Skip to content

Adding ssc_cbrid_tags to infrastructure#575

Merged
sylviamclaughlin merged 1 commit into
mainfrom
feat/implment_ssc_cbrid_tags
Jun 22, 2026
Merged

Adding ssc_cbrid_tags to infrastructure#575
sylviamclaughlin merged 1 commit into
mainfrom
feat/implment_ssc_cbrid_tags

Conversation

@sylviamclaughlin

Copy link
Copy Markdown
Contributor

Summary | Résumé

PR to add the appropriate ssc_cbrid tags .

@sylviamclaughlin
sylviamclaughlin requested a review from a team June 19, 2026 22:45
@sylviamclaughlin sylviamclaughlin self-assigned this Jun 19, 2026
@github-actions

Copy link
Copy Markdown

Production: api

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 12 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_ecr_repository.api
aws_ssm_parameter.api_config
module.api.aws_cloudwatch_log_group.this
module.api.aws_iam_policy.non_vpc_policies[0]
module.api.aws_iam_policy.policies[0]
module.api.aws_iam_role.this
module.api.aws_lambda_function.this
module.sentinel_forwarder.aws_cloudwatch_log_group.sentinel_forwarder_lambda
module.sentinel_forwarder.aws_iam_policy.sentinel_forwarder_lambda
module.sentinel_forwarder.aws_iam_role.sentinel_forwarder_lambda
module.sentinel_forwarder.aws_lambda_function.sentinel_forwarder
module.sentinel_forwarder.aws_ssm_parameter.sentinel_forwarder_auth
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.api_policies will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "api_policies" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssm:GetParameters",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ssm:ca-central-1:283582579564:parameter/github-secret-scanning-config",
            ]
        }
    }

  # aws_ecr_repository.api will be updated in-place
  ~ resource "aws_ecr_repository" "api" {
        id                   = "github-secret-scanning/api"
        name                 = "github-secret-scanning/api"
        tags                 = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all             = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (5 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_ssm_parameter.api_config will be updated in-place
  ~ resource "aws_ssm_parameter" "api_config" {
        id              = "github-secret-scanning-config"
        name            = "github-secret-scanning-config"
      ~ tags            = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all        = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (10 unchanged attributes hidden)
    }

  # module.api.aws_cloudwatch_log_group.this will be updated in-place
  ~ resource "aws_cloudwatch_log_group" "this" {
        id                          = "/aws/lambda/github-secret-scanning-api"
        name                        = "/aws/lambda/github-secret-scanning-api"
        tags                        = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all                    = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (6 unchanged attributes hidden)
    }

  # module.api.aws_iam_policy.non_vpc_policies[0] will be updated in-place
  ~ resource "aws_iam_policy" "non_vpc_policies" {
        id               = "arn:aws:iam::283582579564:policy/github-secret-scanning-api_non_vpc"
        name             = "github-secret-scanning-api_non_vpc"
        tags             = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all         = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (5 unchanged attributes hidden)
    }

  # module.api.aws_iam_policy.policies[0] will be updated in-place
  ~ resource "aws_iam_policy" "policies" {
        id               = "arn:aws:iam::283582579564:policy/github-secret-scanning-api-0"
        name             = "github-secret-scanning-api-0"
      ~ policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = "ssm:GetParameters"
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ssm:ca-central-1:283582579564:parameter/github-secret-scanning-config"
                      - Sid      = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags             = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all         = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (4 unchanged attributes hidden)
    }

  # module.api.aws_iam_role.this will be updated in-place
  ~ resource "aws_iam_role" "this" {
        id                    = "github-secret-scanning-api"
        name                  = "github-secret-scanning-api"
        tags                  = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all              = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (8 unchanged attributes hidden)
    }

  # module.api.aws_lambda_function.this will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "github-secret-scanning-api"
        tags                           = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all                       = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (22 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.sentinel_forwarder.data.aws_iam_policy_document.sentinel_forwarder_lambda will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "sentinel_forwarder_lambda" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "logs:CreateLogStream",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:logs:ca-central-1:283582579564:log-group:/aws/lambda/github-secret-scanning-sentinel:*",
            ]
        }
      + statement {
          + actions   = [
              + "xray:GetSamplingRules",
              + "xray:GetSamplingStatisticSummaries",
              + "xray:GetSamplingTargets",
              + "xray:PutTelemetryRecords",
              + "xray:PutTraceSegments",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "ssm:GetParameter",
              + "ssm:GetParameters",
            ]
          + effect    = "Allow"
          + resources = [
              + "arn:aws:ssm:ca-central-1:283582579564:parameter/github-secret-scanning-sentinel-auth",
            ]
        }
    }

  # module.sentinel_forwarder.aws_cloudwatch_log_group.sentinel_forwarder_lambda will be updated in-place
  ~ resource "aws_cloudwatch_log_group" "sentinel_forwarder_lambda" {
        id                          = "/aws/lambda/github-secret-scanning-sentinel"
        name                        = "/aws/lambda/github-secret-scanning-sentinel"
        tags                        = {
            "CostCentre" = "github-secret-scanning-production"
        }
      ~ tags_all                    = {
          + "ssc_cbrid"  = "22DI"
            # (1 unchanged element hidden)
        }
        # (6 unchanged attributes hidden)
    }

  # module.sentinel_forwarder.aws_iam_policy.sentinel_forwarder_lambda will be updated in-place
  ~ resource "aws_iam_policy" "sentinel_forwarder_lambda" {
        id               = "arn:aws:iam::283582579564:policy/SentinelForwarderLambda-github-secret-scanning-sentinel"
        name             = "SentinelForwarderLambda-github-secret-scanning-sentinel"
      ~ policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "logs:PutLogEvents",
                          - "logs:CreateLogStream",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:logs:ca-central-1:283582579564:log-group:/aws/lambda/github-secret-scanning-sentinel:*"
                    },
                  - {
                      - Action   = [
                          - "xray:PutTraceSegments",
                          - "xray:PutTelemetryRecords",
                          - "xray:GetSamplingTargets",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingRules",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                    },
                  - {
                      - Action   = [
                          - "ssm:GetParameters",
                          - "ssm:GetParameter",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ssm:ca-central-1:283582579564:parameter/github-secret-scanning-sentinel-auth"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags             = {}
      ~ tags_all         = {
          + "ssc_cbrid" = "22DI"
        }
        # (4 unchanged attributes hidden)
    }

  # module.sentinel_forwarder.aws_iam_role.sentinel_forwarder_lambda will be updated in-place
  ~ resource "aws_iam_role" "sentinel_forwarder_lambda" {
        id                    = "SentinelForwarderLambda-github-secret-scanning-sentinel"
        name                  = "SentinelForwarderLambda-github-secret-scanning-sentinel"
        tags                  = {}
      ~ tags_all              = {
          + "ssc_cbrid" = "22DI"
        }
        # (8 unchanged attributes hidden)
    }

  # module.sentinel_forwarder.aws_lambda_function.sentinel_forwarder will be updated in-place
  ~ resource "aws_lambda_function" "sentinel_forwarder" {
        id                             = "github-secret-scanning-sentinel"
        tags                           = {
            "CostCentre" = "github-secret-scanning-production"
        }
      ~ tags_all                       = {
          + "ssc_cbrid"  = "22DI"
            # (1 unchanged element hidden)
        }
        # (25 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.sentinel_forwarder.aws_ssm_parameter.sentinel_forwarder_auth will be updated in-place
  ~ resource "aws_ssm_parameter" "sentinel_forwarder_auth" {
        id              = "github-secret-scanning-sentinel-auth"
        name            = "github-secret-scanning-sentinel-auth"
        tags            = {
            "CostCentre" = "github-secret-scanning-production"
        }
      ~ tags_all        = {
          + "ssc_cbrid"  = "22DI"
            # (1 unchanged element hidden)
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 12 to change, 0 to destroy.

Warning: Deprecated attribute

  on .terraform/modules/sentinel_forwarder/sentinel_forwarder/main.tf line 85, in resource "aws_lambda_permission" "sentinel_forwarder_cloudwatch_log_subscription":
  85:   principal     = "logs.${data.aws_region.current.name}.amazonaws.com"

The attribute "name" is deprecated. Refer to the provider documentation for
details.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_cloudwatch_log_group.sentinel_forwarder_lambda"]
WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_iam_policy.sentinel_forwarder_lambda"]
WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_iam_role.sentinel_forwarder_lambda"]
WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_lambda_function.sentinel_forwarder"]
WARN - plan.json - main - Missing Common Tags: ["module.sentinel_forwarder.aws_ssm_parameter.sentinel_forwarder_auth"]

25 tests, 20 passed, 5 warnings, 0 failures, 0 exceptions

@github-actions

Copy link
Copy Markdown

Production: hosted_zone

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 1 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_route53_zone.github_secret_scanning
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_route53_zone.github_secret_scanning will be updated in-place
  ~ resource "aws_route53_zone" "github_secret_scanning" {
        id                          = "Z09595232YY40XHEI9KL6"
        name                        = "github-secret-scanning.alpha.canada.ca"
        tags                        = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all                    = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (7 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest results
21 tests, 21 passed, 0 warnings, 0 failures, 0 exceptions

@github-actions

Copy link
Copy Markdown

Production: alert_compromise

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 3 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_iam_role.group_broadcast_alert_role
aws_lambda_function.broadcast_alert
aws_ssm_parameter.notify_doc_api_key
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_iam_role.group_broadcast_alert_role will be updated in-place
  ~ resource "aws_iam_role" "group_broadcast_alert_role" {
        id                    = "group_broadcast_alert_role"
        name                  = "group_broadcast_alert_role"
      ~ tags                  = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
      ~ tags_all              = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
        # (8 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

  # aws_lambda_function.broadcast_alert will be updated in-place
  ~ resource "aws_lambda_function" "broadcast_alert" {
        id                             = "broadcast_alert"
        tags                           = {}
      ~ tags_all                       = {
          + "ssc_cbrid" = "22DI"
        }
        # (31 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # aws_ssm_parameter.notify_doc_api_key will be updated in-place
  ~ resource "aws_ssm_parameter" "notify_doc_api_key" {
        id              = "notify_doc_api_key"
        name            = "notify_doc_api_key"
      ~ tags            = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all        = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (10 unchanged attributes hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Warning: Argument is deprecated

  with aws_iam_role.group_broadcast_alert_role,
  on iam.tf line 4, in resource "aws_iam_role" "group_broadcast_alert_role":
   4:   managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]

managed_policy_arns is deprecated. Use the aws_iam_role_policy_attachment
resource instead. If Terraform should exclusively manage all managed policy
attachments (the current behavior of this argument), use the
aws_iam_role_policy_attachments_exclusive resource as well.

(and one more similar warning elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
WARN - plan.json - main - Missing Common Tags: ["aws_lambda_function.broadcast_alert"]

21 tests, 20 passed, 1 warning, 0 failures, 0 exceptions

@github-actions

Copy link
Copy Markdown

Production: cloudfront

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 7 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_acm_certificate.api
aws_cloudfront_distribution.api
aws_iam_policy.write_waf_logs
aws_iam_role.waf_log_role
aws_kinesis_firehose_delivery_stream.api
aws_wafv2_regex_pattern_set.valid_uri_paths
aws_wafv2_web_acl.api
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_acm_certificate.api will be updated in-place
  ~ resource "aws_acm_certificate" "api" {
        id                        = "arn:aws:acm:us-east-1:283582579564:certificate/306ce9d4-b971-4c06-9dc5-d46367b9ed30"
        tags                      = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all                  = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (15 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # aws_cloudfront_distribution.api will be updated in-place
  ~ resource "aws_cloudfront_distribution" "api" {
        id                              = "E3JW0APMFZN4DN"
        tags                            = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all                        = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (23 unchanged attributes hidden)

        origin {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }

        # (4 unchanged blocks hidden)
    }

  # aws_iam_policy.write_waf_logs will be updated in-place
  ~ resource "aws_iam_policy" "write_waf_logs" {
        id               = "arn:aws:iam::283582579564:policy/github-secret-scanning-waf-logs"
        name             = "github-secret-scanning-waf-logs"
      ~ tags             = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all         = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (6 unchanged attributes hidden)
    }

  # aws_iam_role.waf_log_role will be updated in-place
  ~ resource "aws_iam_role" "waf_log_role" {
        id                    = "github-secret-scanning-waf-logs"
        name                  = "github-secret-scanning-waf-logs"
      ~ tags                  = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all              = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (8 unchanged attributes hidden)
    }

  # aws_kinesis_firehose_delivery_stream.api will be updated in-place
  ~ resource "aws_kinesis_firehose_delivery_stream" "api" {
        id             = "arn:aws:firehose:us-east-1:283582579564:deliverystream/aws-waf-logs-github-secret-scanning"
        name           = "aws-waf-logs-github-secret-scanning"
        tags           = {
            "CostCentre" = "github-secret-scanning-production"
            "Terraform"  = "true"
        }
      ~ tags_all       = {
          + "ssc_cbrid"  = "22DI"
            # (2 unchanged elements hidden)
        }
        # (5 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_wafv2_regex_pattern_set.valid_uri_paths will be updated in-place
  ~ resource "aws_wafv2_regex_pattern_set" "valid_uri_paths" {
        id          = "d9c157c2-5c1f-4aeb-9e9c-da73378334b4"
        name        = "valid-api-paths"
      ~ tags        = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all    = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (5 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

  # aws_wafv2_web_acl.api will be updated in-place
  ~ resource "aws_wafv2_web_acl" "api" {
        id            = "ff46dbec-de07-4249-8a6f-bf03d8823194"
        name          = "github-secret-scanning"
      ~ tags          = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all      = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (7 unchanged attributes hidden)

        # (8 unchanged blocks hidden)
    }

Plan: 0 to add, 7 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Show Conftest results
21 tests, 21 passed, 0 warnings, 0 failures, 0 exceptions

@github-actions

Copy link
Copy Markdown

Production: alarms

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 0 to add, 4 to change, 0 to destroy
Show summary
CHANGE NAME
update aws_cloudwatch_metric_alarm.api_error
aws_cloudwatch_metric_alarm.api_secret_detected
aws_kms_key.sns_cloudwatch
aws_sns_topic.cloudwatch_alarm
Show plan
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_cloudwatch_metric_alarm.api_error will be updated in-place
  ~ resource "aws_cloudwatch_metric_alarm" "api_error" {
        id                        = "GitHub secret scanning: error"
      ~ tags                      = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
      ~ tags_all                  = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
        # (18 unchanged attributes hidden)
    }

  # aws_cloudwatch_metric_alarm.api_secret_detected will be updated in-place
  ~ resource "aws_cloudwatch_metric_alarm" "api_secret_detected" {
        id                        = "GitHub secret scanning: secret detected"
      ~ tags                      = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
      ~ tags_all                  = {
          + "CostCentre" = "github-secret-scanning-production"
          + "Terraform"  = "true"
          + "ssc_cbrid"  = "22DH"
        }
        # (18 unchanged attributes hidden)
    }

  # aws_kms_key.sns_cloudwatch will be updated in-place
  ~ resource "aws_kms_key" "sns_cloudwatch" {
        id                                 = "17a3cee1-81fc-462c-99b7-e23b21612aa3"
      ~ tags                               = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all                           = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (12 unchanged attributes hidden)
    }

  # aws_sns_topic.cloudwatch_alarm will be updated in-place
  ~ resource "aws_sns_topic" "cloudwatch_alarm" {
        id                                       = "arn:aws:sns:ca-central-1:283582579564:github-secret-scanning-cloudwatch-alarm"
        name                                     = "github-secret-scanning-cloudwatch-alarm"
      ~ tags                                     = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
      ~ tags_all                                 = {
          + "ssc_cbrid"  = "22DH"
            # (2 unchanged elements hidden)
        }
        # (13 unchanged attributes hidden)
    }

Plan: 0 to add, 4 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest results
WARN - plan.json - main - Cloudwatch log metric pattern is invalid: ["aws_cloudwatch_log_metric_filter.api_error"]

21 tests, 20 passed, 1 warning, 0 failures, 0 exceptions

@sylviamclaughlin
sylviamclaughlin merged commit 8ecb211 into main Jun 22, 2026
12 checks passed
@sylviamclaughlin
sylviamclaughlin deleted the feat/implment_ssc_cbrid_tags branch June 22, 2026 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants