Skip to content

feat: Added redoer service. #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 6, 2025
Merged

feat: Added redoer service. #33

merged 1 commit into from
Oct 6, 2025

Conversation

@jamesiarmes
Copy link
Member

@jamesiarmes jamesiarmes commented Oct 6, 2025

No description provided.

@github-actions
Copy link

github-actions bot commented Oct 6, 2025

Plan output for service config


Note: Objects have changed outside of OpenTofu

OpenTofu detected the following changes made outside of OpenTofu since the
last "tofu apply" which may have affected this plan:

  # module.system.module.exporter.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:6cd5312fe8d2f94d03c968c84cef94b99c41aa3e43b9ed9940f2845eb13838b3207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.system.module.tools.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:e2ac2df2e08f0257a1932dd02409635fab972830759e9aaf0eed07227700bf17207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.system.module.consumer.module.task.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:c5d3f8e168a06f6cc78e785a84a4000bbc4d4586ce7934e4659d0a73c4359efd207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
+/- create replacement and then destroy
 <= read (data resources)

OpenTofu will perform the following actions:

  # module.system.module.exporter.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:30e2f8105213c18b5399301bbbf3dfae851cec8d"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "30e2f8105213c18b5399301bbbf3dfae851cec8d"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.exporter.docker_registry_image.container will be created
  + resource "docker_registry_image" "container" {
      + id                   = (known after apply)
      + insecure_skip_verify = false
      + keep_remotely        = true
      + name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:30e2f8105213c18b5399301bbbf3dfae851cec8d"
      + sha256_digest        = (known after apply)
      + triggers             = (known after apply)

      + auth_config {
          + address  = "https://207495628382.dkr.ecr.us-west-1.amazonaws.com"
          + password = (sensitive value)
          + username = "AWS"
        }
    }

  # module.system.module.tools.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:30e2f8105213c18b5399301bbbf3dfae851cec8d"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "30e2f8105213c18b5399301bbbf3dfae851cec8d"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.tools.docker_registry_image.container will be created
  + resource "docker_registry_image" "container" {
      + id                   = (known after apply)
      + insecure_skip_verify = false
      + keep_remotely        = true
      + name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:30e2f8105213c18b5399301bbbf3dfae851cec8d"
      + sha256_digest        = (known after apply)
      + triggers             = (known after apply)

      + auth_config {
          + address  = "https://207495628382.dkr.ecr.us-west-1.amazonaws.com"
          + password = (sensitive value)
          + username = "AWS"
        }
    }

  # module.system.module.consumer.module.service.aws_ecs_service.main[0] will be updated in-place
  ~ resource "aws_ecs_service" "main" {
        id                                 = "arn:aws:ecs:us-west-1:207495628382:service/sqs-senzing-development/sqs-senzing-development-consumer"
        name                               = "sqs-senzing-development-consumer"
        tags                               = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      ~ task_definition                    = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-dev-consumer:28" -> (known after apply)
        # (19 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.system.module.consumer.module.task.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:30e2f8105213c18b5399301bbbf3dfae851cec8d"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "30e2f8105213c18b5399301bbbf3dfae851cec8d"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.consumer.module.task.docker_registry_image.container will be created
  + resource "docker_registry_image" "container" {
      + id                   = (known after apply)
      + insecure_skip_verify = false
      + keep_remotely        = true
      + name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:30e2f8105213c18b5399301bbbf3dfae851cec8d"
      + sha256_digest        = (known after apply)
      + triggers             = (known after apply)

      + auth_config {
          + address  = "https://207495628382.dkr.ecr.us-west-1.amazonaws.com"
          + password = (sensitive value)
          + username = "AWS"
        }
    }

  # module.system.module.exporter.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-exporter:6" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-exporter" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  - mountPoints            = []
                    name                   = "otel-collector"
                  - portMappings           = []
                  - systemControls         = []
                  - volumesFrom            = []
                    # (7 unchanged attributes hidden)
                },
              ~ {
                  ~ image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:30e2f8105213c18b5399301bbbf3dfae851cec8d"
                    name                   = "sqs-senzing-development-exporter"
                  ~ portMappings           = [
                      ~ {
                          - hostPort      = 80
                          - protocol      = "tcp"
                            # (1 unchanged attribute hidden)
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (10 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "sqs-senzing-development-exporter" -> (known after apply)
      ~ revision                 = 6 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

  # module.system.module.redoer.module.service.aws_ecs_service.main[0] will be created
  + resource "aws_ecs_service" "main" {
      + arn                                = (known after apply)
      + availability_zone_rebalancing      = "DISABLED"
      + cluster                            = "arn:aws:ecs:us-west-1:207495628382:cluster/sqs-senzing-development"
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_delete                       = false
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "sqs-senzing-development-redoer"
      + platform_version                   = (known after apply)
      + propagate_tags                     = "SERVICE"
      + region                             = "us-west-1"
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      + tags_all                           = {
          + "application"    = "sqs-senzing-development"
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
          + "environment"    = "development"
          + "program"        = "safety-net"
          + "project"        = "sqs-senzing"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + deployment_configuration (known after apply)

      + deployment_controller {
          + type = "ECS"
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = [
              + "sg-0f7c26de2ae898193",
            ]
          + subnets          = [
              + "subnet-03dfcfff330d289fb",
              + "subnet-0b64a14539d697a4e",
            ]
        }
    }

  # module.system.module.redoer.module.task.data.aws_ecr_authorization_token.token will be read during apply
  # (config refers to values not yet known)
 <= data "aws_ecr_authorization_token" "token" {
      + authorization_token = (sensitive value)
      + expires_at          = (known after apply)
      + id                  = (known after apply)
      + password            = (sensitive value)
      + proxy_endpoint      = (known after apply)
      + region              = (known after apply)
      + registry_id         = (known after apply)
      + user_name           = (known after apply)
    }

  # module.system.module.redoer.module.task.aws_cloudwatch_log_group.service will be created
  + resource "aws_cloudwatch_log_group" "service" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + kms_key_id        = "arn:aws:kms:us-west-1:207495628382:key/65d4906b-6d37-4615-bca4-436c63faef80"
      + log_group_class   = (known after apply)
      + name              = "/aws/ecs/sqs-senzing/dev/redoer"
      + name_prefix       = (known after apply)
      + region            = "us-west-1"
      + retention_in_days = 30
      + skip_destroy      = false
      + tags              = {
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      + tags_all          = {
          + "application"    = "sqs-senzing-development"
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
          + "environment"    = "development"
          + "program"        = "safety-net"
          + "project"        = "sqs-senzing"
        }
    }

  # module.system.module.redoer.module.task.aws_iam_policy.execution will be created
  + resource "aws_iam_policy" "execution" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Senzing task execution policy."
      + id               = (known after apply)
      + name             = "sqs-senzing-dev-redoer-execution"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags             = {
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      + tags_all         = {
          + "application"    = "sqs-senzing-development"
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
          + "environment"    = "development"
          + "program"        = "safety-net"
          + "project"        = "sqs-senzing"
        }
    }

  # module.system.module.redoer.module.task.aws_iam_policy.task will be created
  + resource "aws_iam_policy" "task" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Senzing task policy."
      + id               = (known after apply)
      + name             = "sqs-senzing-dev-redoer-task"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = jsonencode(
            {
              + Statement = [
                  + {
                      + Action   = [
                          + "ssm:GetParameters",
                          + "ssm:GetParameter",
                        ]
                      + Effect   = "Allow"
                      + Resource = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/dev/*"
                      + Sid      = "SSMAccess"
                    },
                  + {
                      + Action   = [
                          + "ssmmessages:CreateControlChannel",
                          + "ssmmessages:CreateDataChannel",
                          + "ssmmessages:OpenControlChannel",
                          + "ssmmessages:OpenDataChannel",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "EcsExecAccess"
                    },
                  + {
                      + Action   = [
                          + "cloudwatch:PutMetricData",
                          + "ec2:DescribeTags",
                          + "ec2:DescribeVolumes",
                          + "logs:CreateLogGroup",
                          + "logs:CreateLogStream",
                          + "logs:DescribeLogGroups",
                          + "logs:DescribeLogStreams",
                          + "logs:PutLogEvents",
                          + "logs:PutRetentionPolicy",
                          + "xray:GetSamplingRules",
                          + "xray:GetSamplingStatisticSummaries",
                          + "xray:GetSamplingTargets",
                          + "xray:PutTelemetryRecords",
                          + "xray:PutTraceSegments",
                        ]
                      + Effect   = "Allow"
                      + Resource = "*"
                      + Sid      = "CloudWatchAccess"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + policy_id        = (known after apply)
      + tags             = {
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      + tags_all         = {
          + "application"    = "sqs-senzing-development"
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
          + "environment"    = "development"
          + "program"        = "safety-net"
          + "project"        = "sqs-senzing"
        }
    }

  # module.system.module.redoer.module.task.aws_iam_role.execution will be created
  + resource "aws_iam_role" "execution" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + description           = "Senzing task execution role."
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "sqs-senzing-dev-redoer-execution"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      + tags_all              = {
          + "application"    = "sqs-senzing-development"
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
          + "environment"    = "development"
          + "program"        = "safety-net"
          + "project"        = "sqs-senzing"
        }
      + unique_id             = (known after apply)

      + inline_policy (known after apply)
    }

  # module.system.module.redoer.module.task.aws_iam_role.task will be created
  + resource "aws_iam_role" "task" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + description           = "Senzing task role."
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "sqs-senzing-dev-redoer-task"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      + tags_all              = {
          + "application"    = "sqs-senzing-development"
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
          + "environment"    = "development"
          + "program"        = "safety-net"
          + "project"        = "sqs-senzing"
        }
      + unique_id             = (known after apply)

      + inline_policy (known after apply)
    }

  # module.system.module.redoer.module.task.aws_iam_role_policy_attachments_exclusive.execution will be created
  + resource "aws_iam_role_policy_attachments_exclusive" "execution" {
      + policy_arns = [
          + "arn:aws:iam::207495628382:policy/sqs-senzing-development-secrets-access-20250925044353478800000003",
          + (known after apply),
        ]
      + role_name   = "sqs-senzing-dev-redoer-execution"
    }

  # module.system.module.redoer.module.task.aws_iam_role_policy_attachments_exclusive.task will be created
  + resource "aws_iam_role_policy_attachments_exclusive" "task" {
      + policy_arns = [
          + "arn:aws:iam::207495628382:policy/sqs-senzing-development-queue-access-20250925044339106000000001",
          + (known after apply),
        ]
      + role_name   = "sqs-senzing-dev-redoer-task"
    }

  # module.system.module.redoer.module.task.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = (known after apply)
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "30e2f8105213c18b5399301bbbf3dfae851cec8d"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.redoer.module.task.docker_registry_image.container will be created
  + resource "docker_registry_image" "container" {
      + id                   = (known after apply)
      + insecure_skip_verify = false
      + keep_remotely        = true
      + name                 = (known after apply)
      + sha256_digest        = (known after apply)
      + triggers             = (known after apply)

      + auth_config {
          + address  = (known after apply)
          + password = (sensitive value)
          + username = (known after apply)
        }
    }

  # module.system.module.tools.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-tools:53" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-tools" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  - mountPoints            = []
                    name                   = "otel-collector"
                  - portMappings           = []
                  - systemControls         = []
                  - volumesFrom            = []
                    # (7 unchanged attributes hidden)
                },
              ~ {
                  ~ image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:30e2f8105213c18b5399301bbbf3dfae851cec8d"
                    name                   = "sqs-senzing-development-tools"
                  ~ portMappings           = [
                      ~ {
                          - hostPort      = 80
                          - protocol      = "tcp"
                            # (1 unchanged attribute hidden)
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (10 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "sqs-senzing-development-tools" -> (known after apply)
      ~ revision                 = 53 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "aws-lib" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "aws-lib"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

  # module.system.module.consumer.module.task.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-dev-consumer:28" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-dev-consumer" -> (known after apply)
      ~ container_definitions    = jsonencode(
          ~ [
              ~ {
                  - mountPoints            = []
                    name                   = "otel-collector"
                  - portMappings           = []
                  - systemControls         = []
                  - volumesFrom            = []
                    # (7 unchanged attributes hidden)
                },
              ~ {
                  ~ image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-dev-consumer:30e2f8105213c18b5399301bbbf3dfae851cec8d"
                    name                   = "sqs-senzing-dev-consumer"
                  ~ portMappings           = [
                      ~ {
                          - hostPort      = 80
                          - protocol      = "tcp"
                            # (1 unchanged attribute hidden)
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                    # (10 unchanged attributes hidden)
                },
            ] # forces replacement
        )
      ~ id                       = "sqs-senzing-dev-consumer" -> (known after apply)
      ~ revision                 = 28 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

  # module.system.module.redoer.module.task.module.ecr.aws_ecr_lifecycle_policy.this[0] will be created
  + resource "aws_ecr_lifecycle_policy" "this" {
      + id          = (known after apply)
      + policy      = jsonencode(
            {
              + rules = [
                  + {
                      + action       = {
                          + type = "expire"
                        }
                      + description  = "Expire untagged images older than 14 days"
                      + rulePriority = 1
                      + selection    = {
                          + countNumber = 14
                          + countType   = "sinceImagePushed"
                          + countUnit   = "days"
                          + tagStatus   = "untagged"
                        }
                    },
                ]
            }
        )
      + region      = "us-west-1"
      + registry_id = (known after apply)
      + repository  = "sqs-senzing-dev-redoer"
    }

  # module.system.module.redoer.module.task.module.ecr.aws_ecr_repository.this[0] will be created
  + resource "aws_ecr_repository" "this" {
      + arn                  = (known after apply)
      + force_delete         = true
      + id                   = (known after apply)
      + image_tag_mutability = "MUTABLE"
      + name                 = "sqs-senzing-dev-redoer"
      + region               = "us-west-1"
      + registry_id          = (known after apply)
      + repository_url       = (known after apply)
      + tags                 = {
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      + tags_all             = {
          + "application"    = "sqs-senzing-development"
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
          + "environment"    = "development"
          + "program"        = "safety-net"
          + "project"        = "sqs-senzing"
        }

      + encryption_configuration {
          + encryption_type = "KMS"
          + kms_key         = "arn:aws:kms:us-west-1:207495628382:key/0fccf5d7-ff29-4e29-bbc8-fbf8c1dcd853"
        }

      + image_scanning_configuration {
          + scan_on_push = true
        }
    }

  # module.system.module.redoer.module.task.module.ecr.aws_ecr_repository_policy.this[0] will be created
  + resource "aws_ecr_repository_policy" "this" {
      + id          = (known after apply)
      + policy      = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = [
                          + "ecr:ListTagsForResource",
                          + "ecr:ListImages",
                          + "ecr:GetRepositoryPolicy",
                          + "ecr:GetLifecyclePolicyPreview",
                          + "ecr:GetLifecyclePolicy",
                          + "ecr:GetDownloadUrlForLayer",
                          + "ecr:GetAuthorizationToken",
                          + "ecr:DescribeRepositories",
                          + "ecr:DescribeImages",
                          + "ecr:DescribeImageScanFindings",
                          + "ecr:BatchGetImage",
                          + "ecr:BatchCheckLayerAvailability",
                        ]
                      + Effect    = "Allow"
                      + Principal = {
                          + AWS = "arn:aws:iam::207495628382:root"
                        }
                      + Sid       = "PrivateReadOnly"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + region      = "us-west-1"
      + registry_id = (known after apply)
      + repository  = "sqs-senzing-dev-redoer"
    }

  # module.system.module.redoer.module.task.module.ecs_task.aws_ecs_task_definition.main[0] will be created
  + resource "aws_ecs_task_definition" "main" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + enable_fault_injection   = false
      + execution_role_arn       = (known after apply)
      + family                   = "sqs-senzing-dev-redoer"
      + id                       = (known after apply)
      + memory                   = "1024"
      + network_mode             = "awsvpc"
      + region                   = "us-west-1"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      + tags_all                 = {
          + "application"    = "sqs-senzing-development"
          + "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
          + "environment"    = "development"
          + "program"        = "safety-net"
          + "project"        = "sqs-senzing"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

Plan: 23 to add, 1 to change, 3 to destroy.

Changes to Outputs:
  ~ image_tag              = "221ed45b3d9bd1bba29de706ec218086ff6f7dfe" -> "30e2f8105213c18b5399301bbbf3dfae851cec8d"

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    tofu apply "tfplan"

@jamesiarmes jamesiarmes requested a review from Copilot October 6, 2025 20:28
Copilot AI reviewed Oct 6, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds a new "redoer" service to the system by introducing configurable Terraform variables for container count, CPU, and memory allocation, along with the corresponding ECS service configuration.

  • Added Terraform variables for redoer service configuration (container count, CPU, memory)
  • Integrated redoer service into the ECS infrastructure module
  • Updated GitHub Actions workflows to include redoer environment variables

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tofu/modules/system/variables.tf Added redoer-specific configuration variables
tofu/modules/system/ecs.tf Added redoer service module configuration
tofu/config/service/variables.tf Added redoer variables to service configuration
tofu/config/service/main.tf Wired redoer variables to system module
Dockerfile.redoer Added volume definitions for read-only filesystem support
.github/workflows/*.yaml Added redoer environment variables to CI/CD workflows
.github/actions/setup-opentofu/action.yaml Added redoer variables to setup script

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@jamesiarmes jamesiarmes marked this pull request as ready for review October 6, 2025 21:09
@jamesiarmes jamesiarmes requested a review from a team as a code owner October 6, 2025 21:09
@jamesiarmes jamesiarmes merged commit ae98be0 into main Oct 6, 2025
15 of 16 checks passed
@jamesiarmes jamesiarmes deleted the redoer-service branch October 6, 2025 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jamesiarmes