Test/scenario 7 ami update #341
Open
+13
−6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Copy the CI workflow fix from main to enable reliable CI runs without state lock conflicts.
Switch EC2 instance AMIs from static data.aws_ami filter to the AWS SSM public parameter (/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2) so instances track the latest Amazon Linux 2 image in eu-west-2. This is a routine OS image refresh intended to pick up security patches and maintenance updates. No changes to instance types, networking, security groups, or storage. Impact: Low – instance replacement during rollout; no high-risk infra changes
|
Open in Overmind ↗
🔴 Change SignalsRoutine 🔴 🔥 Risks
🟣 Expected Changes+/- ec2-instance › i-01dcfcab37ba22689--- current
+++ proposed
@@ -2,72 +2,65 @@
id: github.com/overmindtech/terraform-example.ec2-instance.module.scenarios[0].aws_instance.app_server
attributes:
- ami: ami-0f802dc0fc1809acd
- arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-01dcfcab37ba22689
+ ami: (sensitive value)
+ arn: (known after apply)
associate_public_ip_address: true
- availability_zone: eu-west-2b
- capacity_reservation_specification:
- - capacity_reservation_preference: open
- cpu_core_count: 1
- cpu_options:
- - core_count: 1
- threads_per_core: 2
- cpu_threads_per_core: 2
- credit_specification:
- - cpu_credits: unlimited
- disable_api_stop: false
- disable_api_termination: false
- ebs_optimized: false
- enable_primary_ipv6: null
- enclave_options:
- - enabled: false
+ availability_zone: (known after apply)
+ capacity_reservation_specification: (known after apply)
+ cpu_core_count: (known after apply)
+ cpu_options: (known after apply)
+ cpu_threads_per_core: (known after apply)
+ disable_api_stop: (known after apply)
+ disable_api_termination: (known after apply)
+ ebs_block_device: (known after apply)
+ ebs_optimized: (known after apply)
+ enable_primary_ipv6: (known after apply)
+ enclave_options: (known after apply)
+ ephemeral_block_device: (known after apply)
get_password_data: false
- hibernation: false
- host_resource_group_arn: null
- id: i-01dcfcab37ba22689
- instance_initiated_shutdown_behavior: stop
- instance_state: running
+ hibernation: null
+ host_id: (known after apply)
+ host_resource_group_arn: (known after apply)
+ iam_instance_profile: (known after apply)
+ id: (known after apply)
+ instance_initiated_shutdown_behavior: (known after apply)
+ instance_lifecycle: (known after apply)
+ instance_market_options: (known after apply)
+ instance_state: (known after apply)
instance_type: t3.small
- ipv6_address_count: 0
+ ipv6_address_count: (known after apply)
+ ipv6_addresses: (known after apply)
key_name: Demo Key Pair
- maintenance_options:
- - auto_recovery: default
- metadata_options:
- - http_endpoint: enabled
- http_protocol_ipv6: disabled
- http_put_response_hop_limit: 1
- http_tokens: optional
- instance_metadata_tags: disabled
- monitoring: false
- placement_partition_number: 0
- primary_network_interface_id: eni-0501ad33e98bb6f8c
- private_dns: ip-10-0-10-239.eu-west-2.compute.internal
- private_dns_name_options:
- - enable_resource_name_dns_a_record: false
- enable_resource_name_dns_aaaa_record: false
- hostname_type: ip-name
- private_ip: 10.0.10.239
- public_dns: ec2-13-41-66-30.eu-west-2.compute.amazonaws.com
- public_ip: 13.41.66.30
- root_block_device:
- - delete_on_termination: true
- device_name: /dev/xvda
- encrypted: false
- iops: 0
- throughput: 0
- volume_id: vol-011ca7661217b5823
- volume_size: 8
- volume_type: standard
+ maintenance_options: (known after apply)
+ metadata_options: (known after apply)
+ monitoring: (known after apply)
+ network_interface: (known after apply)
+ outpost_arn: (known after apply)
+ password_data: (known after apply)
+ placement_group: (known after apply)
+ placement_partition_number: (known after apply)
+ primary_network_interface_id: (known after apply)
+ private_dns: (known after apply)
+ private_dns_name_options: (known after apply)
+ private_ip: (known after apply)
+ public_dns: (known after apply)
+ public_ip: (known after apply)
+ root_block_device: (known after apply)
+ secondary_private_ips: (known after apply)
+ security_groups: (known after apply)
source_dest_check: true
+ spot_instance_request_id: (known after apply)
subnet_id: subnet-036704734045071f9
tags:
+ Environment: dev
Name: App Server
tags_all:
+ Environment: dev
Name: App Server
- tenancy: default
+ tenancy: (known after apply)
terraform_address: module.scenarios[0].aws_instance.app_server
terraform_name: module.scenarios[0].aws_instance.app_server
timeouts: null
- user_data: null
- user_data_base64: null
+ user_data: (known after apply)
+ user_data_base64: (known after apply)
user_data_replace_on_change: false
volume_tags: null
+/- ec2-instance › i-02f292e8a0766d313--- current
+++ proposed
@@ -2,72 +2,65 @@
id: github.com/overmindtech/terraform-example.ec2-instance.module.scenarios[0].aws_instance.webserver
attributes:
- ami: ami-0f802dc0fc1809acd
- arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-02f292e8a0766d313
+ ami: (sensitive value)
+ arn: (known after apply)
associate_public_ip_address: true
- availability_zone: eu-west-2a
- capacity_reservation_specification:
- - capacity_reservation_preference: open
- cpu_core_count: 1
- cpu_options:
- - core_count: 1
- threads_per_core: 2
- cpu_threads_per_core: 2
- credit_specification:
- - cpu_credits: unlimited
- disable_api_stop: false
- disable_api_termination: false
- ebs_optimized: false
- enable_primary_ipv6: null
- enclave_options:
- - enabled: false
+ availability_zone: (known after apply)
+ capacity_reservation_specification: (known after apply)
+ cpu_core_count: (known after apply)
+ cpu_options: (known after apply)
+ cpu_threads_per_core: (known after apply)
+ disable_api_stop: (known after apply)
+ disable_api_termination: (known after apply)
+ ebs_block_device: (known after apply)
+ ebs_optimized: (known after apply)
+ enable_primary_ipv6: (known after apply)
+ enclave_options: (known after apply)
+ ephemeral_block_device: (known after apply)
get_password_data: false
- hibernation: false
- host_resource_group_arn: null
- id: i-02f292e8a0766d313
- instance_initiated_shutdown_behavior: stop
- instance_state: running
+ hibernation: null
+ host_id: (known after apply)
+ host_resource_group_arn: (known after apply)
+ iam_instance_profile: (known after apply)
+ id: (known after apply)
+ instance_initiated_shutdown_behavior: (known after apply)
+ instance_lifecycle: (known after apply)
+ instance_market_options: (known after apply)
+ instance_state: (known after apply)
instance_type: t3.small
- ipv6_address_count: 0
+ ipv6_address_count: (known after apply)
+ ipv6_addresses: (known after apply)
key_name: Demo Key Pair
- maintenance_options:
- - auto_recovery: default
- metadata_options:
- - http_endpoint: enabled
- http_protocol_ipv6: disabled
- http_put_response_hop_limit: 1
- http_tokens: optional
- instance_metadata_tags: disabled
- monitoring: false
- placement_partition_number: 0
- primary_network_interface_id: eni-0784f95b7ff052c6b
- private_dns: ip-10-0-9-25.eu-west-2.compute.internal
- private_dns_name_options:
- - enable_resource_name_dns_a_record: false
- enable_resource_name_dns_aaaa_record: false
- hostname_type: ip-name
- private_ip: 10.0.9.25
- public_dns: ec2-13-40-28-149.eu-west-2.compute.amazonaws.com
- public_ip: 13.40.28.149
- root_block_device:
- - delete_on_termination: true
- device_name: /dev/xvda
- encrypted: false
- iops: 0
- throughput: 0
- volume_id: vol-0bc99e157a38768b6
- volume_size: 8
- volume_type: standard
+ maintenance_options: (known after apply)
+ metadata_options: (known after apply)
+ monitoring: (known after apply)
+ network_interface: (known after apply)
+ outpost_arn: (known after apply)
+ password_data: (known after apply)
+ placement_group: (known after apply)
+ placement_partition_number: (known after apply)
+ primary_network_interface_id: (known after apply)
+ private_dns: (known after apply)
+ private_dns_name_options: (known after apply)
+ private_ip: (known after apply)
+ public_dns: (known after apply)
+ public_ip: (known after apply)
+ root_block_device: (known after apply)
+ secondary_private_ips: (known after apply)
+ security_groups: (known after apply)
source_dest_check: true
+ spot_instance_request_id: (known after apply)
subnet_id: subnet-06302fc5a50644cd9
tags:
+ Environment: dev
Name: Webserver
tags_all:
+ Environment: dev
Name: Webserver
- tenancy: default
+ tenancy: (known after apply)
terraform_address: module.scenarios[0].aws_instance.webserver
terraform_name: module.scenarios[0].aws_instance.webserver
timeouts: null
- user_data: null
- user_data_base64: null
+ user_data: (known after apply)
+ user_data_base64: (known after apply)
user_data_replace_on_change: false
volume_tags: null
~ ec2-launch-template › lt-0731f767e6be2ab94--- current
+++ proposed
@@ -7,7 +7,7 @@
disable_api_termination: false
id: lt-0731f767e6be2ab94
- image_id: ami-0f802dc0fc1809acd
+ image_id: ami-0ca1753a2af8d9bbf
instance_type: t3.micro
- latest_version: 20
+ latest_version: (known after apply)
name: asg-change-launch-template-terraform-example20240827194210168200000007
name_prefix: asg-change-launch-template-terraform-example
~ ec2-route-table › rtb-0c52db7871965c5a1--- current
+++ proposed
@@ -7,9 +7,9 @@
owner_id: "540044833068"
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-default
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-default
Terraform: "true"
~ ec2-address › 3.11.31.83--- current
+++ proposed
@@ -18,9 +18,9 @@
public_ipv4_pool: amazon
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-eu-west-2a
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-eu-west-2a
Terraform: "true"
~ ec2-address › 18.134.176.13--- current
+++ proposed
@@ -18,9 +18,9 @@
public_ipv4_pool: amazon
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-eu-west-2b
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-eu-west-2b
Terraform: "true"
~ ec2-internet-gateway › igw-0b7151f8472d03c8a--- current
+++ proposed
@@ -6,9 +6,9 @@
owner_id: "540044833068"
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example
Terraform: "true"
~ ec2-nat-gateway › nat-0f789c96969ec0dd1--- current
+++ proposed
@@ -12,9 +12,9 @@
subnet_id: subnet-0b805a32f5d7f0c7b
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-eu-west-2a
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-eu-west-2a
Terraform: "true"
~ ec2-nat-gateway › nat-06036dc6d716438e0--- current
+++ proposed
@@ -12,9 +12,9 @@
subnet_id: subnet-016bfadacc9c60bfc
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-eu-west-2b
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-eu-west-2b
Terraform: "true"
~ ec2-route-table › rtb-07f5933d73ceaab99--- current
+++ proposed
@@ -9,9 +9,9 @@
nat_gateway_id: nat-0f789c96969ec0dd1
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-private-eu-west-2a
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-private-eu-west-2a
Terraform: "true"
~ ec2-route-table › rtb-09d0b7c0ce1121c2d--- current
+++ proposed
@@ -9,9 +9,9 @@
nat_gateway_id: nat-06036dc6d716438e0
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-private-eu-west-2b
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-private-eu-west-2b
Terraform: "true"
~ ec2-route-table › rtb-0536cdbeadfe92efa--- current
+++ proposed
@@ -9,9 +9,9 @@
gateway_id: igw-0b7151f8472d03c8a
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-public
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-public
Terraform: "true"
~ ec2-subnet › subnet-0d0a1aff83bd8a460--- current
+++ proposed
@@ -18,9 +18,9 @@
private_dns_hostname_type_on_launch: ip-name
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-private-eu-west-2a
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-private-eu-west-2a
Terraform: "true"
~ ec2-subnet › subnet-0303f6ca155877094--- current
+++ proposed
@@ -18,9 +18,9 @@
private_dns_hostname_type_on_launch: ip-name
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-private-eu-west-2b
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-private-eu-west-2b
Terraform: "true"
~ ec2-subnet › subnet-0b805a32f5d7f0c7b--- current
+++ proposed
@@ -18,9 +18,9 @@
private_dns_hostname_type_on_launch: ip-name
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-public-eu-west-2a
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-public-eu-west-2a
Terraform: "true"
~ ec2-subnet › subnet-016bfadacc9c60bfc--- current
+++ proposed
@@ -18,9 +18,9 @@
private_dns_hostname_type_on_launch: ip-name
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-public-eu-west-2b
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-public-eu-west-2b
Terraform: "true"
~ ec2-vpc › vpc-0f4ddbf8c33e5c725--- current
+++ proposed
@@ -20,9 +20,9 @@
owner_id: "540044833068"
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example
Terraform: "true"
🟠 Unmapped Changes~ aws_default_network_acl › module.scenarios[0].module.vpc.aws_default_network_acl.this[0]--- current
+++ proposed
@@ -46,9 +46,9 @@
- subnet-0d0a1aff83bd8a460
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-default
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-default
Terraform: "true"
~ aws_default_security_group › module.scenarios[0].module.vpc.aws_default_security_group.this[0]--- current
+++ proposed
@@ -35,9 +35,9 @@
revoke_rules_on_delete: false
tags:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-default
Terraform: "true"
tags_all:
- Environment: dev
+ Environment: development
Name: workloads-terraform-example-default
Terraform: "true"
💥 Blast RadiusItems Edges |
Adds Environment=dev to web and app instances so risk analysis reflects this is a development environment. No infra changes beyond metadata. Impact: Low – tagging only
Set module.memory_optimization.enabled = false so this branch only tests the EC2 AMI refresh without introducing ECS memory/OOM risks. Impact: None to infra behavior beyond excluding the demo; risk results should now reflect AMI replacement only.
- Re-enable memory optimization module controlled by variable - Set container memory default to 2048MB (no OOM risk) - Comment out Aurora engine_version change to avoid restart/downgrade risk Result: plan should only include EC2 AMI replacements and low/medium risk for root EBS delete-on-termination, with no ALB/DB risks.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.