Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create DNS zone record so we can get freenom using the correct nameservers #23

Merged
merged 5 commits into from
Jan 23, 2022

Conversation

marknooch
Copy link
Owner

@marknooch marknooch commented Jan 23, 2022

fixes #7

@atlantis-green
Copy link
Collaborator

Plan Error

GET https://api.github.com/repos/marknooch/foodtrucks/pulls/23/files?per_page=300: 404 Not Found []

@marknooch
Copy link
Owner Author

atlantis plan

@atlantis-green
Copy link
Collaborator

Ran Plan for dir: terraform workspace: default

Show Output
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.s3-home-ipd will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "s3-home-ipd"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:GetObject",
              + "s3:GetObjectVersion",
            ]
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "*"
            }
        }
      + statement {
          + actions   = [
              + "s3:*",
            ]
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + "arn:aws:iam::246850902828:user/github-actions",
                ]
              + type        = "AWS"
            }
        }
    }

  # aws_iam_user.github-actions will be updated in-place
~ resource "aws_iam_user" "github-actions" {
        id            = "github-actions"
        name          = "github-actions"
        tags          = {}
      ~ tags_all      = {
          + "project" = "findafoodtruck"
        }
        # (4 unchanged attributes hidden)
    }

  # aws_route53_zone.main will be created
+ resource "aws_route53_zone" "main" {
      + arn           = (known after apply)
      + comment       = "Managed by Terraform"
      + force_destroy = false
      + id            = (known after apply)
      + name          = "findafoodtruck.ga"
      + name_servers  = (known after apply)
      + tags_all      = {
          + "project" = "findafoodtruck"
        }
      + zone_id       = (known after apply)
    }

  # aws_s3_bucket.s3-home will be created
+ resource "aws_s3_bucket" "s3-home" {
      + acceleration_status         = (known after apply)
      + acl                         = "public-read"
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags_all                    = {
          + "project" = "findafoodtruck"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)

      + versioning {
          + enabled    = (known after apply)
          + mfa_delete = (known after apply)
        }

      + website {
          + error_document = "error.html"
          + index_document = "index.html"
        }
    }

  # aws_s3_bucket.s3_home will be destroyed
  # (because aws_s3_bucket.s3_home is not in configuration)
- resource "aws_s3_bucket" "s3_home" {
      - acl                         = "public-read" -> null
      - arn                         = "arn:aws:s3:::terraform-20220121192859548500000001" -> null
      - bucket                      = "terraform-20220121192859548500000001" -> null
      - bucket_domain_name          = "terraform-20220121192859548500000001.s3.amazonaws.com" -> null
      - bucket_regional_domain_name = "terraform-20220121192859548500000001.s3.us-east-2.amazonaws.com" -> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z2O1EMRO9K5GLX" -> null
      - id                          = "terraform-20220121192859548500000001" -> null
      - region                      = "us-east-2" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null
      - website_domain              = "s3-website.us-east-2.amazonaws.com" -> null
      - website_endpoint            = "terraform-20220121192859548500000001.s3-website.us-east-2.amazonaws.com" -> null

      - versioning {
          - enabled    = false -> null
          - mfa_delete = false -> null
        }

      - website {
          - error_document = "error.html" -> null
          - index_document = "index.html" -> null
        }
    }

  # aws_s3_bucket_policy.public-read must be replaced
-/+ resource "aws_s3_bucket_policy" "public-read" {
      ~ bucket = "terraform-20220121192859548500000001" -> (known after apply) # forces replacement
      ~ id     = "terraform-20220121192859548500000001" -> (known after apply)
      ~ policy = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = [
                          - "s3:GetObjectVersion",
                          - "s3:GetObject",
                        ]
                      - Effect    = "Allow"
                      - Principal = "*"
                      - Resource  = "arn:aws:s3:::terraform-20220121192859548500000001/*"
                      - Sid       = ""
                    },
                  - {
                      - Action    = "s3:*"
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::246850902828:user/github-actions"
                        }
                      - Resource  = "arn:aws:s3:::terraform-20220121192859548500000001/*"
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
    }

  # github_actions_secret.S3_BUCKET must be replaced
-/+ resource "github_actions_secret" "S3_BUCKET" {
      ~ created_at      = "2022-01-22 11:16:04 +0000 UTC" -> (known after apply)
      ~ id              = "foodtrucks:S3_BUCKET" -> (known after apply)
      ~ plaintext_value = (sensitive value) # forces replacement
      ~ updated_at      = "2022-01-22 11:16:04 +0000 UTC" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

Plan: 4 to add, 1 to change, 3 to destroy.

  • ▶️ To apply this plan, comment:
    • atlantis apply -d terraform
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -d terraform
Plan: 4 to add, 1 to change, 3 to destroy.
  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@atlantis-green
Copy link
Collaborator

Ran Plan for dir: terraform workspace: default

Show Output
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
~ update in-place
- destroy
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.s3-home-ipd will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "s3-home-ipd"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:GetObject",
              + "s3:GetObjectVersion",
            ]
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "*"
            }
        }
      + statement {
          + actions   = [
              + "s3:*",
            ]
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + "arn:aws:iam::246850902828:user/github-actions",
                ]
              + type        = "AWS"
            }
        }
    }

  # aws_iam_user.github-actions will be updated in-place
~ resource "aws_iam_user" "github-actions" {
        id            = "github-actions"
        name          = "github-actions"
        tags          = {}
      ~ tags_all      = {
          + "project" = "findafoodtruck"
        }
        # (4 unchanged attributes hidden)
    }

  # aws_route53_zone.main will be created
+ resource "aws_route53_zone" "main" {
      + arn           = (known after apply)
      + comment       = "Managed by Terraform"
      + force_destroy = false
      + id            = (known after apply)
      + name          = "findafoodtruck.ga"
      + name_servers  = (known after apply)
      + tags_all      = {
          + "project" = "findafoodtruck"
        }
      + zone_id       = (known after apply)
    }

  # aws_s3_bucket.s3-home will be created
+ resource "aws_s3_bucket" "s3-home" {
      + acceleration_status         = (known after apply)
      + acl                         = "public-read"
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags_all                    = {
          + "project" = "findafoodtruck"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)

      + versioning {
          + enabled    = (known after apply)
          + mfa_delete = (known after apply)
        }

      + website {
          + error_document = "error.html"
          + index_document = "index.html"
        }
    }

  # aws_s3_bucket.s3_home will be destroyed
  # (because aws_s3_bucket.s3_home is not in configuration)
- resource "aws_s3_bucket" "s3_home" {
      - acl                         = "public-read" -> null
      - arn                         = "arn:aws:s3:::terraform-20220121192859548500000001" -> null
      - bucket                      = "terraform-20220121192859548500000001" -> null
      - bucket_domain_name          = "terraform-20220121192859548500000001.s3.amazonaws.com" -> null
      - bucket_regional_domain_name = "terraform-20220121192859548500000001.s3.us-east-2.amazonaws.com" -> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z2O1EMRO9K5GLX" -> null
      - id                          = "terraform-20220121192859548500000001" -> null
      - region                      = "us-east-2" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null
      - website_domain              = "s3-website.us-east-2.amazonaws.com" -> null
      - website_endpoint            = "terraform-20220121192859548500000001.s3-website.us-east-2.amazonaws.com" -> null

      - versioning {
          - enabled    = false -> null
          - mfa_delete = false -> null
        }

      - website {
          - error_document = "error.html" -> null
          - index_document = "index.html" -> null
        }
    }

  # aws_s3_bucket_policy.public-read must be replaced
-/+ resource "aws_s3_bucket_policy" "public-read" {
      ~ bucket = "terraform-20220121192859548500000001" -> (known after apply) # forces replacement
      ~ id     = "terraform-20220121192859548500000001" -> (known after apply)
      ~ policy = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = [
                          - "s3:GetObjectVersion",
                          - "s3:GetObject",
                        ]
                      - Effect    = "Allow"
                      - Principal = "*"
                      - Resource  = "arn:aws:s3:::terraform-20220121192859548500000001/*"
                      - Sid       = ""
                    },
                  - {
                      - Action    = "s3:*"
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::246850902828:user/github-actions"
                        }
                      - Resource  = "arn:aws:s3:::terraform-20220121192859548500000001/*"
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
    }

  # github_actions_secret.S3_BUCKET must be replaced
-/+ resource "github_actions_secret" "S3_BUCKET" {
      ~ created_at      = "2022-01-22 11:16:04 +0000 UTC" -> (known after apply)
      ~ id              = "foodtrucks:S3_BUCKET" -> (known after apply)
      ~ plaintext_value = (sensitive value) # forces replacement
      ~ updated_at      = "2022-01-22 11:16:04 +0000 UTC" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

Plan: 4 to add, 1 to change, 3 to destroy.

  • ▶️ To apply this plan, comment:
    • atlantis apply -d terraform
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -d terraform
Plan: 4 to add, 1 to change, 3 to destroy.
  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@marknooch
Copy link
Owner Author

atlantis apply

@atlantis-green
Copy link
Collaborator

Ran Apply for dir: terraform workspace: default

Apply Error

Show Output
running "/usr/local/bin/terraform apply -input=false \"/home/atlantis/.atlantis/repos/marknooch/foodtrucks/23/default/terraform/default.tfplan\"" in "/home/atlantis/.atlantis/repos/marknooch/foodtrucks/23/default/terraform": exit status 1
github_actions_secret.S3_BUCKET: Destroying... [id=foodtrucks:S3_BUCKET]
github_actions_secret.S3_BUCKET: Destruction complete after 0s
aws_s3_bucket_policy.public-read: Destroying... [id=terraform-20220121192859548500000001]
aws_route53_zone.main: Creating...
aws_s3_bucket_policy.public-read: Destruction complete after 0s
aws_s3_bucket.s3_home: Destroying... [id=terraform-20220121192859548500000001]
aws_s3_bucket.s3-home: Creating...
aws_iam_user.github-actions: Modifying... [id=github-actions]
aws_iam_user.github-actions: Modifications complete after 0s [id=github-actions]
aws_s3_bucket.s3-home: Creation complete after 2s [id=terraform-20220123171338585400000002]
data.aws_iam_policy_document.s3-home-ipd: Reading...
data.aws_iam_policy_document.s3-home-ipd: Read complete after 0s [id=2772242395]
aws_route53_zone.main: Still creating... [10s elapsed]
aws_route53_zone.main: Still creating... [20s elapsed]
aws_route53_zone.main: Still creating... [30s elapsed]
aws_route53_zone.main: Still creating... [40s elapsed]
aws_route53_zone.main: Creation complete after 41s [id=Z0975097GI60AUOWBH82]
╷
│ Error: error deleting S3 Bucket (terraform-20220121192859548500000001): BucketNotEmpty: The bucket you tried to delete is not empty
│ 	status code: 409, request id: Y3F8M9G13Q53WQJK, host id: KCUxx0sUN9hoPYMNomzljUPtyR7PyA/cJ10ujMuKNLXaXKDrGRg5CKi3Ti1qYShvS0D8kjDho2I=
│ 
│ 
╵

@marknooch
Copy link
Owner Author

atlantis plan

@atlantis-green
Copy link
Collaborator

Ran Plan for dir: terraform workspace: default

Show Output
Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # aws_route53_zone.main has changed
~ resource "aws_route53_zone" "main" {
        id            = "Z0975097GI60AUOWBH82"
        name          = "findafoodtruck.ga"
      + tags          = {}
        # (6 unchanged attributes hidden)
    }

  # aws_s3_bucket.s3-home has changed
~ resource "aws_s3_bucket" "s3-home" {
        id                          = "terraform-20220123171338585400000002"
      + tags                        = {}
        # (12 unchanged attributes hidden)


        # (2 unchanged blocks hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
- destroy

Terraform will perform the following actions:

  # aws_s3_bucket.s3_home will be destroyed
  # (because aws_s3_bucket.s3_home is not in configuration)
- resource "aws_s3_bucket" "s3_home" {
      - acl                         = "public-read" -> null
      - arn                         = "arn:aws:s3:::terraform-20220121192859548500000001" -> null
      - bucket                      = "terraform-20220121192859548500000001" -> null
      - bucket_domain_name          = "terraform-20220121192859548500000001.s3.amazonaws.com" -> null
      - bucket_regional_domain_name = "terraform-20220121192859548500000001.s3.us-east-2.amazonaws.com" -> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z2O1EMRO9K5GLX" -> null
      - id                          = "terraform-20220121192859548500000001" -> null
      - region                      = "us-east-2" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null
      - website_domain              = "s3-website.us-east-2.amazonaws.com" -> null
      - website_endpoint            = "terraform-20220121192859548500000001.s3-website.us-east-2.amazonaws.com" -> null

      - versioning {
          - enabled    = false -> null
          - mfa_delete = false -> null
        }

      - website {
          - error_document = "error.html" -> null
          - index_document = "index.html" -> null
        }
    }

  # aws_s3_bucket_policy.public-read will be created
+ resource "aws_s3_bucket_policy" "public-read" {
      + bucket = "terraform-20220123171338585400000002"
      + id     = (known after apply)
      + policy = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = [
                          + "s3:GetObjectVersion",
                          + "s3:GetObject",
                        ]
                      + Effect    = "Allow"
                      + Principal = "*"
                      + Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                      + Sid       = ""
                    },
                  + {
                      + Action    = "s3:*"
                      + Effect    = "Allow"
                      + Principal = {
                          + AWS = "arn:aws:iam::246850902828:user/github-actions"
                        }
                      + Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
    }

  # github_actions_secret.S3_BUCKET will be created
+ resource "github_actions_secret" "S3_BUCKET" {
      + created_at      = (known after apply)
      + id              = (known after apply)
      + plaintext_value = (sensitive value)
      + repository      = "foodtrucks"
      + secret_name     = "S3_BUCKET"
      + updated_at      = (known after apply)
    }

Plan: 2 to add, 0 to change, 1 to destroy.

  • ▶️ To apply this plan, comment:
    • atlantis apply -d terraform
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -d terraform

Note: Objects have changed outside of Terraform
Plan: 2 to add, 0 to change, 1 to destroy.


  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@marknooch
Copy link
Owner Author

I re-planned to see if terraform would want to keep deleting the s3_home resource and it does, which is good. I'm going to manually delete the files to keep my AWS account clean.

@marknooch
Copy link
Owner Author

atlantis plan

@atlantis-green
Copy link
Collaborator

Ran Plan for dir: terraform workspace: default

Show Output
Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # aws_route53_zone.main has changed
~ resource "aws_route53_zone" "main" {
        id            = "Z0975097GI60AUOWBH82"
        name          = "findafoodtruck.ga"
      + tags          = {}
        # (6 unchanged attributes hidden)
    }

  # aws_s3_bucket.s3-home has changed
~ resource "aws_s3_bucket" "s3-home" {
        id                          = "terraform-20220123171338585400000002"
      + tags                        = {}
        # (12 unchanged attributes hidden)


        # (2 unchanged blocks hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
- destroy

Terraform will perform the following actions:

  # aws_s3_bucket.s3_home will be destroyed
  # (because aws_s3_bucket.s3_home is not in configuration)
- resource "aws_s3_bucket" "s3_home" {
      - acl                         = "public-read" -> null
      - arn                         = "arn:aws:s3:::terraform-20220121192859548500000001" -> null
      - bucket                      = "terraform-20220121192859548500000001" -> null
      - bucket_domain_name          = "terraform-20220121192859548500000001.s3.amazonaws.com" -> null
      - bucket_regional_domain_name = "terraform-20220121192859548500000001.s3.us-east-2.amazonaws.com" -> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z2O1EMRO9K5GLX" -> null
      - id                          = "terraform-20220121192859548500000001" -> null
      - region                      = "us-east-2" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null
      - website_domain              = "s3-website.us-east-2.amazonaws.com" -> null
      - website_endpoint            = "terraform-20220121192859548500000001.s3-website.us-east-2.amazonaws.com" -> null

      - versioning {
          - enabled    = false -> null
          - mfa_delete = false -> null
        }

      - website {
          - error_document = "error.html" -> null
          - index_document = "index.html" -> null
        }
    }

  # aws_s3_bucket_policy.public-read will be created
+ resource "aws_s3_bucket_policy" "public-read" {
      + bucket = "terraform-20220123171338585400000002"
      + id     = (known after apply)
      + policy = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = [
                          + "s3:GetObjectVersion",
                          + "s3:GetObject",
                        ]
                      + Effect    = "Allow"
                      + Principal = "*"
                      + Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                      + Sid       = ""
                    },
                  + {
                      + Action    = "s3:*"
                      + Effect    = "Allow"
                      + Principal = {
                          + AWS = "arn:aws:iam::246850902828:user/github-actions"
                        }
                      + Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                      + Sid       = ""
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
    }

  # github_actions_secret.S3_BUCKET will be created
+ resource "github_actions_secret" "S3_BUCKET" {
      + created_at      = (known after apply)
      + id              = (known after apply)
      + plaintext_value = (sensitive value)
      + repository      = "foodtrucks"
      + secret_name     = "S3_BUCKET"
      + updated_at      = (known after apply)
    }

Plan: 2 to add, 0 to change, 1 to destroy.

  • ▶️ To apply this plan, comment:
    • atlantis apply -d terraform
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -d terraform

Note: Objects have changed outside of Terraform
Plan: 2 to add, 0 to change, 1 to destroy.


  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@marknooch
Copy link
Owner Author

atlantis apply

@atlantis-green
Copy link
Collaborator

Ran Apply for dir: terraform workspace: default

github_actions_secret.S3_BUCKET: Creating...
aws_s3_bucket.s3_home: Destroying... [id=terraform-20220121192859548500000001]
aws_s3_bucket_policy.public-read: Creating...
aws_s3_bucket.s3_home: Destruction complete after 1s
aws_s3_bucket_policy.public-read: Creation complete after 1s [id=terraform-20220123171338585400000002]
github_actions_secret.S3_BUCKET: Creation complete after 2s [id=foodtrucks:S3_BUCKET]

Apply complete! Resources: 2 added, 0 changed, 1 destroyed.

@atlantis-green
Copy link
Collaborator

Ran Plan for dir: terraform workspace: default

Show Output
Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # aws_s3_bucket_policy.public-read has changed
~ resource "aws_s3_bucket_policy" "public-read" {
        id     = "terraform-20220123171338585400000002"
      ~ policy = jsonencode( # whitespace changes
            {
                Statement = [
                    {
                        Action    = [
                            "s3:GetObjectVersion",
                            "s3:GetObject",
                        ]
                        Effect    = "Allow"
                        Principal = "*"
                        Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                        Sid       = ""
                    },
                    {
                        Action    = "s3:*"
                        Effect    = "Allow"
                        Principal = {
                            AWS = "arn:aws:iam::246850902828:user/github-actions"
                        }
                        Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                        Sid       = ""
                    },
                ]
                Version   = "2012-10-17"
            }
        )
        # (1 unchanged attribute hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.s3-home-ipd will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "s3-home-ipd"  {
      ~ id      = "2772242395" -> (known after apply)
      ~ json    = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = [
                          - "s3:GetObjectVersion",
                          - "s3:GetObject",
                        ]
                      - Effect    = "Allow"
                      - Principal = "*"
                      - Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                      - Sid       = ""
                    },
                  - {
                      - Action    = "s3:*"
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::246850902828:user/github-actions"
                        }
                      - Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
      - version = "2012-10-17" -> null

      ~ statement {
          - effect        = "Allow" -> null
          - not_actions   = [] -> null
          - not_resources = [] -> null
          ~ resources     = [
              - "arn:aws:s3:::terraform-20220123171338585400000002/*",
              ~ (known after apply),
            ]
            # (1 unchanged attribute hidden)

            # (1 unchanged block hidden)
        }
      ~ statement {
          - effect        = "Allow" -> null
          - not_actions   = [] -> null
          - not_resources = [] -> null
          ~ resources     = [
              - "arn:aws:s3:::terraform-20220123171338585400000002/*",
              ~ (known after apply),
            ]
            # (1 unchanged attribute hidden)

            # (1 unchanged block hidden)
        }
    }

  # aws_s3_bucket.s3-home must be replaced
-/+ resource "aws_s3_bucket" "s3-home" {
      + acceleration_status         = (known after apply)
      ~ arn                         = "arn:aws:s3:::terraform-20220123171338585400000002" -> (known after apply)
      ~ bucket                      = "terraform-20220123171338585400000002" -> (known after apply)
      ~ bucket_domain_name          = "terraform-20220123171338585400000002.s3.amazonaws.com" -> (known after apply)
      + bucket_prefix               = "foodtrucks" # forces replacement
      ~ bucket_regional_domain_name = "terraform-20220123171338585400000002.s3.us-east-2.amazonaws.com" -> (known after apply)
      ~ hosted_zone_id              = "Z2O1EMRO9K5GLX" -> (known after apply)
      ~ id                          = "terraform-20220123171338585400000002" -> (known after apply)
      ~ region                      = "us-east-2" -> (known after apply)
      ~ request_payer               = "BucketOwner" -> (known after apply)
      - tags                        = {} -> null
      ~ website_domain              = "s3-website.us-east-2.amazonaws.com" -> (known after apply)
      ~ website_endpoint            = "terraform-20220123171338585400000002.s3-website.us-east-2.amazonaws.com" -> (known after apply)
        # (3 unchanged attributes hidden)

      ~ versioning {
          ~ enabled    = false -> (known after apply)
          ~ mfa_delete = false -> (known after apply)
        }

      ~ website {
            # (2 unchanged attributes hidden)
        }
    }

  # aws_s3_bucket_policy.public-read must be replaced
-/+ resource "aws_s3_bucket_policy" "public-read" {
      ~ bucket = "terraform-20220123171338585400000002" -> (known after apply) # forces replacement
      ~ id     = "terraform-20220123171338585400000002" -> (known after apply)
      ~ policy = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = [
                          - "s3:GetObjectVersion",
                          - "s3:GetObject",
                        ]
                      - Effect    = "Allow"
                      - Principal = "*"
                      - Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                      - Sid       = ""
                    },
                  - {
                      - Action    = "s3:*"
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::246850902828:user/github-actions"
                        }
                      - Resource  = "arn:aws:s3:::terraform-20220123171338585400000002/*"
                      - Sid       = ""
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
    }

  # github_actions_secret.S3_BUCKET must be replaced
-/+ resource "github_actions_secret" "S3_BUCKET" {
      ~ created_at      = "2022-01-23 17:19:23 +0000 UTC" -> (known after apply)
      ~ id              = "foodtrucks:S3_BUCKET" -> (known after apply)
      ~ plaintext_value = (sensitive value) # forces replacement
      ~ updated_at      = "2022-01-23 17:19:23 +0000 UTC" -> (known after apply)
        # (2 unchanged attributes hidden)
    }

Plan: 3 to add, 0 to change, 3 to destroy.

  • ▶️ To apply this plan, comment:
    • atlantis apply -d terraform
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -d terraform

Note: Objects have changed outside of Terraform
Plan: 3 to add, 0 to change, 3 to destroy.


  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@marknooch
Copy link
Owner Author

atlantis apply

@atlantis-green
Copy link
Collaborator

Ran Apply for dir: terraform workspace: default

Apply Error

running "/usr/local/bin/terraform apply -input=false \"/home/atlantis/.atlantis/repos/marknooch/foodtrucks/23/default/terraform/default.tfplan\"" in "/home/atlantis/.atlantis/repos/marknooch/foodtrucks/23/default/terraform": exit status 1
github_actions_secret.S3_BUCKET: Destroying... [id=foodtrucks:S3_BUCKET]
github_actions_secret.S3_BUCKET: Destruction complete after 0s
aws_s3_bucket_policy.public-read: Destroying... [id=terraform-20220123171338585400000002]
aws_s3_bucket_policy.public-read: Destruction complete after 1s
aws_s3_bucket.s3-home: Destroying... [id=terraform-20220123171338585400000002]
╷
│ Error: error deleting S3 Bucket (terraform-20220123171338585400000002): BucketNotEmpty: The bucket you tried to delete is not empty
│ 	status code: 409, request id: 37ZN8BTA6GHZ1P5M, host id: 6IqZWsnknBLdsfVzB+ELbnToHS+kDL4v/WEETNkk8NP9YbuFooHp7Qb1d3GPlxdlJPujo/VfiWc=
│ 
│ 
╵

@marknooch
Copy link
Owner Author

atlantis apply

@atlantis-green
Copy link
Collaborator

Ran Apply for dir: terraform workspace: default

Apply Error

running "/usr/local/bin/terraform apply -input=false \"/home/atlantis/.atlantis/repos/marknooch/foodtrucks/23/default/terraform/default.tfplan\"" in "/home/atlantis/.atlantis/repos/marknooch/foodtrucks/23/default/terraform": exit status 1
╷
│ Error: Saved plan is stale
│ 
│ The given plan file can no longer be applied because the state was changed
│ by another operation after the plan was created.
╵

@marknooch
Copy link
Owner Author

atlantis plan

@atlantis-green
Copy link
Collaborator

Ran Plan for dir: terraform workspace: default

Show Output
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_iam_policy_document.s3-home-ipd will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "s3-home-ipd"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "s3:GetObject",
              + "s3:GetObjectVersion",
            ]
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + "*",
                ]
              + type        = "*"
            }
        }
      + statement {
          + actions   = [
              + "s3:*",
            ]
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + "arn:aws:iam::246850902828:user/github-actions",
                ]
              + type        = "AWS"
            }
        }
    }

  # aws_s3_bucket.s3-home must be replaced
-/+ resource "aws_s3_bucket" "s3-home" {
      + acceleration_status         = (known after apply)
      ~ arn                         = "arn:aws:s3:::terraform-20220123171338585400000002" -> (known after apply)
      ~ bucket                      = "terraform-20220123171338585400000002" -> (known after apply)
      ~ bucket_domain_name          = "terraform-20220123171338585400000002.s3.amazonaws.com" -> (known after apply)
      + bucket_prefix               = "foodtrucks" # forces replacement
      ~ bucket_regional_domain_name = "terraform-20220123171338585400000002.s3.us-east-2.amazonaws.com" -> (known after apply)
      ~ hosted_zone_id              = "Z2O1EMRO9K5GLX" -> (known after apply)
      ~ id                          = "terraform-20220123171338585400000002" -> (known after apply)
      ~ region                      = "us-east-2" -> (known after apply)
      ~ request_payer               = "BucketOwner" -> (known after apply)
      - tags                        = {} -> null
      ~ website_domain              = "s3-website.us-east-2.amazonaws.com" -> (known after apply)
      ~ website_endpoint            = "terraform-20220123171338585400000002.s3-website.us-east-2.amazonaws.com" -> (known after apply)
        # (3 unchanged attributes hidden)

      ~ versioning {
          ~ enabled    = false -> (known after apply)
          ~ mfa_delete = false -> (known after apply)
        }

      ~ website {
            # (2 unchanged attributes hidden)
        }
    }

  # aws_s3_bucket_policy.public-read will be created
+ resource "aws_s3_bucket_policy" "public-read" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # github_actions_secret.S3_BUCKET will be created
+ resource "github_actions_secret" "S3_BUCKET" {
      + created_at      = (known after apply)
      + id              = (known after apply)
      + plaintext_value = (sensitive value)
      + repository      = "foodtrucks"
      + secret_name     = "S3_BUCKET"
      + updated_at      = (known after apply)
    }

Plan: 3 to add, 0 to change, 1 to destroy.

  • ▶️ To apply this plan, comment:
    • atlantis apply -d terraform
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -d terraform
Plan: 3 to add, 0 to change, 1 to destroy.
  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@marknooch
Copy link
Owner Author

atlantis apply

@atlantis-green
Copy link
Collaborator

Ran Apply for dir: terraform workspace: default

Show Output
aws_s3_bucket.s3-home: Destroying... [id=terraform-20220123171338585400000002]
aws_s3_bucket.s3-home: Destruction complete after 0s
aws_s3_bucket.s3-home: Creating...
aws_s3_bucket.s3-home: Creation complete after 1s [id=foodtrucks20220123172537018100000001]
data.aws_iam_policy_document.s3-home-ipd: Reading...
github_actions_secret.S3_BUCKET: Creating...
data.aws_iam_policy_document.s3-home-ipd: Read complete after 0s [id=677448245]
aws_s3_bucket_policy.public-read: Creating...
aws_s3_bucket_policy.public-read: Creation complete after 0s [id=foodtrucks20220123172537018100000001]
github_actions_secret.S3_BUCKET: Creation complete after 1s [id=foodtrucks:S3_BUCKET]

Apply complete! Resources: 3 added, 0 changed, 1 destroyed.

@atlantis-green
Copy link
Collaborator

Ran Plan for dir: terraform workspace: default

Show Output
Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply":

  # aws_s3_bucket.s3-home has changed
~ resource "aws_s3_bucket" "s3-home" {
        id                          = "foodtrucks20220123172537018100000001"
      + tags                        = {}
        # (13 unchanged attributes hidden)


        # (2 unchanged blocks hidden)
    }

  # aws_s3_bucket_policy.public-read has changed
~ resource "aws_s3_bucket_policy" "public-read" {
        id     = "foodtrucks20220123172537018100000001"
      ~ policy = jsonencode( # whitespace changes
            {
                Statement = [
                    {
                        Action    = [
                            "s3:GetObjectVersion",
                            "s3:GetObject",
                        ]
                        Effect    = "Allow"
                        Principal = "*"
                        Resource  = "arn:aws:s3:::foodtrucks20220123172537018100000001/*"
                        Sid       = ""
                    },
                    {
                        Action    = "s3:*"
                        Effect    = "Allow"
                        Principal = {
                            AWS = "arn:aws:iam::246850902828:user/github-actions"
                        }
                        Resource  = "arn:aws:s3:::foodtrucks20220123172537018100000001/*"
                        Sid       = ""
                    },
                ]
                Version   = "2012-10-17"
            }
        )
        # (1 unchanged attribute hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_route53_zone.main must be replaced
-/+ resource "aws_route53_zone" "main" {
      ~ arn           = "arn:aws:route53:::hostedzone/Z0975097GI60AUOWBH82" -> (known after apply)
      ~ id            = "Z0975097GI60AUOWBH82" -> (known after apply)
      ~ name          = "findafoodtruck.ga" -> "findafoodtrucknow.ga" # forces replacement
      ~ name_servers  = [
          - "ns-1454.awsdns-53.org",
          - "ns-1679.awsdns-17.co.uk",
          - "ns-437.awsdns-54.com",
          - "ns-851.awsdns-42.net",
        ] -> (known after apply)
      - tags          = {} -> null
      ~ zone_id       = "Z0975097GI60AUOWBH82" -> (known after apply)
        # (3 unchanged attributes hidden)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

  • ▶️ To apply this plan, comment:
    • atlantis apply -d terraform
  • 🚮 To delete this plan click here
  • 🔁 To plan this project again, comment:
    • atlantis plan -d terraform

Note: Objects have changed outside of Terraform
Plan: 1 to add, 0 to change, 1 to destroy.


  • ⏩ To apply all unapplied plans from this pull request, comment:
    • atlantis apply
  • 🚮 To delete all plans and locks for the PR, comment:
    • atlantis unlock

@marknooch
Copy link
Owner Author

atlantis apply

@atlantis-green
Copy link
Collaborator

Ran Apply for dir: terraform workspace: default

aws_route53_zone.main: Destroying... [id=Z0975097GI60AUOWBH82]
aws_route53_zone.main: Destruction complete after 0s
aws_route53_zone.main: Creating...
aws_route53_zone.main: Still creating... [10s elapsed]
aws_route53_zone.main: Still creating... [20s elapsed]
aws_route53_zone.main: Still creating... [30s elapsed]
aws_route53_zone.main: Creation complete after 36s [id=Z09800282W96ID4P1H3B4]

Apply complete! Resources: 1 added, 0 changed, 1 destroyed.

@marknooch marknooch merged commit af28722 into main Jan 23, 2022
@atlantis-green
Copy link
Collaborator

Locks and plans deleted for the projects and workspaces modified in this pull request:

  • dir: terraform workspace: default

@marknooch marknooch deleted the Findafoodtruck.ga branch January 23, 2022 17:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Create a custom domain name for our home on the internet
2 participants