Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add lambda module for subscription filtering #86

Merged
merged 42 commits into from
Nov 5, 2023
Merged

feat: add lambda module for subscription filtering #86

merged 42 commits into from
Nov 5, 2023

Conversation

ShotaroMatsuya
Copy link
Owner

@ShotaroMatsuya ShotaroMatsuya commented Nov 4, 2023
edited
Loading

related #21
fixes #68

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 4, 2023

terraform/keeping

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan 
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 4, 2023

terraform/scheduling

Terraform Format and Style 🖌success

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=00461b3d8922347a59ae1d4c2c885ce3b856a836]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
data.aws_sns_topic.my_sns: Reading...
data.aws_iam_role.task_execution_role: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
data.aws_vpc.myvpc: Reading...
data.aws_security_group.fargate_sg: Reading...
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699116435115084000" -> "1699117936040049000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 0 to change, 1 to destroy.

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 4, 2023
View reviewed changes
terraform/scheduling/main.tf Outdated
Comment on lines 106 to 116
module "custom_lambda" {
source = "../modules/lambda"
log_group_name = "/aws/ecs/minecraft-firelens-logs"
log_group_arn = "arn:aws:logs:ap-northeast-1:528163014577:log-group:/aws/ecs/minecraft-firelens-logs:*"
filter_patterns = ["{ ($.log = \"*joined*\") || ($.log = \"*Disconnected*\") || ($.log = \"*left*\") }", "{ ($.log = \"<*\") }"]
sns_topic_arn = data.aws_sns_topic.my_sns.arn
slack_webhook_url = "https://hooks.slack.com/services/${var.WEBHOOK_PATH}"

owners = local.owners
environment = local.environment
}

Check failure

Code scanning / defsec

IAM policy should avoid use of wildcards and instead apply the principle of least privilege

IAM policy document uses sensitive action 'logs:CreateLogGroup' on wildcarded resource 'arn:aws:logs:*:*:*'
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌success

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 1s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_iam_role.task_role: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
data.aws_iam_role.task_execution_role: Reading...
data.aws_security_group.fargate_sg: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
data.aws_vpc.myvpc: Reading...
data.aws_sns_topic.my_sns: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_role: Read complete after 1s [id=ecs_tasks-minecraft-test-role]
data.aws_iam_role.task_execution_role: Read complete after 1s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 1s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 1s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
      ~ filename                       = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip" -> "builds/e2deadcbe357336c485866963b49e870109cd2f19fad386ebf8fcd10888a9a09.zip"
        id                             = "user-action-filter-function"
      ~ last_modified                  = "2023-11-05T00:44:12.000+0000" -> (known after apply)
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (18 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0] will be created
  + resource "local_file" "archive_plan" {
      + content              = jsonencode(
            {
              + artifacts_dir = "builds"
              + build_plan    = [
                  + [
                      + "zip",
                      + "../modules/lambda/fixtures/python3.9/index.py",
                      + null,
                    ],
                ]
              + filename      = "builds/e2deadcbe357336c485866963b49e870109cd2f19fad386ebf8fcd10888a9a09.zip"
              + runtime       = "python3.9"
            }
        )
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0755"
      + file_permission      = "0644"
      + filename             = "builds/e2deadcbe357336c485866963b49e870109cd2f19fad386ebf8fcd10888a9a09.plan.json"
      + id                   = (known after apply)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "filename"  = "builds/ea96dc4de2016fe5f3b29c4e5952cf7ed9f0d78b607e635369a8cb31b68e76c8.zip" -> "builds/e2deadcbe357336c485866963b49e870109cd2f19fad386ebf8fcd10888a9a09.zip"
          ~ "timestamp" = "1699145043729971000" -> "1699151592516661800"
        }
    }

Plan: 2 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan 
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan 
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌success

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_security_group.fargate_sg: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
data.aws_iam_role.task_execution_role: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
data.aws_sns_topic.my_sns: Reading...
data.aws_iam_role.task_role: Reading...
data.aws_vpc.myvpc: Reading...
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_role: Read complete after 1s [id=ecs_tasks-minecraft-test-role]
data.aws_iam_role.task_execution_role: Read complete after 1s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699151737430416200"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌success

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_vpc.myvpc: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
data.aws_security_group.fargate_sg: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
data.aws_iam_role.task_execution_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
data.aws_sns_topic.my_sns: Reading...
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699151777237812000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan 
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 1s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌success

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
data.aws_iam_role.task_execution_role: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
data.aws_security_group.fargate_sg: Reading...
data.aws_iam_role.task_role: Reading...
data.aws_sns_topic.my_sns: Reading...
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
data.aws_vpc.myvpc: Reading...
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699152224969978000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan 
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 1s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan 
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 1s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌success

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_sns_topic.my_sns: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
data.aws_security_group.fargate_sg: Reading...
data.aws_vpc.myvpc: Reading...
data.aws_iam_role.task_execution_role: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
data.aws_iam_role.task_role: Read complete after 1s [id=ecs_tasks-minecraft-test-role]
data.aws_iam_role.task_execution_role: Read complete after 1s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699153314333950000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌success

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_sns_topic.my_sns: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
data.aws_iam_role.task_execution_role: Reading...
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
data.aws_security_group.fargate_sg: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
data.aws_vpc.myvpc: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699154170314768000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan 
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌success

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_iam_role.task_role: Reading...
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
data.aws_vpc.myvpc: Reading...
data.aws_security_group.fargate_sg: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
data.aws_iam_role.task_execution_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
data.aws_sns_topic.my_sns: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_sns_topic.my_sns: Read complete after 0s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
data.aws_security_group.fargate_sg: Read complete after 0s [id=sg-013a8264d6904303a]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 0s [id=Z0885897H6FS59VX1SAQ]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 1s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699154675849100200"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌success

Terraform Plan 📖success

Show Plan 
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 1s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

docker/minecraft

Show Plan

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_security_group.fargate_sg: Reading...
data.aws_sns_topic.my_sns: Reading...
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
data.aws_vpc.myvpc: Reading...
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
data.aws_iam_role.task_execution_role: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 0s [id=Z0885897H6FS59VX1SAQ]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 1s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 1s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699171085002707000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

CLI Command Output:

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mdeb
�[1mTarget file:       �[22mdocker/minecraft/Dockerfile.restore
�[1mProject name:      �[22mdocker-image|minecraft/server-restore
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mPlatform:          �[22mlinux/amd64
�[1mBase image:        �[22mitzg/minecraft-server
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 315 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/image
�[1mProject name:      �[22mminecraft/server-restore:latest:/image
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22mTested 70 dependencies for known issues, �[31m�[1mfound 1 issue.�[22m�[39m

�[1m�[32m�[39m�[22m
�[1m�[32mIssues to fix by upgrading:�[39m�[22m

  Upgrade �[1m�[97morg.scala-lang:scala-library@2.13.1�[39m�[22m to �[1m�[97morg.scala-lang:scala-library@2.13.9�[39m�[22m to fix
�[35m  ✗ �[1mRemote Code Execution (RCE)�[22m [Critical Severity]�[39m[https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in �[1morg.scala-lang:scala-library@2.13.1�[22m
    introduced by org.scala-lang:scala-library@2.13.1



�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/usr/share/mc-image-helper-1.36.5/lib
�[1mProject name:      �[22mminecraft/server-restore:latest:/usr/share/mc-image-helper-1.36.5/lib
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[1m�[37mPro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.�[39m�[22m

�[1m�[37mSnyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.�[39m�[22m

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/opt/java/openjdk/lib
�[1mProject name:      �[22mminecraft/server-restore:latest:/opt/java/openjdk/lib
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-server-runner
�[1mProject name:      �[22mgithub.com/itzg/mc-server-runner
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-monitor
�[1mProject name:      �[22mgithub.com/itzg/mc-monitor
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 56 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/rcon-cli
�[1mProject name:      �[22mgithub.com/itzg/rcon-cli
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 49 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/restify
�[1mProject name:      �[22mgithub.com/itzg/restify
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/bin/easy-add
�[1mProject name:      �[22measy-add
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 2 dependencies for known issues, no vulnerable paths found.�[39m�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31mTested 9 projects, 1 contained vulnerable paths.�[39m�[22m
�[1m�[31m�[39m�[22m

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

CLI Command Output:

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mdeb
�[1mTarget file:       �[22mdocker/minecraft/Dockerfile
�[1mProject name:      �[22mdocker-image|minecraft/server
�[1mDocker image:      �[22mminecraft/server:latest
�[1mPlatform:          �[22mlinux/amd64
�[1mBase image:        �[22mitzg/minecraft-server
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 316 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/image
�[1mProject name:      �[22mminecraft/server:latest:/image
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22mTested 70 dependencies for known issues, �[31m�[1mfound 1 issue.�[22m�[39m

�[1m�[32m�[39m�[22m
�[1m�[32mIssues to fix by upgrading:�[39m�[22m

  Upgrade �[1m�[97morg.scala-lang:scala-library@2.13.1�[39m�[22m to �[1m�[97morg.scala-lang:scala-library@2.13.9�[39m�[22m to fix
�[35m  ✗ �[1mRemote Code Execution (RCE)�[22m [Critical Severity]�[39m[https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in �[1morg.scala-lang:scala-library@2.13.1�[22m
    introduced by org.scala-lang:scala-library@2.13.1



�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/usr/share/mc-image-helper-1.36.5/lib
�[1mProject name:      �[22mminecraft/server:latest:/usr/share/mc-image-helper-1.36.5/lib
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[1m�[37mPro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.�[39m�[22m

�[1m�[37mSnyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.�[39m�[22m

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/opt/java/openjdk/lib
�[1mProject name:      �[22mminecraft/server:latest:/opt/java/openjdk/lib
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-server-runner
�[1mProject name:      �[22mgithub.com/itzg/mc-server-runner
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-monitor
�[1mProject name:      �[22mgithub.com/itzg/mc-monitor
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 56 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/rcon-cli
�[1mProject name:      �[22mgithub.com/itzg/rcon-cli
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 49 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/restify
�[1mProject name:      �[22mgithub.com/itzg/restify
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/bin/easy-add
�[1mProject name:      �[22measy-add
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 2 dependencies for known issues, no vulnerable paths found.�[39m�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31mTested 9 projects, 1 contained vulnerable paths.�[39m�[22m
�[1m�[31m�[39m�[22m

@gitguardian GitGuardian
Copy link

gitguardian bot commented Nov 5, 2023
edited
Loading

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_sns_topic.my_sns: Reading...
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
data.aws_iam_role.task_execution_role: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
data.aws_security_group.fargate_sg: Reading...
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
data.aws_vpc.myvpc: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699171461933824000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 1s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

CLI Command Output:

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mdeb
�[1mTarget file:       �[22mdocker/minecraft/Dockerfile
�[1mProject name:      �[22mdocker-image|minecraft/server
�[1mDocker image:      �[22mminecraft/server:latest
�[1mPlatform:          �[22mlinux/amd64
�[1mBase image:        �[22mitzg/minecraft-server
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 316 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/image
�[1mProject name:      �[22mminecraft/server:latest:/image
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22mTested 70 dependencies for known issues, �[31m�[1mfound 1 issue.�[22m�[39m

�[1m�[32m�[39m�[22m
�[1m�[32mIssues to fix by upgrading:�[39m�[22m

  Upgrade �[1m�[97morg.scala-lang:scala-library@2.13.1�[39m�[22m to �[1m�[97morg.scala-lang:scala-library@2.13.9�[39m�[22m to fix
�[35m  ✗ �[1mRemote Code Execution (RCE)�[22m [Critical Severity]�[39m[https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in �[1morg.scala-lang:scala-library@2.13.1�[22m
    introduced by org.scala-lang:scala-library@2.13.1



�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/usr/share/mc-image-helper-1.36.5/lib
�[1mProject name:      �[22mminecraft/server:latest:/usr/share/mc-image-helper-1.36.5/lib
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[1m�[37mPro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.�[39m�[22m

�[1m�[37mSnyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.�[39m�[22m

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/opt/java/openjdk/lib
�[1mProject name:      �[22mminecraft/server:latest:/opt/java/openjdk/lib
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-server-runner
�[1mProject name:      �[22mgithub.com/itzg/mc-server-runner
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-monitor
�[1mProject name:      �[22mgithub.com/itzg/mc-monitor
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 56 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/rcon-cli
�[1mProject name:      �[22mgithub.com/itzg/rcon-cli
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 49 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/restify
�[1mProject name:      �[22mgithub.com/itzg/restify
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/bin/easy-add
�[1mProject name:      �[22measy-add
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 2 dependencies for known issues, no vulnerable paths found.�[39m�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31mTested 9 projects, 1 contained vulnerable paths.�[39m�[22m
�[1m�[31m�[39m�[22m

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

CLI Command Output:

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mdeb
�[1mTarget file:       �[22mdocker/minecraft/Dockerfile.restore
�[1mProject name:      �[22mdocker-image|minecraft/server-restore
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mPlatform:          �[22mlinux/amd64
�[1mBase image:        �[22mitzg/minecraft-server
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 315 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/image
�[1mProject name:      �[22mminecraft/server-restore:latest:/image
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22mTested 70 dependencies for known issues, �[31m�[1mfound 1 issue.�[22m�[39m

�[1m�[32m�[39m�[22m
�[1m�[32mIssues to fix by upgrading:�[39m�[22m

  Upgrade �[1m�[97morg.scala-lang:scala-library@2.13.1�[39m�[22m to �[1m�[97morg.scala-lang:scala-library@2.13.9�[39m�[22m to fix
�[35m  ✗ �[1mRemote Code Execution (RCE)�[22m [Critical Severity]�[39m[https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in �[1morg.scala-lang:scala-library@2.13.1�[22m
    introduced by org.scala-lang:scala-library@2.13.1



�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/usr/share/mc-image-helper-1.36.5/lib
�[1mProject name:      �[22mminecraft/server-restore:latest:/usr/share/mc-image-helper-1.36.5/lib
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[1m�[37mPro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.�[39m�[22m

�[1m�[37mSnyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.�[39m�[22m

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/opt/java/openjdk/lib
�[1mProject name:      �[22mminecraft/server-restore:latest:/opt/java/openjdk/lib
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-server-runner
�[1mProject name:      �[22mgithub.com/itzg/mc-server-runner
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-monitor
�[1mProject name:      �[22mgithub.com/itzg/mc-monitor
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 56 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/rcon-cli
�[1mProject name:      �[22mgithub.com/itzg/rcon-cli
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 49 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/restify
�[1mProject name:      �[22mgithub.com/itzg/restify
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/bin/easy-add
�[1mProject name:      �[22measy-add
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 2 dependencies for known issues, no vulnerable paths found.�[39m�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31mTested 9 projects, 1 contained vulnerable paths.�[39m�[22m
�[1m�[31m�[39m�[22m

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 1s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_iam_role.task_role: Reading...
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
data.aws_security_group.fargate_sg: Reading...
data.aws_iam_role.task_execution_role: Reading...
data.aws_vpc.myvpc: Reading...
data.aws_sns_topic.my_sns: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_execution_role: Read complete after 1s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_iam_role.task_role: Read complete after 1s [id=ecs_tasks-minecraft-test-role]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699171908524094200"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

Snyk Container Vulnerabilities docker/minecraft
Show Results```�[1m�[37m�[39m�[22m

�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mdeb
�[1mTarget file: �[22mdocker/minecraft/Dockerfile
�[1mProject name: �[22mdocker-image|minecraft/server
�[1mDocker image: �[22mminecraft/server:latest
�[1mPlatform: �[22mlinux/amd64
�[1mBase image: �[22mitzg/minecraft-server
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 316 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mmaven
�[1mTarget file: �[22m/image
�[1mProject name: �[22mminecraft/server:latest:/image
�[1mDocker image: �[22mminecraft/server:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22mTested 70 dependencies for known issues, �[31m�[1mfound 1 issue.�[22m�[39m

�[1m�[32m�[39m�[22m
�[1m�[32mIssues to fix by upgrading:�[39m�[22m

Upgrade �[1m�[97morg.scala-lang:scala-library@2.13.1�[39m�[22m to �[1m�[97morg.scala-lang:scala-library@2.13.9�[39m�[22m to fix
�[35m ✗ �[1mRemote Code Execution (RCE)�[22m [Critical Severity]�[39m[https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in �[1morg.scala-lang:scala-library@2.13.1�[22m
introduced by org.scala-lang:scala-library@2.13.1

�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mmaven
�[1mTarget file: �[22m/usr/share/mc-image-helper-1.36.5/lib
�[1mProject name: �[22mminecraft/server:latest:/usr/share/mc-image-helper-1.36.5/lib
�[1mDocker image: �[22mminecraft/server:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[1m�[37mPro tip: use --exclude-base-image-vulns to exclude from display Docker base image vulnerabilities.�[39m�[22m

�[1m�[37mSnyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.�[39m�[22m

To remove these messages in the future, please run snyk config set disableSuggestions=true

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mmaven
�[1mTarget file: �[22m/opt/java/openjdk/lib
�[1mProject name: �[22mminecraft/server:latest:/opt/java/openjdk/lib
�[1mDocker image: �[22mminecraft/server:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/local/bin/mc-server-runner
�[1mProject name: �[22mgithub.com/itzg/mc-server-runner
�[1mDocker image: �[22mminecraft/server:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/local/bin/mc-monitor
�[1mProject name: �[22mgithub.com/itzg/mc-monitor
�[1mDocker image: �[22mminecraft/server:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 56 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/local/bin/rcon-cli
�[1mProject name: �[22mgithub.com/itzg/rcon-cli
�[1mDocker image: �[22mminecraft/server:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 49 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/local/bin/restify
�[1mProject name: �[22mgithub.com/itzg/restify
�[1mDocker image: �[22mminecraft/server:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/bin/easy-add
�[1mProject name: �[22measy-add
�[1mDocker image: �[22mminecraft/server:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 2 dependencies for known issues, no vulnerable paths found.�[39m�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31mTested 9 projects, 1 contained vulnerable paths.�[39m�[22m
�[1m�[31m�[39m�[22m```

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

Snyk Container Vulnerabilities docker/minecraft
Show Results```�[1m�[37m�[39m�[22m

�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mdeb
�[1mTarget file: �[22mdocker/minecraft/Dockerfile.restore
�[1mProject name: �[22mdocker-image|minecraft/server-restore
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mPlatform: �[22mlinux/amd64
�[1mBase image: �[22mitzg/minecraft-server
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 315 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mmaven
�[1mTarget file: �[22m/image
�[1mProject name: �[22mminecraft/server-restore:latest:/image
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22mTested 70 dependencies for known issues, �[31m�[1mfound 1 issue.�[22m�[39m

�[1m�[32m�[39m�[22m
�[1m�[32mIssues to fix by upgrading:�[39m�[22m

Upgrade �[1m�[97morg.scala-lang:scala-library@2.13.1�[39m�[22m to �[1m�[97morg.scala-lang:scala-library@2.13.9�[39m�[22m to fix
�[35m ✗ �[1mRemote Code Execution (RCE)�[22m [Critical Severity]�[39m[https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in �[1morg.scala-lang:scala-library@2.13.1�[22m
introduced by org.scala-lang:scala-library@2.13.1

�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mmaven
�[1mTarget file: �[22m/usr/share/mc-image-helper-1.36.5/lib
�[1mProject name: �[22mminecraft/server-restore:latest:/usr/share/mc-image-helper-1.36.5/lib
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[1m�[37mPro tip: use --exclude-base-image-vulns to exclude from display Docker base image vulnerabilities.�[39m�[22m

�[1m�[37mSnyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.�[39m�[22m

To remove these messages in the future, please run snyk config set disableSuggestions=true

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mmaven
�[1mTarget file: �[22m/opt/java/openjdk/lib
�[1mProject name: �[22mminecraft/server-restore:latest:/opt/java/openjdk/lib
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/local/bin/mc-server-runner
�[1mProject name: �[22mgithub.com/itzg/mc-server-runner
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/local/bin/mc-monitor
�[1mProject name: �[22mgithub.com/itzg/mc-monitor
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 56 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/local/bin/rcon-cli
�[1mProject name: �[22mgithub.com/itzg/rcon-cli
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 49 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/local/bin/restify
�[1mProject name: �[22mgithub.com/itzg/restify
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization: �[22mshotaromatsuya
�[1mPackage manager: �[22mgomodules
�[1mTarget file: �[22m/usr/bin/easy-add
�[1mProject name: �[22measy-add
�[1mDocker image: �[22mminecraft/server-restore:latest
�[1mLicenses: �[22m�[32menabled�[39m

�[32m✔ Tested 2 dependencies for known issues, no vulnerable paths found.�[39m�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31mTested 9 projects, 1 contained vulnerable paths.�[39m�[22m
�[1m�[31m�[39m�[22m```

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 1s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_iam_role.task_role: Reading...
data.aws_iam_role.task_execution_role: Reading...
data.aws_security_group.fargate_sg: Reading...
data.aws_vpc.myvpc: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
data.aws_sns_topic.my_sns: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_execution_role: Read complete after 1s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_iam_role.task_role: Read complete after 1s [id=ecs_tasks-minecraft-test-role]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 1s [id=Z0885897H6FS59VX1SAQ]
data.aws_sns_topic.my_sns: Read complete after 1s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
data.aws_security_group.fargate_sg: Read complete after 1s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 2s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 1s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699172458533635000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

Snyk Scan docker/minecraft/Dockerfile.restore

Show Results 
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mdeb
�[1mTarget file:       �[22mdocker/minecraft/Dockerfile.restore
�[1mProject name:      �[22mdocker-image|minecraft/server-restore
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mPlatform:          �[22mlinux/amd64
�[1mBase image:        �[22mitzg/minecraft-server
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 315 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/image
�[1mProject name:      �[22mminecraft/server-restore:latest:/image
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22mTested 70 dependencies for known issues, �[31m�[1mfound 1 issue.�[22m�[39m

�[1m�[32m�[39m�[22m
�[1m�[32mIssues to fix by upgrading:�[39m�[22m

  Upgrade �[1m�[97morg.scala-lang:scala-library@2.13.1�[39m�[22m to �[1m�[97morg.scala-lang:scala-library@2.13.9�[39m�[22m to fix
�[35m  ✗ �[1mRemote Code Execution (RCE)�[22m [Critical Severity]�[39m[https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in �[1morg.scala-lang:scala-library@2.13.1�[22m
    introduced by org.scala-lang:scala-library@2.13.1



�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/usr/share/mc-image-helper-1.36.5/lib
�[1mProject name:      �[22mminecraft/server-restore:latest:/usr/share/mc-image-helper-1.36.5/lib
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[1m�[37mPro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.�[39m�[22m

�[1m�[37mSnyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.�[39m�[22m

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/opt/java/openjdk/lib
�[1mProject name:      �[22mminecraft/server-restore:latest:/opt/java/openjdk/lib
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-server-runner
�[1mProject name:      �[22mgithub.com/itzg/mc-server-runner
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-monitor
�[1mProject name:      �[22mgithub.com/itzg/mc-monitor
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 56 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/rcon-cli
�[1mProject name:      �[22mgithub.com/itzg/rcon-cli
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 49 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/restify
�[1mProject name:      �[22mgithub.com/itzg/restify
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server-restore:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/bin/easy-add
�[1mProject name:      �[22measy-add
�[1mDocker image:      �[22mminecraft/server-restore:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 2 dependencies for known issues, no vulnerable paths found.�[39m�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31mTested 9 projects, 1 contained vulnerable paths.�[39m�[22m
�[1m�[31m�[39m�[22m```

</details>

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

Snyk Scan docker/minecraft/Dockerfile

Show Results 
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mdeb
�[1mTarget file:       �[22mdocker/minecraft/Dockerfile
�[1mProject name:      �[22mdocker-image|minecraft/server
�[1mDocker image:      �[22mminecraft/server:latest
�[1mPlatform:          �[22mlinux/amd64
�[1mBase image:        �[22mitzg/minecraft-server
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 316 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/image
�[1mProject name:      �[22mminecraft/server:latest:/image
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22mTested 70 dependencies for known issues, �[31m�[1mfound 1 issue.�[22m�[39m

�[1m�[32m�[39m�[22m
�[1m�[32mIssues to fix by upgrading:�[39m�[22m

  Upgrade �[1m�[97morg.scala-lang:scala-library@2.13.1�[39m�[22m to �[1m�[97morg.scala-lang:scala-library@2.13.9�[39m�[22m to fix
�[35m  ✗ �[1mRemote Code Execution (RCE)�[22m [Critical Severity]�[39m[https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in �[1morg.scala-lang:scala-library@2.13.1�[22m
    introduced by org.scala-lang:scala-library@2.13.1



�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/usr/share/mc-image-helper-1.36.5/lib
�[1mProject name:      �[22mminecraft/server:latest:/usr/share/mc-image-helper-1.36.5/lib
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[1m�[37mPro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.�[39m�[22m

�[1m�[37mSnyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.�[39m�[22m

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mmaven
�[1mTarget file:       �[22m/opt/java/openjdk/lib
�[1mProject name:      �[22mminecraft/server:latest:/opt/java/openjdk/lib
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-server-runner
�[1mProject name:      �[22mgithub.com/itzg/mc-server-runner
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/mc-monitor
�[1mProject name:      �[22mgithub.com/itzg/mc-monitor
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 56 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/rcon-cli
�[1mProject name:      �[22mgithub.com/itzg/rcon-cli
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 49 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/local/bin/restify
�[1mProject name:      �[22mgithub.com/itzg/restify
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 12 dependencies for known issues, no vulnerable paths found.�[39m

-------------------------------------------------------
�[1m�[37m�[39m�[22m
�[1m�[37mTesting minecraft/server:latest...�[39m�[22m
�[1m�[37m�[39m�[22m
�[1m�[37m�[39m�[22m�[1mOrganization:      �[22mshotaromatsuya
�[1mPackage manager:   �[22mgomodules
�[1mTarget file:       �[22m/usr/bin/easy-add
�[1mProject name:      �[22measy-add
�[1mDocker image:      �[22mminecraft/server:latest
�[1mLicenses:          �[22m�[32menabled�[39m

�[32m✔ Tested 2 dependencies for known issues, no vulnerable paths found.�[39m�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31m�[39m�[22m
�[1m�[31mTested 9 projects, 1 contained vulnerable paths.�[39m�[22m
�[1m�[31m�[39m�[22m```

</details>

@ShotaroMatsuya
Copy link
Owner Author

fixes #68

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/scheduling

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖failure

Show Plan 
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.external.archive_prepare[0]: Read complete after 0s [id=-]
module.custom_lambda.module.user_action_filter_function.local_file.archive_plan[0]: Refreshing state... [id=421827469ade4a6f146fa8ac3fc4b3f8da27703b]
module.custom_lambda.module.user_action_filter_function.null_resource.archive[0]: Refreshing state... [id=5577006791947779410]
data.aws_iam_role.task_role: Reading...
module.custom_lambda.module.user_action_filter_function.aws_cloudwatch_log_group.lambda[0]: Refreshing state... [id=/aws/lambda/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Reading...
module.custom_ecs.aws_ecs_cluster.main: Refreshing state... [id=arn:aws:ecs:ap-northeast-1:528163014577:cluster/minecraft-test-cluster]
module.custom_cloudwatch.aws_cloudwatch_log_group.firelens: Refreshing state... [id=/aws/ecs/minecraft-firelens-logs]
data.aws_vpc.myvpc: Reading...
data.aws_security_group.fargate_sg: Reading...
module.custom_domain.data.aws_route53_zone.mydomain: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_partition.current: Read complete after 0s [id=aws]
data.aws_sns_topic.my_sns: Reading...
data.aws_iam_role.task_execution_role: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3693445097]
module.custom_lambda.module.user_action_filter_function.aws_iam_role.lambda[0]: Refreshing state... [id=user-action-filter-function]
data.aws_iam_role.task_role: Read complete after 0s [id=ecs_tasks-minecraft-test-role]
data.aws_iam_role.task_execution_role: Read complete after 0s [id=minecraft-test-ecs_tasks_execution-role]
data.aws_sns_topic.my_sns: Read complete after 0s [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.additional_json[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function]
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Reading...
module.custom_lambda.module.user_action_filter_function.data.aws_iam_policy_document.logs[0]: Read complete after 0s [id=2706863035]
module.custom_lambda.module.user_action_filter_function.aws_iam_policy.logs[0]: Refreshing state... [id=arn:aws:iam::528163014577:policy/user-action-filter-function-logs]
module.custom_domain.data.aws_route53_zone.mydomain: Read complete after 0s [id=Z0885897H6FS59VX1SAQ]
data.aws_security_group.fargate_sg: Read complete after 0s [id=sg-013a8264d6904303a]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.additional_json[0]: Refreshing state... [id=user-action-filter-function-20231104164720345100000001]
module.custom_lambda.module.user_action_filter_function.aws_iam_role_policy_attachment.logs[0]: Refreshing state... [id=user-action-filter-function-20231104164720359100000002]
module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0]: Refreshing state... [id=user-action-filter-function]
data.aws_vpc.myvpc: Read complete after 1s [id=vpc-052032844d4b16f4b]
data.aws_subnets.my_subnets: Reading...
module.custom_nlb.module.nlb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:targetgroup/tf-20231104123347887300000001/94def7daf9d5ba87]
data.aws_subnets.my_subnets: Read complete after 0s [id=ap-northeast-1]
module.custom_nlb.module.nlb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:loadbalancer/net/minecraft-test-nlb/7e4c257967f4f2ab]
module.custom_lambda.aws_lambda_permission.log_permission: Refreshing state... [id=terraform-20231104164742643600000003]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["1"]: Refreshing state... [id=cwlsf-384885153]
module.custom_lambda.aws_cloudwatch_log_subscription_filter.user-action_subscription["0"]: Refreshing state... [id=cwlsf-384885153]
module.custom_nlb.null_resource.send_slack_notification: Refreshing state... [id=5577006791947779410]
module.custom_nlb.module.nlb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:528163014577:listener/net/minecraft-test-nlb/7e4c257967f4f2ab/a232d5a507fb2242]
module.custom_domain.aws_route53_record.apps_dns: Refreshing state... [id=Z0885897H6FS59VX1SAQ_minecraft.smat710.tk_A]
module.custom_cloudwatch.aws_cloudwatch_metric_alarm.target_group_health_check: Refreshing state... [id=minecraft-test-targetgroup_healthy]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform planned the following actions, but then encountered a problem:

  # module.custom_lambda.module.user_action_filter_function.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "user-action-filter-function"
      ~ qualified_arn                  = "arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5" -> (known after apply)
      ~ qualified_invoke_arn           = "arn:aws:apigateway:ap-northeast-1:lambda:path/2015-03-31/functions/arn:aws:lambda:ap-northeast-1:528163014577:function:user-action-filter-function:5/invocations" -> (known after apply)
        tags                           = {}
      ~ version                        = "5" -> (known after apply)
        # (20 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "WEB_HOOK_URL"  = "https://hooks.slack.com/services/exit" -> "https://hooks.slack.com/services/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"
                # (2 unchanged elements hidden)
            }
        }

        # (2 unchanged blocks hidden)
    }

  # module.custom_lambda.module.user_action_filter_function.null_resource.archive[0] must be replaced
-/+ resource "null_resource" "archive" {
      ~ id       = "5577006791947779410" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "timestamp" = "1699145043729971000" -> "1699172742058377000"
            # (1 unchanged element hidden)
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

terraform/keeping

Terraform Format and Style 🖌'No changes needed.'

Terraform Plan 📖success

Show Plan 
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Reading...
module.custom_chatbot.module.chatbot_slack_configuration.data.local_file.cloudformation_template: Read complete after 0s [id=34d55e91682b29a9c65529178b71ea86f6a6a99b]
module.custom_iam_role_for_github.data.http.github_actions_openid_configuration: Read complete after 0s [id=https://token.actions.githubusercontent.com/.well-known/openid-configuration]
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Reading...
module.custom_iam_role_for_github.data.tls_certificate.github_actions: Read complete after 0s [id=42213ff4be793356631c8e7788749fa7d39a9d85]
module.custom_iam.aws_iam_role.chatbot-notification-only: Refreshing state... [id=chatbot-notification-only]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Reading...
module.custom_iam_role_for_github.aws_iam_openid_connect_provider.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:oidc-provider/token.actions.githubusercontent.com]
module.custom_vpc.module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-052032844d4b16f4b]
module.custom_iam.aws_iam_role.task_execution_role: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role]
module.custom_iam.aws_iam_policy.chatbot-notification-only: Refreshing state... [id=arn:aws:iam::528163014577:policy/chatbot-notification-only]
module.custom_iam_role_for_github.aws_iam_role.github_actions: Refreshing state... [id=minecraft-test-github-actions]
module.custom_iam_role_for_github.aws_iam_policy.github_actions: Refreshing state... [id=arn:aws:iam::528163014577:policy/minecraft-test-github-actions]
module.custom_sns.data.aws_iam_policy_document.policy_for_encrypt_sns_topic: Read complete after 0s [id=3154560550]
module.custom_iam.aws_iam_role.main_ecs_tasks: Refreshing state... [id=ecs_tasks-minecraft-test-role]
module.custom_sns.aws_kms_key.for_encrypt_sns_topic: Refreshing state... [id=e738e622-d6df-4971-8fcd-173d17b9ece3]
module.custom_iam.aws_iam_role_policy_attachment.chatbot-notification-only-attach: Refreshing state... [id=chatbot-notification-only-20231104122547913800000001]
module.custom_iam_role_for_github.aws_iam_role_policy_attachment.github_actions: Refreshing state... [id=minecraft-test-github-actions-20231104122547950100000002]
module.custom_iam.aws_iam_role_policy.execution_policy: Refreshing state... [id=minecraft-test-ecs_tasks_execution-role:minecraft-test-task-execution-policy]
module.custom_iam.aws_iam_role_policy.ExecuteCommand: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-ExecuteCommand]
module.custom_iam.aws_iam_role_policy.firelensPolicy: Refreshing state... [id=ecs_tasks-minecraft-test-role:minecraft-test-firelensPolicy]
module.custom_sns.aws_sns_topic.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic]
module.custom_sns.aws_sns_topic_subscription.main: Refreshing state... [id=arn:aws:sns:ap-northeast-1:528163014577:minecraft-test-sns-topic:7cfc64e6-7699-4eb9-bf33-5b503a910a06]
module.custom_chatbot.module.chatbot_slack_configuration.aws_cloudformation_stack.chatbot_slack_configuration: Refreshing state... [id=arn:aws:cloudformation:ap-northeast-1:528163014577:stack/chatbot-slack-configuration-minecraft-test-chatbot/4cfca0c0-7b0d-11ee-91e9-06fdc42ee3f1]
module.custom_vpc.module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-0c749d17ea9b73c8f]
module.custom_vpc.module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0141510a1e08cdbf7]
module.custom_vpc.module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0ea4ecf8bf1c5f539]
null_resource.name: Refreshing state... [id=5577006791947779410]
module.custom_vpc.module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04bd554da50467fdf]
module.custom_vpc.module.fargate_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-013a8264d6904303a]
module.custom_vpc.module.allow_nfs_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0c93b01021e2c4404]
module.custom_vpc.module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-005a3825ac3931fad]
module.custom_vpc.module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-093cbd8172a49a1ea]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1514338663]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: Refreshing state... [id=sgrule-3503295386]
module.custom_vpc.module.fargate_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-3410701183]
module.custom_vpc.module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-0c749d17ea9b73c8f1080289494]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-1351078011]
module.custom_vpc.module.allow_nfs_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1338649962]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.custom_sns.aws_kms_alias.for_encrypt_sns_topic_alias will be created
  + resource "aws_kms_alias" "for_encrypt_sns_topic_alias" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + name           = "alias/cwa/for_encrypt_sns_topic"
      + name_prefix    = (known after apply)
      + target_key_arn = (known after apply)
      + target_key_id  = "e738e622-d6df-4971-8fcd-173d17b9ece3"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Warning: Deprecated attribute

  on ../modules/github/openid_connect_provider.tf line 6, in data "tls_certificate" "github_actions":
   6:   url = jsondecode(data.http.github_actions_openid_configuration.body).jwks_uri

The attribute "body" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

@ShotaroMatsuya ShotaroMatsuya self-assigned this Nov 5, 2023
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

Snyk Scan docker/minecraft/Dockerfile

Show Results 
Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   deb
Target file:       docker/minecraft/Dockerfile
Project name:      docker-image|minecraft/server
Docker image:      minecraft/server:latest
Platform:          linux/amd64
Base image:        itzg/minecraft-server
Licenses:          enabled

✔ Tested 316 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /image
Project name:      minecraft/server:latest:/image
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Tested 70 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.scala-lang:scala-library@2.13.1 to org.scala-lang:scala-library@2.13.9 to fix
  ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in org.scala-lang:scala-library@2.13.1
    introduced by org.scala-lang:scala-library@2.13.1



Organization:      shotaromatsuya
Package manager:   maven
Target file:       /usr/share/mc-image-helper-1.36.5/lib
Project name:      minecraft/server:latest:/usr/share/mc-image-helper-1.36.5/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /opt/java/openjdk/lib
Project name:      minecraft/server:latest:/opt/java/openjdk/lib
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested minecraft/server:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-server-runner
Project name:      github.com/itzg/mc-server-runner
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-monitor
Project name:      github.com/itzg/mc-monitor
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 56 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/rcon-cli
Project name:      github.com/itzg/rcon-cli
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 49 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/restify
Project name:      github.com/itzg/restify
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/easy-add
Project name:      easy-add
Docker image:      minecraft/server:latest
Licenses:          enabled

✔ Tested 2 dependencies for known issues, no vulnerable paths found.


Tested 9 projects, 1 contained vulnerable paths.```

</details>

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 5, 2023

Snyk Scan docker/minecraft/Dockerfile.restore

Show Results 
Testing minecraft/server-restore:latest...

Organization:      shotaromatsuya
Package manager:   deb
Target file:       docker/minecraft/Dockerfile.restore
Project name:      docker-image|minecraft/server-restore
Docker image:      minecraft/server-restore:latest
Platform:          linux/amd64
Base image:        itzg/minecraft-server
Licenses:          enabled

✔ Tested 315 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server-restore:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /image
Project name:      minecraft/server-restore:latest:/image
Docker image:      minecraft/server-restore:latest
Licenses:          enabled

✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server-restore:latest...

Tested 70 dependencies for known issues, found 1 issue.


Issues to fix by upgrading:

  Upgrade org.scala-lang:scala-library@2.13.1 to org.scala-lang:scala-library@2.13.9 to fix
  ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGSCALALANG-3032987] in org.scala-lang:scala-library@2.13.1
    introduced by org.scala-lang:scala-library@2.13.1



Organization:      shotaromatsuya
Package manager:   maven
Target file:       /usr/share/mc-image-helper-1.36.5/lib
Project name:      minecraft/server-restore:latest:/usr/share/mc-image-helper-1.36.5/lib
Docker image:      minecraft/server-restore:latest
Licenses:          enabled

Pro tip: use `--exclude-base-image-vulns` to exclude from display Docker base image vulnerabilities.

Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information.

To remove these messages in the future, please run `snyk config set disableSuggestions=true`

-------------------------------------------------------

Testing minecraft/server-restore:latest...

Organization:      shotaromatsuya
Package manager:   maven
Target file:       /opt/java/openjdk/lib
Project name:      minecraft/server-restore:latest:/opt/java/openjdk/lib
Docker image:      minecraft/server-restore:latest
Licenses:          enabled

✔ Tested minecraft/server-restore:latest for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server-restore:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-server-runner
Project name:      github.com/itzg/mc-server-runner
Docker image:      minecraft/server-restore:latest
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server-restore:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/mc-monitor
Project name:      github.com/itzg/mc-monitor
Docker image:      minecraft/server-restore:latest
Licenses:          enabled

✔ Tested 56 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server-restore:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/rcon-cli
Project name:      github.com/itzg/rcon-cli
Docker image:      minecraft/server-restore:latest
Licenses:          enabled

✔ Tested 49 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server-restore:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/local/bin/restify
Project name:      github.com/itzg/restify
Docker image:      minecraft/server-restore:latest
Licenses:          enabled

✔ Tested 12 dependencies for known issues, no vulnerable paths found.

-------------------------------------------------------

Testing minecraft/server-restore:latest...

Organization:      shotaromatsuya
Package manager:   gomodules
Target file:       /usr/bin/easy-add
Project name:      easy-add
Docker image:      minecraft/server-restore:latest
Licenses:          enabled

✔ Tested 2 dependencies for known issues, no vulnerable paths found.


Tested 9 projects, 1 contained vulnerable paths.```

</details>

@ShotaroMatsuya ShotaroMatsuya merged commit 465b9e8 into main Nov 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@ShotaroMatsuya ShotaroMatsuya

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dockerfileビルドとプッシュのプロセスを自動化したい
1 participant
@ShotaroMatsuya