Skip to content

test-taufort-live-coding-5#3

Open
taufort wants to merge 4 commits into
mainfrom
test-taufort-live-coding-5
Open

test-taufort-live-coding-5#3
taufort wants to merge 4 commits into
mainfrom
test-taufort-live-coding-5

Conversation

@taufort

@taufort taufort commented Mar 4, 2026

Copy link
Copy Markdown
Collaborator

No description provided.

@taufort taufort force-pushed the test-taufort-live-coding-5 branch 2 times, most recently from b65c7bf to 3fc27cd Compare March 4, 2026 22:25
@github-actions

github-actions Bot commented Mar 4, 2026

Copy link
Copy Markdown

Terraform Plan — ecs-nginx

Show plan
module.ecs.module.cluster.data.aws_caller_identity.current[0]: Reading...
module.alb.data.aws_partition.current[0]: Reading...
module.ecs.module.cluster.data.aws_region.current[0]: Reading...
module.ecs.module.cluster.data.aws_partition.current[0]: Reading...
data.aws_availability_zones.available: Reading...
module.ecs.module.cluster.data.aws_region.current[0]: Read complete after 0s [id=eu-west-3]
module.ecs.module.cluster.data.aws_partition.current[0]: Read complete after 0s [id=aws]
module.alb.data.aws_partition.current[0]: Read complete after 0s [id=aws]
module.ecs.module.cluster.data.aws_caller_identity.current[0]: Read complete after 0s [id=721665305066]
data.aws_availability_zones.available: Read complete after 0s [id=eu-west-3]
module.ecs.module.service["nginx"].data.aws_partition.current[0]: Reading...
module.ecs.module.service["nginx"].data.aws_partition.current[0]: Read complete after 0s [id=aws]
module.ecs.module.service["nginx"].data.aws_caller_identity.current[0]: Reading...
module.ecs.module.service["nginx"].data.aws_iam_policy_document.task_exec_assume[0]: Reading...
module.ecs.module.service["nginx"].data.aws_region.current[0]: Reading...
module.ecs.module.service["nginx"].data.aws_iam_policy_document.task_exec_assume[0]: Read complete after 0s [id=2291109037]
module.ecs.module.service["nginx"].data.aws_region.current[0]: Read complete after 0s [id=eu-west-3]
module.ecs.module.service["nginx"].data.aws_iam_policy_document.task_exec[0]: Reading...
module.ecs.module.service["nginx"].data.aws_iam_policy_document.task_exec[0]: Read complete after 0s [id=1734719305]
module.ecs.module.service["nginx"].module.container_definition["nginx"].data.aws_region.current: Reading...
module.ecs.module.service["nginx"].module.container_definition["nginx"].data.aws_region.current: Read complete after 0s [id=eu-west-3]
module.ecs.module.service["nginx"].data.aws_caller_identity.current[0]: Read complete after 0s [id=721665305066]
module.ecs.module.service["nginx"].data.aws_iam_policy_document.tasks_assume[0]: Reading...
module.ecs.module.service["nginx"].data.aws_iam_policy_document.tasks_assume[0]: Read complete after 0s [id=2711371364]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_acm_certificate.self_signed will be created
  + resource "aws_acm_certificate" "self_signed" {
      + arn                       = (known after apply)
      + certificate_body          = (known after apply)
      + domain_name               = (known after apply)
      + domain_validation_options = (known after apply)
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + private_key               = (sensitive value)
      + region                    = "eu-west-3"
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = (known after apply)
      + tags_all                  = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = (known after apply)

      + options (known after apply)
    }

  # aws_security_group.ecs_nginx will be created
  + resource "aws_security_group" "ecs_nginx" {
      + arn                    = (known after apply)
      + description            = "Allow traffic from ALB to nginx ECS tasks"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "aws-q-academy-ecs-nginx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + region                 = "eu-west-3"
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                 = (known after apply)
    }

  # aws_vpc_security_group_egress_rule.ecs_nginx_egress will be created
  + resource "aws_vpc_security_group_egress_rule" "ecs_nginx_egress" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow all outbound"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + region                 = "eu-west-3"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
    }

  # aws_vpc_security_group_ingress_rule.ecs_nginx_from_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "ecs_nginx_from_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow HTTP from ALB"
      + from_port                    = 80
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + region                       = "eu-west-3"
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + to_port                      = 80
    }

  # tls_private_key.self_signed will be created
  + resource "tls_private_key" "self_signed" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 2048
    }

  # tls_self_signed_cert.self_signed will be created
  + resource "tls_self_signed_cert" "self_signed" {
      + allowed_uses          = [
          + "key_encipherment",
          + "digital_signature",
          + "server_auth",
        ]
      + cert_pem              = (known after apply)
      + early_renewal_hours   = 0
      + id                    = (known after apply)
      + is_ca_certificate     = false
      + key_algorithm         = (known after apply)
      + max_path_length       = (known after apply)
      + private_key_pem       = (sensitive value)
      + ready_for_renewal     = false
      + set_authority_key_id  = false
      + set_subject_key_id    = false
      + validity_end_time     = (known after apply)
      + validity_period_hours = 8760
      + validity_start_time   = (known after apply)

      + subject {
          + common_name  = "aws-q-academy.local"
          + organization = "Ippon Technologies"
        }
    }

  # module.alb.aws_lb.this[0] will be created
  + resource "aws_lb" "this" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = false
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enable_zonal_shift                                           = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = (known after apply)
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "aws-q-academy"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + region                                                       = "eu-west-3"
      + secondary_ips_auto_assigned_per_subnet                       = (known after apply)
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags_all                                                     = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + subnet_mapping (known after apply)
    }

  # module.alb.aws_lb_listener.this["https"] will be created
  + resource "aws_lb_listener" "this" {
      + arn                                                                   = (known after apply)
      + certificate_arn                                                       = (known after apply)
      + id                                                                    = (known after apply)
      + load_balancer_arn                                                     = (known after apply)
      + port                                                                  = 443
      + protocol                                                              = "HTTPS"
      + region                                                                = "eu-west-3"
      + routing_http_request_x_amzn_mtls_clientcert_header_name               = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_issuer_header_name        = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_leaf_header_name          = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_subject_header_name       = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_validity_header_name      = (known after apply)
      + routing_http_request_x_amzn_tls_cipher_suite_header_name              = (known after apply)
      + routing_http_request_x_amzn_tls_version_header_name                   = (known after apply)
      + routing_http_response_access_control_allow_credentials_header_value   = (known after apply)
      + routing_http_response_access_control_allow_headers_header_value       = (known after apply)
      + routing_http_response_access_control_allow_methods_header_value       = (known after apply)
      + routing_http_response_access_control_allow_origin_header_value        = (known after apply)
      + routing_http_response_access_control_expose_headers_header_value      = (known after apply)
      + routing_http_response_access_control_max_age_header_value             = (known after apply)
      + routing_http_response_content_security_policy_header_value            = (known after apply)
      + routing_http_response_server_enabled                                  = (known after apply)
      + routing_http_response_strict_transport_security_header_value          = (known after apply)
      + routing_http_response_x_content_type_options_header_value             = (known after apply)
      + routing_http_response_x_frame_options_header_value                    = (known after apply)
      + ssl_policy                                                            = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags_all                                                              = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + tcp_idle_timeout_seconds                                              = (known after apply)

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }

      + mutual_authentication (known after apply)
    }

  # module.alb.aws_lb_target_group.this["nginx"] will be created
  + resource "aws_lb_target_group" "this" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "aws-q-academy-nginx"
      + name_prefix                        = (known after apply)
      + port                               = 80
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + region                             = "eu-west-3"
      + slow_start                         = 0
      + tags_all                           = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = (known after apply)
          + path                = "/"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = (known after apply)
          + unhealthy_threshold = 3
        }

      + stickiness (known after apply)

      + target_failover (known after apply)

      + target_group_health (known after apply)

      + target_health_state (known after apply)
    }

  # module.alb.aws_security_group.this[0] will be created
  + resource "aws_security_group" "this" {
      + arn                    = (known after apply)
      + description            = "Security group for aws-q-academy application load balancer"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "aws-q-academy-"
      + owner_id               = (known after apply)
      + region                 = "eu-west-3"
      + revoke_rules_on_delete = false
      + tags_all               = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                 = (known after apply)
    }

  # module.alb.aws_vpc_security_group_egress_rule.this["all"] will be created
  + resource "aws_vpc_security_group_egress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + region                 = "eu-west-3"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "Name" = "aws-q-academy-all"
        }
      + tags_all               = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-all"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
    }

  # module.alb.aws_vpc_security_group_ingress_rule.this["https"] will be created
  + resource "aws_vpc_security_group_ingress_rule" "this" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "HTTPS from internet"
      + from_port              = 443
      + id                     = (known after apply)
      + ip_protocol            = "tcp"
      + region                 = "eu-west-3"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags                   = {
          + "Name" = "aws-q-academy-https"
        }
      + tags_all               = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-https"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + to_port                = 443
    }

  # module.vpc.aws_default_network_acl.this[0] will be created
  + resource "aws_default_network_acl" "this" {
      + arn                    = (known after apply)
      + default_network_acl_id = (known after apply)
      + id                     = (known after apply)
      + owner_id               = (known after apply)
      + region                 = "eu-west-3"
      + tags                   = {
          + "Name" = "aws-q-academy-default"
        }
      + tags_all               = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-default"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                 = (known after apply)

      + egress {
          + action          = "allow"
          + from_port       = 0
          + ipv6_cidr_block = "::/0"
          + protocol        = "-1"
          + rule_no         = 101
          + to_port         = 0
            # (1 unchanged attribute hidden)
        }
      + egress {
          + action          = "allow"
          + cidr_block      = "0.0.0.0/0"
          + from_port       = 0
          + protocol        = "-1"
          + rule_no         = 100
          + to_port         = 0
            # (1 unchanged attribute hidden)
        }

      + ingress {
          + action          = "allow"
          + from_port       = 0
          + ipv6_cidr_block = "::/0"
          + protocol        = "-1"
          + rule_no         = 101
          + to_port         = 0
            # (1 unchanged attribute hidden)
        }
      + ingress {
          + action          = "allow"
          + cidr_block      = "0.0.0.0/0"
          + from_port       = 0
          + protocol        = "-1"
          + rule_no         = 100
          + to_port         = 0
            # (1 unchanged attribute hidden)
        }
    }

  # module.vpc.aws_default_route_table.default[0] will be created
  + resource "aws_default_route_table" "default" {
      + arn                    = (known after apply)
      + default_route_table_id = (known after apply)
      + id                     = (known after apply)
      + owner_id               = (known after apply)
      + region                 = "eu-west-3"
      + route                  = (known after apply)
      + tags                   = {
          + "Name" = "aws-q-academy-default"
        }
      + tags_all               = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-default"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                 = (known after apply)

      + timeouts {
          + create = "5m"
          + update = "5m"
        }
    }

  # module.vpc.aws_default_security_group.this[0] will be created
  + resource "aws_default_security_group" "this" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + region                 = "eu-west-3"
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "aws-q-academy-default"
        }
      + tags_all               = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-default"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_eip.nat[0] will be created
  + resource "aws_eip" "nat" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = "vpc"
      + id                   = (known after apply)
      + instance             = (known after apply)
      + ipam_pool_id         = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + region               = "eu-west-3"
      + tags                 = {
          + "Name" = "aws-q-academy-eu-west-3a"
        }
      + tags_all             = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-eu-west-3a"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
    }

  # module.vpc.aws_internet_gateway.this[0] will be created
  + resource "aws_internet_gateway" "this" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + region   = "eu-west-3"
      + tags     = {
          + "Name" = "aws-q-academy"
        }
      + tags_all = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id   = (known after apply)
    }

  # module.vpc.aws_nat_gateway.this[0] will be created
  + resource "aws_nat_gateway" "this" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + auto_provision_zones               = (known after apply)
      + auto_scaling_ips                   = (known after apply)
      + availability_mode                  = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + region                             = "eu-west-3"
      + regional_nat_gateway_address       = (known after apply)
      + regional_nat_gateway_auto_mode     = (known after apply)
      + route_table_id                     = (known after apply)
      + secondary_allocation_ids           = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name" = "aws-q-academy-eu-west-3a"
        }
      + tags_all                           = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-eu-west-3a"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                             = (known after apply)
    }

  # module.vpc.aws_route.private_nat_gateway[0] will be created
  + resource "aws_route" "private_nat_gateway" {
      + destination_cidr_block = "0.0.0.0/0"
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + nat_gateway_id         = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + region                 = "eu-west-3"
      + route_table_id         = (known after apply)
      + state                  = (known after apply)

      + timeouts {
          + create = "5m"
        }
    }

  # module.vpc.aws_route.public_internet_gateway[0] will be created
  + resource "aws_route" "public_internet_gateway" {
      + destination_cidr_block = "0.0.0.0/0"
      + gateway_id             = (known after apply)
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + region                 = "eu-west-3"
      + route_table_id         = (known after apply)
      + state                  = (known after apply)

      + timeouts {
          + create = "5m"
        }
    }

  # module.vpc.aws_route_table.private[0] will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + region           = "eu-west-3"
      + route            = (known after apply)
      + tags             = {
          + "Name" = "aws-q-academy-private"
        }
      + tags_all         = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-private"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.aws_route_table.public[0] will be created
  + resource "aws_route_table" "public" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + region           = "eu-west-3"
      + route            = (known after apply)
      + tags             = {
          + "Name" = "aws-q-academy-public"
        }
      + tags_all         = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-public"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.aws_route_table_association.private[0] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + region         = "eu-west-3"
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.private[1] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + region         = "eu-west-3"
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.private[2] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + region         = "eu-west-3"
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.public[0] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + region         = "eu-west-3"
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.public[1] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + region         = "eu-west-3"
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.public[2] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + region         = "eu-west-3"
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_subnet.private[0] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "eu-west-3a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.0.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + region                                         = "eu-west-3"
      + tags                                           = {
          + "Name" = "aws-q-academy-private-eu-west-3a"
        }
      + tags_all                                       = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-private-eu-west-3a"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_subnet.private[1] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "eu-west-3b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.16.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + region                                         = "eu-west-3"
      + tags                                           = {
          + "Name" = "aws-q-academy-private-eu-west-3b"
        }
      + tags_all                                       = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-private-eu-west-3b"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_subnet.private[2] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "eu-west-3c"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.32.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + region                                         = "eu-west-3"
      + tags                                           = {
          + "Name" = "aws-q-academy-private-eu-west-3c"
        }
      + tags_all                                       = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-private-eu-west-3c"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_subnet.public[0] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "eu-west-3a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.48.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + region                                         = "eu-west-3"
      + tags                                           = {
          + "Name" = "aws-q-academy-public-eu-west-3a"
        }
      + tags_all                                       = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-public-eu-west-3a"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_subnet.public[1] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "eu-west-3b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.64.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + region                                         = "eu-west-3"
      + tags                                           = {
          + "Name" = "aws-q-academy-public-eu-west-3b"
        }
      + tags_all                                       = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-public-eu-west-3b"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_subnet.public[2] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "eu-west-3c"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.80.0/20"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + region                                         = "eu-west-3"
      + tags                                           = {
          + "Name" = "aws-q-academy-public-eu-west-3c"
        }
      + tags_all                                       = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy-public-eu-west-3c"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_vpc.this[0] will be created
  + resource "aws_vpc" "this" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + region                               = "eu-west-3"
      + tags                                 = {
          + "Name" = "aws-q-academy"
        }
      + tags_all                             = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "aws-q-academy"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
    }

  # module.ecs.module.cluster.aws_cloudwatch_log_group.this[0] will be created
  + resource "aws_cloudwatch_log_group" "this" {
      + arn                         = (known after apply)
      + deletion_protection_enabled = (known after apply)
      + id                          = (known after apply)
      + log_group_class             = (known after apply)
      + name                        = "/aws/ecs/aws-q-academy"
      + name_prefix                 = (known after apply)
      + region                      = "eu-west-3"
      + retention_in_days           = 90
      + skip_destroy                = false
      + tags                        = {
          + "Name" = "/aws/ecs/aws-q-academy"
        }
      + tags_all                    = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Name"          = "/aws/ecs/aws-q-academy"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
    }

  # module.ecs.module.cluster.aws_ecs_cluster.this[0] will be created
  + resource "aws_ecs_cluster" "this" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "aws-q-academy"
      + region   = "eu-west-3"
      + tags_all = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }

      + configuration {
          + execute_command_configuration {
              + logging = "OVERRIDE"

              + log_configuration {
                  + cloud_watch_log_group_name = "/aws/ecs/aws-q-academy"
                }
            }
        }

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # module.ecs.module.cluster.aws_ecs_cluster_capacity_providers.this[0] will be created
  + resource "aws_ecs_cluster_capacity_providers" "this" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "aws-q-academy"
      + id                 = (known after apply)
      + region             = "eu-west-3"
    }

  # module.ecs.module.cluster.time_sleep.this[0] will be created
  + resource "time_sleep" "this" {
      + create_duration = "20s"
      + id              = (known after apply)
      + triggers        = {
          + "capacity_provider_names" = null
          + "capacity_providers"      = null
        }
    }

  # module.ecs.module.service["nginx"].aws_appautoscaling_policy.this["cpu"] will be created
  + resource "aws_appautoscaling_policy" "this" {
      + alarm_arns         = (known after apply)
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "cpu"
      + policy_type        = "TargetTrackingScaling"
      + region             = "eu-west-3"
      + resource_id        = (known after apply)
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + target_tracking_scaling_policy_configuration {
          + disable_scale_in   = false
          + scale_in_cooldown  = 300
          + scale_out_cooldown = 60
          + target_value       = 75

          + predefined_metric_specification {
              + predefined_metric_type = "ECSServiceAverageCPUUtilization"
            }
        }
    }

  # module.ecs.module.service["nginx"].aws_appautoscaling_policy.this["memory"] will be created
  + resource "aws_appautoscaling_policy" "this" {
      + alarm_arns         = (known after apply)
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "memory"
      + policy_type        = "TargetTrackingScaling"
      + region             = "eu-west-3"
      + resource_id        = (known after apply)
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"

      + target_tracking_scaling_policy_configuration {
          + disable_scale_in   = false
          + scale_in_cooldown  = 300
          + scale_out_cooldown = 60
          + target_value       = 75

          + predefined_metric_specification {
              + predefined_metric_type = "ECSServiceAverageMemoryUtilization"
            }
        }
    }

  # module.ecs.module.service["nginx"].aws_appautoscaling_target.this[0] will be created
  + resource "aws_appautoscaling_target" "this" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + max_capacity       = 10
      + min_capacity       = 1
      + region             = "eu-west-3"
      + resource_id        = (known after apply)
      + role_arn           = (known after apply)
      + scalable_dimension = "ecs:service:DesiredCount"
      + service_namespace  = "ecs"
      + tags_all           = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }

      + suspended_state (known after apply)
    }

  # module.ecs.module.service["nginx"].aws_ecs_service.this[0] will be created
  + resource "aws_ecs_service" "this" {
      + arn                                = (known after apply)
      + availability_zone_rebalancing      = (known after apply)
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 66
      + desired_count                      = 1
      + enable_ecs_managed_tags            = true
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "nginx"
      + platform_version                   = (known after apply)
      + region                             = "eu-west-3"
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + deployment_configuration (known after apply)

      + load_balancer {
          + container_name   = "nginx"
          + container_port   = 80
          + target_group_arn = (known after apply)
            # (1 unchanged attribute hidden)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.ecs.module.service["nginx"].aws_ecs_task_definition.this[0] will be created
  + resource "aws_ecs_task_definition" "this" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = jsonencode(
            [
              + {
                  + essential              = true
                  + image                  = "nginx:1.27-alpine"
                  + interactive            = false
                  + linuxParameters        = {
                      + initProcessEnabled = false
                    }
                  + logConfiguration       = {
                      + logDriver = "awslogs"
                      + options   = {
                          + awslogs-group         = "/aws/ecs/nginx/nginx"
                          + awslogs-region        = "eu-west-3"
                          + awslogs-stream-prefix = "ecs"
                        }
                    }
                  + mountPoints            = []
                  + name                   = "nginx"
                  + portMappings           = [
                      + {
                          + containerPort = 80
                          + protocol      = "tcp"
                        },
                    ]
                  + privileged             = false
                  + pseudoTerminal         = false
                  + readonlyRootFilesystem = true
                  + restartPolicy          = {
                      + enabled = true
                    }
                  + startTimeout           = 30
                  + stopTimeout            = 120
                  + versionConsistency     = "disabled"
                },
            ]
        )
      + cpu                      = "256"
      + enable_fault_injection   = (known after apply)
      + execution_role_arn       = (known after apply)
      + family                   = "nginx"
      + id                       = (known after apply)
      + memory                   = "512"
      + network_mode             = "awsvpc"
      + region                   = "eu-west-3"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags_all                 = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = true

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }
    }

  # module.ecs.module.service["nginx"].aws_iam_policy.task_exec[0] will be created
  + resource "aws_iam_policy" "task_exec" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Task execution role IAM policy"
      + id               = (known after apply)
      + name             = (known after apply)
      + name_prefix      = "nginx-task-exec-"
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "logs:PutLogEvents",
                          + "logs:CreateLogStream",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "Logs"
                    },
                  + {
                      + Action   = [
                          + "ecr:GetDownloadUrlForLayer",
                          + "ecr:GetAuthorizationToken",
                          + "ecr:BatchGetImage",
                          + "ecr:BatchCheckLayerAvailability",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "ECR"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags_all         = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
    }

  # module.ecs.module.service["nginx"].aws_iam_role.task_exec[0] will be created
  + resource "aws_iam_role" "task_exec" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                      + Sid       = "ECSTaskExecutionAssumeRole"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + description           = "Task execution role for nginx-task-exec"
      + force_detach_policies = true
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = "nginx-task-exec-"
      + path                  = "/"
      + tags_all              = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + unique_id             = (known after apply)

      + inline_policy (known after apply)
    }

  # module.ecs.module.service["nginx"].aws_iam_role.tasks[0] will be created
  + resource "aws_iam_role" "tasks" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Condition = {
                          + ArnLike      = {
                              + "aws:SourceArn" = "arn:aws:ecs:eu-west-3:721665305066:*"
                            }
                          + StringEquals = {
                              + "aws:SourceAccount" = "721665305066"
                            }
                        }
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                      + Sid       = "ECSTasksAssumeRole"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + description           = "IAM role for ECS tasks in Service nginx"
      + force_detach_policies = true
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = "nginx-tasks-"
      + path                  = "/"
      + tags_all              = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
      + unique_id             = (known after apply)

      + inline_policy (known after apply)
    }

  # module.ecs.module.service["nginx"].aws_iam_role_policy_attachment.task_exec[0] will be created
  + resource "aws_iam_role_policy_attachment" "task_exec" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = (known after apply)
    }

  # module.ecs.module.service["nginx"].module.container_definition["nginx"].aws_cloudwatch_log_group.this[0] will be created
  + resource "aws_cloudwatch_log_group" "this" {
      + arn                         = (known after apply)
      + deletion_protection_enabled = (known after apply)
      + id                          = (known after apply)
      + log_group_class             = (known after apply)
      + name                        = "/aws/ecs/nginx/nginx"
      + name_prefix                 = (known after apply)
      + region                      = "eu-west-3"
      + retention_in_days           = 14
      + skip_destroy                = false
      + tags_all                    = {
          + "CostCenter"    = "aws-q-academy"
          + "Environment"   = "dev"
          + "ManagedBy"     = "terraform"
          + "Owner"         = "ippontech"
          + "Project"       = "aws-q-academy"
          + "RootModuleURL" = "https://github.com/ippontech/aws-q-academy/terraform/ecs-nginx"
        }
    }

Plan: 49 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + alb_dns_name     = (known after apply)
  + ecs_cluster_name = "aws-q-academy"
  + vpc_id           = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "tfplan"

@github-actions

github-actions Bot commented Mar 4, 2026

Copy link
Copy Markdown

Terraform Plan — github-oidc

Show plan
module.oidc_github.data.tls_certificate.github: Reading...
module.oidc_github.data.tls_certificate.github: Read complete after 0s [id=d54ffc5863e92be116e7b1bebdacdafbdb976744]
module.oidc_github.data.aws_partition.current: Reading...
module.oidc_github.aws_iam_openid_connect_provider.github[0]: Refreshing state... [id=arn:aws:iam::721665305066:oidc-provider/token.actions.githubusercontent.com]
data.aws_iam_policy_document.github_actions: Reading...
module.oidc_github.data.aws_partition.current: Read complete after 0s [id=aws]
data.aws_iam_policy_document.github_actions: Read complete after 0s [id=1622699362]
module.oidc_github.data.aws_iam_policy_document.assume_role[0]: Reading...
module.oidc_github.data.aws_iam_policy_document.assume_role[0]: Read complete after 0s [id=3311941920]
module.oidc_github.aws_iam_role.github[0]: Refreshing state... [id=github-actions-aws-q-academy]
module.oidc_github.aws_iam_role_policy.inline_policies["github-oidc-ecs-nginx"]: Refreshing state... [id=github-actions-aws-q-academy:github-oidc-ecs-nginx]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

@taufort taufort force-pushed the test-taufort-live-coding-5 branch from 3fc27cd to 00f298d Compare March 4, 2026 22:35
@taufort taufort force-pushed the test-taufort-live-coding-5 branch from 00f298d to 6fabf7b Compare March 4, 2026 22:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant