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + deployment_circuit_breaker {
          + enable   = true
          + rollback = true
        }

      + deployment_controller {
          + type = "ECS"
        }

      + load_balancer {
          + container_name   = "minecraft"
          + container_port   = 25565
          + target_group_arn = (known after apply)
        }
      + load_balancer {
          + container_name   = "minecraft"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = true
          + security_groups  = [
              + "sg-07934f64784cd1b97",
            ]
          + subnets          = [
              + "subnet-038ab87acb09d9140",
              + "subnet-0b514cfc7d0eb8f87",
            ]
        }
    }

  # module.custom_ecs.aws_ecs_task_definition.main will be created
  + resource "aws_ecs_task_definition" "main" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (sensitive value)
      + cpu                      = "2048"
      + execution_role_arn       = "arn:aws:iam::528163014577:role/minecraft-test-ecs_tasks_execution-role"
      + family                   = "minecraft-test"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags_all                 = (known after apply)
      + task_role_arn            = "arn:aws:iam::528163014577:role/ecs_tasks-minecraft-test-role"
      + track_latest             = false

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "data"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "log-volume"
        }
    }

  # module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"] will be created
  + resource "aws_cloudwatch_log_subscription_filter" "user-action_subscription" {
      + destination_arn = (known after apply)
      + distribution    = "ByLogStream"
      + filter_pattern  = "{ ($.level = \"ERROR\")}"
      + id              = (known after apply)
      + log_group_name  = "/aws/ecs/minecraft-firelens-logs"
      + name            = "user-action-subscription-0"
      + role_arn        = (known after apply)
    }

  # module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"] will be created
  + resource "aws_cloudwatch_log_subscription_filter" "user-action_subscription" {
      + destination_arn = (known after apply)
      + distribution    = "ByLogStream"
      + filter_pattern  = (sensitive value)
      + id              = (known after apply)
      + log_group_name  = "/aws/ecs/minecraft-firelens-logs"
      + name            = "user-action-subscription-1"
      + role_arn        = (known after apply)
    }

  # module.custom_lambda.aws_lambda_permission.log_permission will be created
  + resource "aws_lambda_permission" "log_permission" {
      + action              = "lambda:InvokeFunction"
      + function_name       = (known after apply)
      + id                  = (known after apply)
      + principal           = "logs.ap-northeast-1.amazonaws.com"
      + source_arn          = "arn:aws:logs:ap-northeast-1:528163014577:log-group:/aws/ecs/minecraft-firelens-logs:*"
      + statement_id        = (known after apply)
      + statement_id_prefix = (known after apply)
    }

  # module.custom_nlb.null_resource.send_slack_notification will be created
  + resource "null_resource" "send_slack_notification" {
      + id = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "logs" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = (known after apply)
        }
    }

  # module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0] will be created
  + resource "aws_cloudwatch_log_group" "lambda" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "/aws/lambda/user-action-filter-function"
      + name_prefix       = (known after apply)
      + retention_in_days = 0
      + skip_destroy      = false
      + tags_all          = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0] will be created
  + resource "aws_iam_policy" "additional_json" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = "user-action-filter-function"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "SNS:Publish",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic"
                      + Sid      = ""
                    },
                  + {
                      + Action   = [
                          + "logs:CreateLogGroup",
                          + "logs:CreateLogStream",
                          + "logs:PutLogEvents",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:logs:ap-northeast-1:528163014577:log-group:/aws/ecs/minecraft-firelens-logs:*"
                      + Sid      = ""
                    },
                  + {
                      + Action   = [
                          + "kms:GenerateDataKey",
                          + "kms:Decrypt",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:kms:ap-northeast-1:528163014577:key/fbe3a2e1-dee7-431a-8206-9cd2092c08df"
                      + Sid      = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0] will be created
  + resource "aws_iam_policy" "logs" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + id               = (known after apply)
      + name             = "user-action-filter-function-logs"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0] will be created
  + resource "aws_iam_role" "lambda" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "lambda.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = true
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "user-action-filter-function"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0] will be created
  + resource "aws_iam_role_policy_attachment" "additional_json" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "user-action-filter-function"
    }

  # module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0] will be created
  + resource "aws_iam_role_policy_attachment" "logs" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "user-action-filter-function"
    }

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be created
  + resource "aws_lambda_function" "this" {
      + architectures                  = [
          + "x86_64",
        ]
      + arn                            = (known after apply)
      + code_sha256                    = (known after apply)
      + description                    = "My awsome lambda function"
      + filename                       = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
      + function_name                  = "user-action-filter-function"
      + handler                        = "index.lambda_handler"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + package_type                   = "Zip"
      + publish                        = true
      + qualified_arn                  = (known after apply)
      + qualified_invoke_arn           = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = (known after apply)
      + runtime                        = "python3.9"
      + signing_job_arn                = (known after apply)
      + signing_profile_version_arn    = (known after apply)
      + skip_destroy                   = false
      + source_code_hash               = (known after apply)
      + source_code_size               = (known after apply)
      + tags                           = {
          + "terraform-aws-modules" = "lambda"
        }
      + tags_all                       = {
          + "terraform-aws-modules" = "lambda"
        }
      + timeout                        = 360
      + version                        = (known after apply)

      + environment {
          + variables = {
              + "ALARM_SUBJECT" = "【UserEvent Notification】"
              + "SNS_TOPIC_ARN" = "arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic"
              + "WEB_HOOK_URL"  = (sensitive value)
            }
        }

      + ephemeral_storage {
          + size = 512
        }

      + logging_config {
          + log_format = "Text"
          + log_group  = (known after apply)
        }
    }

  # module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0] will be created
  + resource "local_file" "archive_plan" {
      + content              = jsonencode(
            {
              + artifacts_dir = "builds"
              + build_plan    = [
                  + [
                      + "zip",
                      + "../modules/lambda/fixtures/python3.9/index.py",
                      + null,
                    ],
                ]
              + filename      = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
              + runtime       = "python3.9"
            }
        )
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0755"
      + file_permission      = "0644"
      + filename             = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.plan.json"
      + id                   = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] will be created
  + resource "null_resource" "archive" {
      + id       = (known after apply)
      + triggers = {
          + "filename"  = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip"
          + "timestamp" = "<WARNING: Missing lambda zip artifacts wouldn't be restored>"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb.this[0] will be created
  + resource "aws_lb" "this" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + dns_name                                                     = (known after apply)
      + dns_record_client_routing_policy                             = "any_availability_zone"
      + enable_cross_zone_load_balancing                             = true
      + enable_deletion_protection                                   = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = "off"
      + id                                                           = (known after apply)
      + internal                                                     = (known after apply)
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "network"
      + name                                                         = "minecraft-test-nlb"
      + name_prefix                                                  = (known after apply)
      + security_groups                                              = (known after apply)
      + subnets                                                      = [
          + "subnet-038ab87acb09d9140",
          + "subnet-0b514cfc7d0eb8f87",
        ]
      + tags                                                         = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                                                     = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + vpc_id                                                       = (known after apply)
      + zone_id                                                      = (known after apply)

      + timeouts {}
    }

  # module.custom_nlb.module.nlb.aws_lb_listener.this["ex-one"] will be created
  + resource "aws_lb_listener" "this" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 25565
      + protocol          = "TCP"
      + ssl_policy        = (known after apply)
      + tags              = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all          = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_listener.this["ex-two"] will be created
  + resource "aws_lb_listener" "this" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 8080
      + protocol          = "TCP"
      + ssl_policy        = (known after apply)
      + tags              = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all          = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_target_group.this["ex-target-one"] will be created
  + resource "aws_lb_target_group" "this" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "10"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = "false"
      + name                               = (known after apply)
      + name_prefix                        = (known after apply)
      + port                               = 25565
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "TCP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                           = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + target_type                        = "ip"
      + vpc_id                             = "vpc-080b3749ba65ae3d7"

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = (known after apply)
          + path                = (known after apply)
          + port                = "traffic-port"
          + protocol            = "TCP"
          + timeout             = 5
          + unhealthy_threshold = 2
        }
    }

  # module.custom_nlb.module.nlb.aws_lb_target_group.this["ex-target-two"] will be created
  + resource "aws_lb_target_group" "this" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "10"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = "false"
      + name                               = (known after apply)
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "TCP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all                           = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + target_type                        = "ip"
      + vpc_id                             = "vpc-080b3749ba65ae3d7"
    }

  # module.custom_nlb.module.nlb.aws_security_group.this[0] will be created
  + resource "aws_security_group" "this" {
      + arn                    = (known after apply)
      + description            = "Security group for minecraft-test-nlb network load balancer"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "minecraft-test-nlb-"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + vpc_id                 = "vpc-080b3749ba65ae3d7"
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_egress_rule.this["all"] will be created
  + resource "aws_vpc_security_group_egress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "10.0.0.0/16"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_ingress_rule.this["app_tcp"] will be created
  + resource "aws_vpc_security_group_ingress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "TCP traffic"
      + from_port              = 25565
      + id                     = (known after apply)
      + ip_protocol            = "tcp"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + to_port                = 25565
    }

  # module.custom_nlb.module.nlb.aws_vpc_security_group_ingress_rule.this["map_tcp"] will be created
  + resource "aws_vpc_security_group_ingress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "TCP traffic"
      + from_port              = 8080
      + id                     = (known after apply)
      + ip_protocol            = "tcp"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + tags_all               = {
          + "environment"           = "test"
          + "owners"                = "minecraft"
          + "terraform-aws-modules" = "alb"
        }
      + to_port                = 8080
    }

Plan: 31 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ecs_task_definition       = (sensitive value)
  + nlb_target_group_arns     = [
      + (known after apply),
      + (known after apply),
    ]
  + target_group_arn_suffixes = [
      + (known after apply),
      + (known after apply),
    ]

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

terraform/keeping

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_slash_command.module.dispatch_backup_function.data.external.archive_prepare[0]: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_slash_command.module.dispatch_backup_function.local_file.archive_plan[0]: Refreshing state... [id=78f2020f239be6309b8af0fd851b4b39b0176a7d]
module.custom_slash_command.module.dispatch_backup_function.null_resource.archive[0]: Refreshing state... [id=6253861544655385946]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=43add1749d6d9832e0a8fca0784941273380c63a]
module.custom_slash_command.module.dispatch_backup_function.data.aws_partition.current: Reading...
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/dispatch_workflow_from_slack-function]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-080b3749ba65ae3d7]
module.custom_slash_command.module.dispatch_backup_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/dispatch_workflow_from_slack-function]
module.custom_slash_command.module.dispatch_backup_function.data.aws_caller_identity.current: Reading...
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_slash_command.module.dispatch_backup_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_slash_command.module.dispatch_backup_function.data.aws_region.current: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_region.current: Read complete after 0s [id=ap-northeast-1]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_slash_command.module.dispatch_backup_function.data.aws_caller_identity.current: Read complete after 0s [id=528163014577]
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=2690255455]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=fbe3a2e1-dee7-431a-8206-9cd2092c08df]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role.lambda[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231214232321650500000002]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231214232322111300000003]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=dispatch_workflow_from_slack-function-20231214232321636700000001]
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_slash_command.module.dispatch_backup_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=1844424421]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/dispatch_workflow_from_slack-function-logs]
module.custom_slash_command.module.dispatch_backup_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=dispatch_workflow_from_slack-function-20231214232322152400000004]
module.custom_slash_command.module.dispatch_backup_function.aws_lambda_function.this[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]
module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias: Refreshing state... [id=alias/cwa/for_encrypt_sns_topic]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:dc0a832c-07a7-4d2f-8e2b-6de364155c79]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/ca09cc70-9ad7-11ee-83e2-0e9630bea38d]
module.custom_vpc.module.vpc.aws_default_route_table.default[0]: Refreshing state... [id=rtb-0be4b180c2baaa074]
module.custom_vpc.module.vpc.aws_default_security_group.this[0]: Refreshing state... [id=sg-019542f68b3faf486]
null_resource.name: Refreshing state... [id=7654444806662221133]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-05d700a42174e6bfa]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-09e08a3f393bc9cdd]
module.custom_vpc.module.vpc.aws_default_network_acl.this[0]: Refreshing state... [id=acl-0af9255bf2de56654]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-0c61e63473f694831]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-07934f64784cd1b97]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0b514cfc7d0eb8f87]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-038ab87acb09d9140]
module.custom_slash_command.module.dispatch_backup_function.aws_lambda_function_url.this[0]: Refreshing state... [id=dispatch_workflow_from_slack-function]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1937134738]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3461214470]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-09e08a3f393bc9cdd1080289494]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-2244126218]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1006910212]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3776291969]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0dd79ede70dc8f571]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-04380aaba84b96660]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+/- create replacement and then destroy

Terraform will perform the following actions:

  # module.custom_slash_command.module.dispatch_backup_function.null_resource.archive[0] must be replaced
+/- resource "null_resource" "archive" {
      ~ id       = "6253861544655385946" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1719363661912456000" -> "1719414528013794000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

Snyk Scan docker/minecraft/Dockerfile

Show Results 
Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   deb
Target file:       docker/minecraft/Dockerfile
Project name:      docker-image|minecraft/server
Docker image:      minecraft/server:latest
Platform:          linux/amd64
Base image:        itzg/minecraft-server@sha256:094fe93d45e1887eebfc0a3ce1f8320aa3df91334ab271aead6b3fe54cc132b1
Licenses:          enabled

✔ Tested 328 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /image
Project name:      minecraft/server:latest:/image
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Tested 73 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.scala-lang:scala-library@2.13.1 to org.scala-lang:scala-library@2.13.9 to fix
  ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in org.scala-lang:scala-library@2.13.1
    introduced by org.scala-lang:scala-library@2.13.1



Organization:      shotaromatsuya
Package manager:   maven
Target file:       /usr/share/mc-image-helper-1.39.0/lib
Project name:      minecraft/server:latest:/usr/share/mc-image-helper-1.39.0/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /opt/java/openjdk/lib
Project name:      minecraft/server:latest:/opt/java/openjdk/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-server-runner
Project name:      github.com/itzg/mc-server-runner
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 24 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-monitor
Project name:      github.com/itzg/mc-monitor
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 54 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/rcon-cli
Project name:      github.com/itzg/rcon-cli
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 45 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/restify
Project name:      github.com/itzg/restify
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/easy-add
Project name:      easy-add
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 2 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Allocation of Resources Without Limits or Throttling
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285
  Introduced through: golang.org/x/net/http2@v0.17.0
  From: golang.org/x/net/http2@v0.17.0
  Fixed in: 0.23.0



Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/git-lfs
Project name:      github.com/git-lfs/git-lfs/v3
Docker image:      minecraft/server:latest
Licenses:          enabled

Tested 63 dependencies for known issues, found 1 issue.

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`


Tested 10 projects, 2 contained vulnerable paths.```

</details>

@ShotaroMatsuya ShotaroMatsuya merged commit 575b503 into main Jun 26, 2024
10 checks passed
@ShotaroMatsuya ShotaroMatsuya deleted the feat/squaremap branch June 26, 2024 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

@ShotaroMatsuya ShotaroMatsuya

Labels
docker feature minecraft modules scheduling terraform
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ShotaroMatsuya