chore(deps): update terraform github.com/cds-snc/terraform-modules to v10.11.4#566
Open
renovate[bot] wants to merge 1 commit into
Open
chore(deps): update terraform github.com/cds-snc/terraform-modules to v10.11.4#566renovate[bot] wants to merge 1 commit into
renovate[bot] wants to merge 1 commit into
Conversation
ef77350 to
7fe0cf4
Compare
b165116 to
c6fe701
Compare
7a9acb8 to
5916bc5
Compare
0009cb3 to
b62acb5
Compare
fc1a8d6 to
4f9e0e2
Compare
4f9e0e2 to
9b0206c
Compare
9b0206c to
368b808
Compare
01a8cb8 to
e1cedc8
Compare
e1cedc8 to
20eb13a
Compare
20eb13a to
f3dd75f
Compare
Production: api✅ Terraform Init: Show planError: Error acquiring the state lock
Error message: ConditionalCheckFailedException: The conditional request
failed
Lock Info:
ID: 6f47aed2-4184-7833-de38-4ca7897f2f0d
Path: github-secret-scanning-production-tf/production/api/terraform.tfstate
Operation: OperationTypePlan
Who: runner@runnervm7b5n9
Version: 1.3.8
Created: 2026-06-24 22:59:59.702485831 +0000 UTC
Info:
Terraform acquires a state lock to protect the state from being written
by multiple users at the same time. Please resolve the issue above and try
again. For most commands, you can disable locking with the "-lock=false"
flag, but this is not recommended.
time=2026-06-24T23:00:05Z level=error msg=Terraform invocation failed in /home/runner/work/github-secret-scanning/github-secret-scanning/terragrunt/env/production/api/.terragrunt-cache/J_VWwHJ6UBJJi1GJKKhgsw9jgiY/lVFJLQKYtqHgkyEGSnm7gn4u0uA/api prefix=[/home/runner/work/github-secret-scanning/github-secret-scanning/terragrunt/env/production/api]
time=2026-06-24T23:00:05Z level=error msg=1 error occurred:
* exit status 1
|
Production: cloudfront✅ Terraform Init: Show planAcquiring state lock. This may take a few moments...
Error: Error acquiring the state lock
Error message: ConditionalCheckFailedException: The conditional request
failed
Lock Info:
ID: e2785996-d182-ab12-059d-e2efbad6f334
Path: github-secret-scanning-production-tf/production/cloudfront/terraform.tfstate
Operation: OperationTypePlan
Who: runner@runnervmmklqx
Version: 1.3.8
Created: 2026-06-24 23:01:08.207926161 +0000 UTC
Info:
Terraform acquires a state lock to protect the state from being written
by multiple users at the same time. Please resolve the issue above and try
again. For most commands, you can disable locking with the "-lock=false"
flag, but this is not recommended.
time=2026-06-24T23:01:16Z level=error msg=Terraform invocation failed in /home/runner/work/github-secret-scanning/github-secret-scanning/terragrunt/env/production/cloudfront/.terragrunt-cache/WNUxIlB0eWnWsL8k9PQBSgr3hpk/lVFJLQKYtqHgkyEGSnm7gn4u0uA/cloudfront prefix=[/home/runner/work/github-secret-scanning/github-secret-scanning/terragrunt/env/production/cloudfront]
time=2026-06-24T23:01:16Z level=error msg=1 error occurred:
* exit status 1
|
Production: alarms✅ Terraform Init: Plan: 0 to add, 4 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_cloudwatch_metric_alarm.api_error will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "api_error" {
id = "GitHub secret scanning: error"
~ tags = {
+ "CostCentre" = "github-secret-scanning-production"
+ "Terraform" = "true"
+ "ssc_cbrid" = "22DH"
}
~ tags_all = {
+ "CostCentre" = "github-secret-scanning-production"
+ "Terraform" = "true"
+ "ssc_cbrid" = "22DH"
}
# (18 unchanged attributes hidden)
}
# aws_cloudwatch_metric_alarm.api_secret_detected will be updated in-place
~ resource "aws_cloudwatch_metric_alarm" "api_secret_detected" {
id = "GitHub secret scanning: secret detected"
~ tags = {
+ "CostCentre" = "github-secret-scanning-production"
+ "Terraform" = "true"
+ "ssc_cbrid" = "22DH"
}
~ tags_all = {
+ "CostCentre" = "github-secret-scanning-production"
+ "Terraform" = "true"
+ "ssc_cbrid" = "22DH"
}
# (18 unchanged attributes hidden)
}
# aws_kms_key.sns_cloudwatch will be updated in-place
~ resource "aws_kms_key" "sns_cloudwatch" {
id = "17a3cee1-81fc-462c-99b7-e23b21612aa3"
~ tags = {
+ "ssc_cbrid" = "22DH"
# (2 unchanged elements hidden)
}
~ tags_all = {
+ "ssc_cbrid" = "22DH"
# (2 unchanged elements hidden)
}
# (12 unchanged attributes hidden)
}
# aws_sns_topic.cloudwatch_alarm will be updated in-place
~ resource "aws_sns_topic" "cloudwatch_alarm" {
id = "arn:aws:sns:ca-central-1:283582579564:github-secret-scanning-cloudwatch-alarm"
name = "github-secret-scanning-cloudwatch-alarm"
~ tags = {
+ "ssc_cbrid" = "22DH"
# (2 unchanged elements hidden)
}
~ tags_all = {
+ "ssc_cbrid" = "22DH"
# (2 unchanged elements hidden)
}
# (13 unchanged attributes hidden)
}
Plan: 0 to add, 4 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Cloudwatch log metric pattern is invalid: ["aws_cloudwatch_log_metric_filter.api_error"]
21 tests, 20 passed, 1 warning, 0 failures, 0 exceptions
|
Production: alert_compromise✅ Terraform Init: Plan: 0 to add, 3 to change, 0 to destroyShow summary
Show planResource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_iam_role.group_broadcast_alert_role will be updated in-place
~ resource "aws_iam_role" "group_broadcast_alert_role" {
id = "group_broadcast_alert_role"
name = "group_broadcast_alert_role"
~ tags = {
+ "CostCentre" = "github-secret-scanning-production"
+ "Terraform" = "true"
+ "ssc_cbrid" = "22DH"
}
~ tags_all = {
+ "CostCentre" = "github-secret-scanning-production"
+ "Terraform" = "true"
+ "ssc_cbrid" = "22DH"
}
# (8 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_lambda_function.broadcast_alert will be updated in-place
~ resource "aws_lambda_function" "broadcast_alert" {
id = "broadcast_alert"
tags = {}
~ tags_all = {
+ "ssc_cbrid" = "22DI"
}
# (31 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# aws_ssm_parameter.notify_doc_api_key will be updated in-place
~ resource "aws_ssm_parameter" "notify_doc_api_key" {
id = "notify_doc_api_key"
name = "notify_doc_api_key"
~ tags = {
+ "ssc_cbrid" = "22DH"
# (2 unchanged elements hidden)
}
~ tags_all = {
+ "ssc_cbrid" = "22DH"
# (2 unchanged elements hidden)
}
# (10 unchanged attributes hidden)
}
Plan: 0 to add, 3 to change, 0 to destroy.
Warning: Argument is deprecated
with aws_iam_role.group_broadcast_alert_role,
on iam.tf line 4, in resource "aws_iam_role" "group_broadcast_alert_role":
4: managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]
managed_policy_arns is deprecated. Use the aws_iam_role_policy_attachment
resource instead. If Terraform should exclusively manage all managed policy
attachments (the current behavior of this argument), use the
aws_iam_role_policy_attachments_exclusive resource as well.
(and one more similar warning elsewhere)
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan.tfplan
To perform exactly these actions, run the following command to apply:
terraform apply "plan.tfplan"
Show Conftest resultsWARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.broadcast_alert"]
21 tests, 20 passed, 1 warning, 0 failures, 0 exceptions
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v10.11.0→v10.11.4Review
Release Notes
cds-snc/terraform-modules (github.com/cds-snc/terraform-modules)
v10.11.4Compare Source
What's Changed
Full Changelog: cds-snc/terraform-modules@v10.11.3...v10.11.4
v10.11.3Compare Source
What's Changed
Full Changelog: cds-snc/terraform-modules@v10.11.2...v10.11.3
v10.11.2Compare Source
What's Changed
Full Changelog: cds-snc/terraform-modules@v10.11.1...v10.11.2
v10.11.1Compare Source
What's Changed
Full Changelog: cds-snc/terraform-modules@v10.11.0...v10.11.1
Configuration
📅 Schedule: (in timezone America/Montreal)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.