fix: Set the Senzing license into the config. #40

jamesiarmes · 2025-10-15T20:53:16Z

No description provided.

github-actions · 2025-10-16T19:16:11Z

Plan output for service config


Note: Objects have changed outside of OpenTofu

OpenTofu detected the following changes made outside of OpenTofu since the
last "tofu apply" which may have affected this plan:

  # module.system.module.exporter.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:0db6d543ade81f7d45b7f9a6b4fcc758be3f9aef146177fcd4ad25953420ce5f207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.system.module.tools.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:a24f680424a284fe94ad892685963ea955638a359b9224f40a583d66f9fb6bd1207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.system.module.consumer.module.task.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:17134ab71fb356145c853a42b9ac7bcbba0e5b54ee71ab5726ff802e7fd06e45207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-consumer:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-consumer:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.system.module.redoer.module.task.docker_image.container has been deleted
  - resource "docker_image" "container" {
      - id       = "sha256:7fc1ea9dac199c3c42cd6ce3481275f904aa755026d8c466d99494ad13aa964f207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-redoer:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> null
      - name     = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-redoer:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> null
        # (2 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

OpenTofu used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
+/- create replacement and then destroy
 <= read (data resources)

OpenTofu will perform the following actions:

  # module.system.module.exporter.data.aws_caller_identity.identity will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "identity" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.system.module.exporter.data.aws_ecr_authorization_token.token will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecr_authorization_token" "token" {
      + authorization_token = (sensitive value)
      + expires_at          = (known after apply)
      + id                  = (known after apply)
      + password            = (sensitive value)
      + proxy_endpoint      = (known after apply)
      + region              = (known after apply)
      + registry_id         = "207495628382"
      + user_name           = (known after apply)
    }

  # module.system.module.exporter.data.aws_partition.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_partition" "current" {
      + dns_suffix         = (known after apply)
      + id                 = (known after apply)
      + partition          = (known after apply)
      + reverse_dns_prefix = (known after apply)
    }

  # module.system.module.exporter.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + region      = (known after apply)
    }

  # module.system.module.exporter.aws_iam_policy.task will be updated in-place
  ~ resource "aws_iam_policy" "task" {
        id               = "arn:aws:iam::207495628382:policy/sqs-senzing-development-exporter-task"
        name             = "sqs-senzing-development-exporter-task"
      ~ policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "ssm:GetParameters",
                          - "ssm:GetParameter",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/*"
                      - Sid      = "SSMAccess"
                    },
                  - {
                      - Action   = [
                          - "ssmmessages:CreateControlChannel",
                          - "ssmmessages:CreateDataChannel",
                          - "ssmmessages:OpenControlChannel",
                          - "ssmmessages:OpenDataChannel",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = "EcsExecAccess"
                    },
                  - {
                      - Action   = [
                          - "cloudwatch:PutMetricData",
                          - "ec2:DescribeTags",
                          - "ec2:DescribeVolumes",
                          - "logs:CreateLogGroup",
                          - "logs:CreateLogStream",
                          - "logs:DescribeLogGroups",
                          - "logs:DescribeLogStreams",
                          - "logs:PutLogEvents",
                          - "logs:PutRetentionPolicy",
                          - "xray:GetSamplingRules",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingTargets",
                          - "xray:PutTelemetryRecords",
                          - "xray:PutTraceSegments",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = "CloudWatchAccess"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags             = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (6 unchanged attributes hidden)
    }

  # module.system.module.exporter.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:77a1f1663d05ad540c7cb5e175a7323483309534"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "77a1f1663d05ad540c7cb5e175a7323483309534"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.exporter.docker_registry_image.container must be replaced
+/- resource "docker_registry_image" "container" {
      ~ id                   = "sha256:ef3f780a8064637118d3aa6b4ce2c3ac210af1ffdc098152545e81f84b49f801" -> (known after apply)
      ~ name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:77a1f1663d05ad540c7cb5e175a7323483309534" # forces replacement
      ~ sha256_digest        = "sha256:ef3f780a8064637118d3aa6b4ce2c3ac210af1ffdc098152545e81f84b49f801" -> (known after apply)
      ~ triggers             = { # forces replacement
          - "sha" = "sha256:0db6d543ade81f7d45b7f9a6b4fcc758be3f9aef146177fcd4ad25953420ce5f207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:4a5170d67c5f234fcc6d3e984f9292827e8d1493"
        } -> (known after apply) # forces replacement
        # (2 unchanged attributes hidden)

      ~ auth_config {
          ~ address  = "https://207495628382.dkr.ecr.us-west-1.amazonaws.com" -> (known after apply)
          ~ password = (sensitive value)
          ~ username = "AWS" -> (known after apply)
        }
    }

  # module.system.module.senzing_config.aws_ssm_parameter.this[0] will be updated in-place
  ~ resource "aws_ssm_parameter" "this" {
        id           = "/sqs-senzing/development/senzing"
        name         = "/sqs-senzing/development/senzing"
        tags         = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      ~ value        = (sensitive value)
      ~ version      = 6 -> (known after apply)
        # (9 unchanged attributes hidden)
    }

  # module.system.module.tools.data.aws_caller_identity.identity will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "identity" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.system.module.tools.data.aws_ecr_authorization_token.token will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecr_authorization_token" "token" {
      + authorization_token = (sensitive value)
      + expires_at          = (known after apply)
      + id                  = (known after apply)
      + password            = (sensitive value)
      + proxy_endpoint      = (known after apply)
      + region              = (known after apply)
      + registry_id         = "207495628382"
      + user_name           = (known after apply)
    }

  # module.system.module.tools.data.aws_partition.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_partition" "current" {
      + dns_suffix         = (known after apply)
      + id                 = (known after apply)
      + partition          = (known after apply)
      + reverse_dns_prefix = (known after apply)
    }

  # module.system.module.tools.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + region      = (known after apply)
    }

  # module.system.module.tools.aws_iam_policy.task will be updated in-place
  ~ resource "aws_iam_policy" "task" {
        id               = "arn:aws:iam::207495628382:policy/sqs-senzing-development-tools-task"
        name             = "sqs-senzing-development-tools-task"
      ~ policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "ssm:GetParameters",
                          - "ssm:GetParameter",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/*"
                      - Sid      = "SSMAccess"
                    },
                  - {
                      - Action   = [
                          - "ssmmessages:CreateControlChannel",
                          - "ssmmessages:CreateDataChannel",
                          - "ssmmessages:OpenControlChannel",
                          - "ssmmessages:OpenDataChannel",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = "EcsExecAccess"
                    },
                  - {
                      - Action   = [
                          - "cloudwatch:PutMetricData",
                          - "ec2:DescribeTags",
                          - "ec2:DescribeVolumes",
                          - "logs:CreateLogGroup",
                          - "logs:CreateLogStream",
                          - "logs:DescribeLogGroups",
                          - "logs:DescribeLogStreams",
                          - "logs:PutLogEvents",
                          - "logs:PutRetentionPolicy",
                          - "xray:GetSamplingRules",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingTargets",
                          - "xray:PutTelemetryRecords",
                          - "xray:PutTraceSegments",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = "CloudWatchAccess"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags             = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (6 unchanged attributes hidden)
    }

  # module.system.module.tools.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:77a1f1663d05ad540c7cb5e175a7323483309534"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "77a1f1663d05ad540c7cb5e175a7323483309534"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.tools.docker_registry_image.container must be replaced
+/- resource "docker_registry_image" "container" {
      ~ id                   = "sha256:d111dcce317c30d881d295865ef51fd5c577d0d741c2244b5a9dea7fc8e8638a" -> (known after apply)
      ~ name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:77a1f1663d05ad540c7cb5e175a7323483309534" # forces replacement
      ~ sha256_digest        = "sha256:d111dcce317c30d881d295865ef51fd5c577d0d741c2244b5a9dea7fc8e8638a" -> (known after apply)
      ~ triggers             = { # forces replacement
          - "sha" = "sha256:a24f680424a284fe94ad892685963ea955638a359b9224f40a583d66f9fb6bd1207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:4a5170d67c5f234fcc6d3e984f9292827e8d1493"
        } -> (known after apply) # forces replacement
        # (2 unchanged attributes hidden)

      ~ auth_config {
          ~ address  = "https://207495628382.dkr.ecr.us-west-1.amazonaws.com" -> (known after apply)
          ~ password = (sensitive value)
          ~ username = "AWS" -> (known after apply)
        }
    }

  # module.system.module.consumer.module.service.aws_ecs_service.main_ignore_desired_count_changes[0] will be updated in-place
  ~ resource "aws_ecs_service" "main_ignore_desired_count_changes" {
        id                                 = "arn:aws:ecs:us-west-1:207495628382:service/sqs-senzing-development/sqs-senzing-development-consumer"
        name                               = "sqs-senzing-development-consumer"
        tags                               = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      ~ task_definition                    = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-consumer:22" -> (known after apply)
        # (19 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.system.module.consumer.module.task.data.aws_caller_identity.identity will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "identity" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.system.module.consumer.module.task.data.aws_ecr_authorization_token.token will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecr_authorization_token" "token" {
      + authorization_token = (sensitive value)
      + expires_at          = (known after apply)
      + id                  = (known after apply)
      + password            = (sensitive value)
      + proxy_endpoint      = (known after apply)
      + region              = (known after apply)
      + registry_id         = "207495628382"
      + user_name           = (known after apply)
    }

  # module.system.module.consumer.module.task.data.aws_partition.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_partition" "current" {
      + dns_suffix         = (known after apply)
      + id                 = (known after apply)
      + partition          = (known after apply)
      + reverse_dns_prefix = (known after apply)
    }

  # module.system.module.consumer.module.task.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + region      = (known after apply)
    }

  # module.system.module.consumer.module.task.aws_iam_policy.task will be updated in-place
  ~ resource "aws_iam_policy" "task" {
        id               = "arn:aws:iam::207495628382:policy/sqs-senzing-development-consumer-task"
        name             = "sqs-senzing-development-consumer-task"
      ~ policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "ssm:GetParameters",
                          - "ssm:GetParameter",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/*"
                      - Sid      = "SSMAccess"
                    },
                  - {
                      - Action   = [
                          - "ssmmessages:CreateControlChannel",
                          - "ssmmessages:CreateDataChannel",
                          - "ssmmessages:OpenControlChannel",
                          - "ssmmessages:OpenDataChannel",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = "EcsExecAccess"
                    },
                  - {
                      - Action   = [
                          - "cloudwatch:PutMetricData",
                          - "ec2:DescribeTags",
                          - "ec2:DescribeVolumes",
                          - "logs:CreateLogGroup",
                          - "logs:CreateLogStream",
                          - "logs:DescribeLogGroups",
                          - "logs:DescribeLogStreams",
                          - "logs:PutLogEvents",
                          - "logs:PutRetentionPolicy",
                          - "xray:GetSamplingRules",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingTargets",
                          - "xray:PutTelemetryRecords",
                          - "xray:PutTraceSegments",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = "CloudWatchAccess"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags             = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (6 unchanged attributes hidden)
    }

  # module.system.module.consumer.module.task.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-consumer:77a1f1663d05ad540c7cb5e175a7323483309534"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "77a1f1663d05ad540c7cb5e175a7323483309534"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.consumer.module.task.docker_registry_image.container must be replaced
+/- resource "docker_registry_image" "container" {
      ~ id                   = "sha256:b9b118d8035e424eb4dcd34cdd1c730df26d6048768b1c8aaffd5b54d499e4fa" -> (known after apply)
      ~ name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-consumer:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-consumer:77a1f1663d05ad540c7cb5e175a7323483309534" # forces replacement
      ~ sha256_digest        = "sha256:b9b118d8035e424eb4dcd34cdd1c730df26d6048768b1c8aaffd5b54d499e4fa" -> (known after apply)
      ~ triggers             = { # forces replacement
          - "sha" = "sha256:17134ab71fb356145c853a42b9ac7bcbba0e5b54ee71ab5726ff802e7fd06e45207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-consumer:4a5170d67c5f234fcc6d3e984f9292827e8d1493"
        } -> (known after apply) # forces replacement
        # (2 unchanged attributes hidden)

      ~ auth_config {
          ~ address  = "https://207495628382.dkr.ecr.us-west-1.amazonaws.com" -> (known after apply)
          ~ password = (sensitive value)
          ~ username = "AWS" -> (known after apply)
        }
    }

  # module.system.module.exporter.module.ecr.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.system.module.exporter.module.ecr.data.aws_iam_policy_document.repository[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "repository" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "ecr:BatchCheckLayerAvailability",
              + "ecr:BatchGetImage",
              + "ecr:DescribeImageScanFindings",
              + "ecr:DescribeImages",
              + "ecr:DescribeRepositories",
              + "ecr:GetAuthorizationToken",
              + "ecr:GetDownloadUrlForLayer",
              + "ecr:GetLifecyclePolicy",
              + "ecr:GetLifecyclePolicyPreview",
              + "ecr:GetRepositoryPolicy",
              + "ecr:ListImages",
              + "ecr:ListTagsForResource",
            ]
          + sid     = "PrivateReadOnly"

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.system.module.exporter.module.ecr.data.aws_partition.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_partition" "current" {
      + dns_suffix         = (known after apply)
      + id                 = (known after apply)
      + partition          = (known after apply)
      + reverse_dns_prefix = (known after apply)
    }

  # module.system.module.exporter.module.ecr.aws_ecr_repository_policy.this[0] will be updated in-place
  ~ resource "aws_ecr_repository_policy" "this" {
        id          = "sqs-senzing-development-exporter"
      ~ policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = [
                          - "ecr:ListTagsForResource",
                          - "ecr:ListImages",
                          - "ecr:GetRepositoryPolicy",
                          - "ecr:GetLifecyclePolicyPreview",
                          - "ecr:GetLifecyclePolicy",
                          - "ecr:GetDownloadUrlForLayer",
                          - "ecr:GetAuthorizationToken",
                          - "ecr:DescribeRepositories",
                          - "ecr:DescribeImages",
                          - "ecr:DescribeImageScanFindings",
                          - "ecr:BatchGetImage",
                          - "ecr:BatchCheckLayerAvailability",
                        ]
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::207495628382:root"
                        }
                      - Sid       = "PrivateReadOnly"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        # (3 unchanged attributes hidden)
    }

  # module.system.module.exporter.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-exporter:19" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-exporter" -> (known after apply)
      ~ container_definitions    = jsonencode(
            [
              - {
                  - command                = [
                      - "--config=/etc/ecs/container-insights/otel-task-metrics-config.yaml",
                    ]
                  - environment            = [
                      - {
                          - name  = "OTEL_LOG_LEVEL"
                          - value = "info"
                        },
                    ]
                  - essential              = false
                  - image                  = "public.ecr.aws/aws-observability/aws-otel-collector:latest"
                  - logConfiguration       = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "/aws/ecs/sqs-senzing/development/exporter"
                          - awslogs-region        = "us-west-1"
                          - awslogs-stream-prefix = "otel-collector"
                        }
                    }
                  - mountPoints            = []
                  - name                   = "otel-collector"
                  - portMappings           = []
                  - readonlyRootFilesystem = true
                  - secrets                = [
                      - {
                          - name      = "AOT_CONFIG_CONTENT"
                          - valueFrom = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/otel"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                },
              - {
                  - cpu                    = 1024
                  - environment            = [
                      - {
                          - name  = "LOG_LEVEL"
                          - value = "INFO"
                        },
                      - {
                          - name  = "Q_URL"
                          - value = "https://sqs.us-west-1.amazonaws.com/207495628382/sqs-senzing-development-queue"
                        },
                      - {
                          - name  = "S3_BUCKET_NAME"
                          - value = "sqs-senzing-development-exports"
                        },
                    ]
                  - essential              = true
                  - image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-exporter:4a5170d67c5f234fcc6d3e984f9292827e8d1493"
                  - linuxParameters        = {
                      - initProcessEnabled = true
                    }
                  - logConfiguration       = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "/aws/ecs/sqs-senzing/development/exporter"
                          - awslogs-region        = "us-west-1"
                          - awslogs-stream-prefix = "ecs"
                        }
                    }
                  - memory                 = 4096
                  - memoryReservation      = 4096
                  - mountPoints            = [
                      - {
                          - containerPath = "/var/log"
                          - readOnly      = false
                          - sourceVolume  = "logs"
                        },
                      - {
                          - containerPath = "/home/senzing"
                          - readOnly      = false
                          - sourceVolume  = "senzing-home"
                        },
                    ]
                  - name                   = "sqs-senzing-development-exporter"
                  - portMappings           = [
                      - {
                          - containerPort = 80
                          - hostPort      = 80
                          - protocol      = "tcp"
                        },
                    ]
                  - readonlyRootFilesystem = true
                  - secrets                = [
                      - {
                          - name      = "SENZING_ENGINE_CONFIGURATION_JSON"
                          - valueFrom = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/senzing"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                },
            ] # forces replacement
        ) -> (known after apply) # forces replacement
      ~ id                       = "sqs-senzing-development-exporter" -> (known after apply)
      ~ revision                 = 19 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

  # module.system.module.redoer.module.service.aws_ecs_service.main_ignore_desired_count_changes[0] will be updated in-place
  ~ resource "aws_ecs_service" "main_ignore_desired_count_changes" {
        id                                 = "arn:aws:ecs:us-west-1:207495628382:service/sqs-senzing-development/sqs-senzing-development-redoer"
        name                               = "sqs-senzing-development-redoer"
        tags                               = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
      ~ task_definition                    = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-redoer:5" -> (known after apply)
        # (19 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.system.module.redoer.module.task.data.aws_caller_identity.identity will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "identity" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.system.module.redoer.module.task.data.aws_ecr_authorization_token.token will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecr_authorization_token" "token" {
      + authorization_token = (sensitive value)
      + expires_at          = (known after apply)
      + id                  = (known after apply)
      + password            = (sensitive value)
      + proxy_endpoint      = (known after apply)
      + region              = (known after apply)
      + registry_id         = "207495628382"
      + user_name           = (known after apply)
    }

  # module.system.module.redoer.module.task.data.aws_partition.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_partition" "current" {
      + dns_suffix         = (known after apply)
      + id                 = (known after apply)
      + partition          = (known after apply)
      + reverse_dns_prefix = (known after apply)
    }

  # module.system.module.redoer.module.task.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + region      = (known after apply)
    }

  # module.system.module.redoer.module.task.aws_iam_policy.task will be updated in-place
  ~ resource "aws_iam_policy" "task" {
        id               = "arn:aws:iam::207495628382:policy/sqs-senzing-development-redoer-task"
        name             = "sqs-senzing-development-redoer-task"
      ~ policy           = jsonencode(
            {
              - Statement = [
                  - {
                      - Action   = [
                          - "ssm:GetParameters",
                          - "ssm:GetParameter",
                        ]
                      - Effect   = "Allow"
                      - Resource = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/*"
                      - Sid      = "SSMAccess"
                    },
                  - {
                      - Action   = [
                          - "ssmmessages:CreateControlChannel",
                          - "ssmmessages:CreateDataChannel",
                          - "ssmmessages:OpenControlChannel",
                          - "ssmmessages:OpenDataChannel",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = "EcsExecAccess"
                    },
                  - {
                      - Action   = [
                          - "cloudwatch:PutMetricData",
                          - "ec2:DescribeTags",
                          - "ec2:DescribeVolumes",
                          - "logs:CreateLogGroup",
                          - "logs:CreateLogStream",
                          - "logs:DescribeLogGroups",
                          - "logs:DescribeLogStreams",
                          - "logs:PutLogEvents",
                          - "logs:PutRetentionPolicy",
                          - "xray:GetSamplingRules",
                          - "xray:GetSamplingStatisticSummaries",
                          - "xray:GetSamplingTargets",
                          - "xray:PutTelemetryRecords",
                          - "xray:PutTraceSegments",
                        ]
                      - Effect   = "Allow"
                      - Resource = "*"
                      - Sid      = "CloudWatchAccess"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        tags             = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (6 unchanged attributes hidden)
    }

  # module.system.module.redoer.module.task.docker_image.container will be created
  + resource "docker_image" "container" {
      + id          = (known after apply)
      + image_id    = (known after apply)
      + name        = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-redoer:77a1f1663d05ad540c7cb5e175a7323483309534"
      + repo_digest = (known after apply)
      + triggers    = {
          + "image_tage" = "77a1f1663d05ad540c7cb5e175a7323483309534"
        }

      + build {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.
        }
    }

  # module.system.module.redoer.module.task.docker_registry_image.container must be replaced
+/- resource "docker_registry_image" "container" {
      ~ id                   = "sha256:7a1bc83f93dde772c0405786acc037961df5ce48c498a414b1b8f9dfcf53fc09" -> (known after apply)
      ~ name                 = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-redoer:4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-redoer:77a1f1663d05ad540c7cb5e175a7323483309534" # forces replacement
      ~ sha256_digest        = "sha256:7a1bc83f93dde772c0405786acc037961df5ce48c498a414b1b8f9dfcf53fc09" -> (known after apply)
      ~ triggers             = { # forces replacement
          - "sha" = "sha256:7fc1ea9dac199c3c42cd6ce3481275f904aa755026d8c466d99494ad13aa964f207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-redoer:4a5170d67c5f234fcc6d3e984f9292827e8d1493"
        } -> (known after apply) # forces replacement
        # (2 unchanged attributes hidden)

      ~ auth_config {
          ~ address  = "https://207495628382.dkr.ecr.us-west-1.amazonaws.com" -> (known after apply)
          ~ password = (sensitive value)
          ~ username = "AWS" -> (known after apply)
        }
    }

  # module.system.module.tools.module.ecr.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.system.module.tools.module.ecr.data.aws_iam_policy_document.repository[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "repository" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "ecr:BatchCheckLayerAvailability",
              + "ecr:BatchGetImage",
              + "ecr:DescribeImageScanFindings",
              + "ecr:DescribeImages",
              + "ecr:DescribeRepositories",
              + "ecr:GetAuthorizationToken",
              + "ecr:GetDownloadUrlForLayer",
              + "ecr:GetLifecyclePolicy",
              + "ecr:GetLifecyclePolicyPreview",
              + "ecr:GetRepositoryPolicy",
              + "ecr:ListImages",
              + "ecr:ListTagsForResource",
            ]
          + sid     = "PrivateReadOnly"

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.system.module.tools.module.ecr.data.aws_partition.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_partition" "current" {
      + dns_suffix         = (known after apply)
      + id                 = (known after apply)
      + partition          = (known after apply)
      + reverse_dns_prefix = (known after apply)
    }

  # module.system.module.tools.module.ecr.aws_ecr_repository_policy.this[0] will be updated in-place
  ~ resource "aws_ecr_repository_policy" "this" {
        id          = "sqs-senzing-development-tools"
      ~ policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = [
                          - "ecr:ListTagsForResource",
                          - "ecr:ListImages",
                          - "ecr:GetRepositoryPolicy",
                          - "ecr:GetLifecyclePolicyPreview",
                          - "ecr:GetLifecyclePolicy",
                          - "ecr:GetDownloadUrlForLayer",
                          - "ecr:GetAuthorizationToken",
                          - "ecr:DescribeRepositories",
                          - "ecr:DescribeImages",
                          - "ecr:DescribeImageScanFindings",
                          - "ecr:BatchGetImage",
                          - "ecr:BatchCheckLayerAvailability",
                        ]
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::207495628382:root"
                        }
                      - Sid       = "PrivateReadOnly"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        # (3 unchanged attributes hidden)
    }

  # module.system.module.tools.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-tools:68" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-tools" -> (known after apply)
      ~ container_definitions    = jsonencode(
            [
              - {
                  - command                = [
                      - "--config=/etc/ecs/container-insights/otel-task-metrics-config.yaml",
                    ]
                  - environment            = [
                      - {
                          - name  = "OTEL_LOG_LEVEL"
                          - value = "info"
                        },
                    ]
                  - essential              = false
                  - image                  = "public.ecr.aws/aws-observability/aws-otel-collector:latest"
                  - logConfiguration       = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "/aws/ecs/sqs-senzing/development/tools"
                          - awslogs-region        = "us-west-1"
                          - awslogs-stream-prefix = "otel-collector"
                        }
                    }
                  - mountPoints            = []
                  - name                   = "otel-collector"
                  - portMappings           = []
                  - readonlyRootFilesystem = true
                  - secrets                = [
                      - {
                          - name      = "AOT_CONFIG_CONTENT"
                          - valueFrom = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/otel"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                },
              - {
                  - cpu                    = 1024
                  - environment            = [
                      - {
                          - name  = "LOG_LEVEL"
                          - value = "INFO"
                        },
                      - {
                          - name  = "PGHOST"
                          - value = "sqs-senzing-development-senzing.cluster-c7qqmqeoy39j.us-west-1.rds.amazonaws.com"
                        },
                      - {
                          - name  = "PGSSLMODE"
                          - value = "require"
                        },
                      - {
                          - name  = "Q_URL"
                          - value = "https://sqs.us-west-1.amazonaws.com/207495628382/sqs-senzing-development-queue"
                        },
                    ]
                  - essential              = true
                  - image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-tools:4a5170d67c5f234fcc6d3e984f9292827e8d1493"
                  - linuxParameters        = {
                      - initProcessEnabled = true
                    }
                  - logConfiguration       = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "/aws/ecs/sqs-senzing/development/tools"
                          - awslogs-region        = "us-west-1"
                          - awslogs-stream-prefix = "ecs"
                        }
                    }
                  - memory                 = 4096
                  - memoryReservation      = 4096
                  - mountPoints            = [
                      - {
                          - containerPath = "/var/lib/amazon"
                          - readOnly      = false
                          - sourceVolume  = "aws-lib"
                        },
                      - {
                          - containerPath = "/var/log"
                          - readOnly      = false
                          - sourceVolume  = "logs"
                        },
                      - {
                          - containerPath = "/home/senzing"
                          - readOnly      = false
                          - sourceVolume  = "senzing-home"
                        },
                    ]
                  - name                   = "sqs-senzing-development-tools"
                  - portMappings           = [
                      - {
                          - containerPort = 80
                          - hostPort      = 80
                          - protocol      = "tcp"
                        },
                    ]
                  - readonlyRootFilesystem = true
                  - secrets                = [
                      - {
                          - name      = "PGPASSWORD"
                          - valueFrom = "arn:aws:secretsmanager:us-west-1:207495628382:secret:rds!cluster-2e4a2e07-8cf4-45ac-aec7-db2686d406d5-HPW6AD:password::"
                        },
                      - {
                          - name      = "PGUSER"
                          - valueFrom = "arn:aws:secretsmanager:us-west-1:207495628382:secret:rds!cluster-2e4a2e07-8cf4-45ac-aec7-db2686d406d5-HPW6AD:username::"
                        },
                      - {
                          - name      = "SENZING_ENGINE_CONFIGURATION_JSON"
                          - valueFrom = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/senzing"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                },
            ] # forces replacement
        ) -> (known after apply) # forces replacement
      ~ id                       = "sqs-senzing-development-tools" -> (known after apply)
      ~ revision                 = 68 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "aws-lib" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "aws-lib"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

  # module.system.module.consumer.module.task.module.ecr.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.system.module.consumer.module.task.module.ecr.data.aws_iam_policy_document.repository[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "repository" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "ecr:BatchCheckLayerAvailability",
              + "ecr:BatchGetImage",
              + "ecr:DescribeImageScanFindings",
              + "ecr:DescribeImages",
              + "ecr:DescribeRepositories",
              + "ecr:GetAuthorizationToken",
              + "ecr:GetDownloadUrlForLayer",
              + "ecr:GetLifecyclePolicy",
              + "ecr:GetLifecyclePolicyPreview",
              + "ecr:GetRepositoryPolicy",
              + "ecr:ListImages",
              + "ecr:ListTagsForResource",
            ]
          + sid     = "PrivateReadOnly"

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.system.module.consumer.module.task.module.ecr.data.aws_partition.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_partition" "current" {
      + dns_suffix         = (known after apply)
      + id                 = (known after apply)
      + partition          = (known after apply)
      + reverse_dns_prefix = (known after apply)
    }

  # module.system.module.consumer.module.task.module.ecr.aws_ecr_repository_policy.this[0] will be updated in-place
  ~ resource "aws_ecr_repository_policy" "this" {
        id          = "sqs-senzing-development-consumer"
      ~ policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = [
                          - "ecr:ListTagsForResource",
                          - "ecr:ListImages",
                          - "ecr:GetRepositoryPolicy",
                          - "ecr:GetLifecyclePolicyPreview",
                          - "ecr:GetLifecyclePolicy",
                          - "ecr:GetDownloadUrlForLayer",
                          - "ecr:GetAuthorizationToken",
                          - "ecr:DescribeRepositories",
                          - "ecr:DescribeImages",
                          - "ecr:DescribeImageScanFindings",
                          - "ecr:BatchGetImage",
                          - "ecr:BatchCheckLayerAvailability",
                        ]
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::207495628382:root"
                        }
                      - Sid       = "PrivateReadOnly"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        # (3 unchanged attributes hidden)
    }

  # module.system.module.consumer.module.task.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-consumer:22" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-consumer" -> (known after apply)
      ~ container_definitions    = jsonencode(
            [
              - {
                  - command                = [
                      - "--config=/etc/ecs/container-insights/otel-task-metrics-config.yaml",
                    ]
                  - environment            = [
                      - {
                          - name  = "OTEL_LOG_LEVEL"
                          - value = "info"
                        },
                    ]
                  - essential              = false
                  - image                  = "public.ecr.aws/aws-observability/aws-otel-collector:latest"
                  - logConfiguration       = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "/aws/ecs/sqs-senzing/development/consumer"
                          - awslogs-region        = "us-west-1"
                          - awslogs-stream-prefix = "otel-collector"
                        }
                    }
                  - mountPoints            = []
                  - name                   = "otel-collector"
                  - portMappings           = []
                  - readonlyRootFilesystem = true
                  - secrets                = [
                      - {
                          - name      = "AOT_CONFIG_CONTENT"
                          - valueFrom = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/otel"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                },
              - {
                  - cpu                    = 1024
                  - environment            = [
                      - {
                          - name  = "LOG_LEVEL"
                          - value = "INFO"
                        },
                      - {
                          - name  = "Q_URL"
                          - value = "https://sqs.us-west-1.amazonaws.com/207495628382/sqs-senzing-development-queue"
                        },
                    ]
                  - essential              = true
                  - image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-consumer:4a5170d67c5f234fcc6d3e984f9292827e8d1493"
                  - linuxParameters        = {
                      - initProcessEnabled = true
                    }
                  - logConfiguration       = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "/aws/ecs/sqs-senzing/development/consumer"
                          - awslogs-region        = "us-west-1"
                          - awslogs-stream-prefix = "ecs"
                        }
                    }
                  - memory                 = 4096
                  - memoryReservation      = 4096
                  - mountPoints            = [
                      - {
                          - containerPath = "/var/log"
                          - readOnly      = false
                          - sourceVolume  = "logs"
                        },
                      - {
                          - containerPath = "/home/senzing"
                          - readOnly      = false
                          - sourceVolume  = "senzing-home"
                        },
                    ]
                  - name                   = "sqs-senzing-development-consumer"
                  - portMappings           = [
                      - {
                          - containerPort = 80
                          - hostPort      = 80
                          - protocol      = "tcp"
                        },
                    ]
                  - readonlyRootFilesystem = true
                  - secrets                = [
                      - {
                          - name      = "SENZING_ENGINE_CONFIGURATION_JSON"
                          - valueFrom = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/senzing"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                },
            ] # forces replacement
        ) -> (known after apply) # forces replacement
      ~ id                       = "sqs-senzing-development-consumer" -> (known after apply)
      ~ revision                 = 22 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

  # module.system.module.redoer.module.task.module.ecr.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.system.module.redoer.module.task.module.ecr.data.aws_iam_policy_document.repository[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "repository" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "ecr:BatchCheckLayerAvailability",
              + "ecr:BatchGetImage",
              + "ecr:DescribeImageScanFindings",
              + "ecr:DescribeImages",
              + "ecr:DescribeRepositories",
              + "ecr:GetAuthorizationToken",
              + "ecr:GetDownloadUrlForLayer",
              + "ecr:GetLifecyclePolicy",
              + "ecr:GetLifecyclePolicyPreview",
              + "ecr:GetRepositoryPolicy",
              + "ecr:ListImages",
              + "ecr:ListTagsForResource",
            ]
          + sid     = "PrivateReadOnly"

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.system.module.redoer.module.task.module.ecr.data.aws_partition.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_partition" "current" {
      + dns_suffix         = (known after apply)
      + id                 = (known after apply)
      + partition          = (known after apply)
      + reverse_dns_prefix = (known after apply)
    }

  # module.system.module.redoer.module.task.module.ecr.aws_ecr_repository_policy.this[0] will be updated in-place
  ~ resource "aws_ecr_repository_policy" "this" {
        id          = "sqs-senzing-development-redoer"
      ~ policy      = jsonencode(
            {
              - Statement = [
                  - {
                      - Action    = [
                          - "ecr:ListTagsForResource",
                          - "ecr:ListImages",
                          - "ecr:GetRepositoryPolicy",
                          - "ecr:GetLifecyclePolicyPreview",
                          - "ecr:GetLifecyclePolicy",
                          - "ecr:GetDownloadUrlForLayer",
                          - "ecr:GetAuthorizationToken",
                          - "ecr:DescribeRepositories",
                          - "ecr:DescribeImages",
                          - "ecr:DescribeImageScanFindings",
                          - "ecr:BatchGetImage",
                          - "ecr:BatchCheckLayerAvailability",
                        ]
                      - Effect    = "Allow"
                      - Principal = {
                          - AWS = "arn:aws:iam::207495628382:root"
                        }
                      - Sid       = "PrivateReadOnly"
                    },
                ]
              - Version   = "2012-10-17"
            }
        ) -> (known after apply)
        # (3 unchanged attributes hidden)
    }

  # module.system.module.redoer.module.task.module.ecs_task.aws_ecs_task_definition.main[0] must be replaced
+/- resource "aws_ecs_task_definition" "main" {
      ~ arn                      = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-redoer:5" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-west-1:207495628382:task-definition/sqs-senzing-development-redoer" -> (known after apply)
      ~ container_definitions    = jsonencode(
            [
              - {
                  - command                = [
                      - "--config=/etc/ecs/container-insights/otel-task-metrics-config.yaml",
                    ]
                  - environment            = [
                      - {
                          - name  = "OTEL_LOG_LEVEL"
                          - value = "info"
                        },
                    ]
                  - essential              = false
                  - image                  = "public.ecr.aws/aws-observability/aws-otel-collector:latest"
                  - logConfiguration       = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "/aws/ecs/sqs-senzing/development/redoer"
                          - awslogs-region        = "us-west-1"
                          - awslogs-stream-prefix = "otel-collector"
                        }
                    }
                  - mountPoints            = []
                  - name                   = "otel-collector"
                  - portMappings           = []
                  - readonlyRootFilesystem = true
                  - secrets                = [
                      - {
                          - name      = "AOT_CONFIG_CONTENT"
                          - valueFrom = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/otel"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                },
              - {
                  - cpu                    = 1024
                  - environment            = [
                      - {
                          - name  = "LOG_LEVEL"
                          - value = "INFO"
                        },
                      - {
                          - name  = "Q_URL"
                          - value = "https://sqs.us-west-1.amazonaws.com/207495628382/sqs-senzing-development-queue"
                        },
                    ]
                  - essential              = true
                  - image                  = "207495628382.dkr.ecr.us-west-1.amazonaws.com/sqs-senzing-development-redoer:4a5170d67c5f234fcc6d3e984f9292827e8d1493"
                  - linuxParameters        = {
                      - initProcessEnabled = true
                    }
                  - logConfiguration       = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "/aws/ecs/sqs-senzing/development/redoer"
                          - awslogs-region        = "us-west-1"
                          - awslogs-stream-prefix = "ecs"
                        }
                    }
                  - memory                 = 2048
                  - memoryReservation      = 2048
                  - mountPoints            = [
                      - {
                          - containerPath = "/var/log"
                          - readOnly      = false
                          - sourceVolume  = "logs"
                        },
                      - {
                          - containerPath = "/home/senzing"
                          - readOnly      = false
                          - sourceVolume  = "senzing-home"
                        },
                    ]
                  - name                   = "sqs-senzing-development-redoer"
                  - portMappings           = [
                      - {
                          - containerPort = 80
                          - hostPort      = 80
                          - protocol      = "tcp"
                        },
                    ]
                  - readonlyRootFilesystem = true
                  - secrets                = [
                      - {
                          - name      = "SENZING_ENGINE_CONFIGURATION_JSON"
                          - valueFrom = "arn:aws:ssm:us-west-1:207495628382:parameter/sqs-senzing/development/senzing"
                        },
                    ]
                  - systemControls         = []
                  - volumesFrom            = []
                },
            ] # forces replacement
        ) -> (known after apply) # forces replacement
      ~ id                       = "sqs-senzing-development-redoer" -> (known after apply)
      ~ revision                 = 5 -> (known after apply)
        tags                     = {
            "awsApplication" = "arn:aws:resource-groups:us-west-1:207495628382:group/sqs-senzing-development/0949oli7hmptcuydpbudaxsl9k"
        }
        # (12 unchanged attributes hidden)

      - volume {
          - configure_at_launch = false -> null
          - name                = "logs" -> null
        }
      - volume {
          - configure_at_launch = false -> null
          - name                = "senzing-home" -> null
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "logs"
        }
      + volume {
          + configure_at_launch = (known after apply)
          + name                = "senzing-home"
        }
    }

Plan: 12 to add, 11 to change, 8 to destroy.

Changes to Outputs:
  ~ image_tag              = "4a5170d67c5f234fcc6d3e984f9292827e8d1493" -> "77a1f1663d05ad540c7cb5e175a7323483309534"

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: tfplan

To perform exactly these actions, run the following command to apply:
    tofu apply "tfplan"

jamesiarmes requested a review from a team as a code owner October 15, 2025 20:53

jamesiarmes had a problem deploying to development October 15, 2025 20:53 — with GitHub Actions Failure

jamesiarmes force-pushed the license branch from 3e8a1e6 to e3697c3 Compare October 15, 2025 20:56

jamesiarmes had a problem deploying to development October 15, 2025 20:56 — with GitHub Actions Failure

jamesiarmes force-pushed the license branch from e3697c3 to 355a9ad Compare October 15, 2025 21:01

jamesiarmes had a problem deploying to development October 15, 2025 21:02 — with GitHub Actions Failure

fix: Set the Senzing license into the config.

4bef84d

jamesiarmes force-pushed the license branch from 355a9ad to 4bef84d Compare October 16, 2025 19:15

jamesiarmes temporarily deployed to development October 16, 2025 19:15 — with GitHub Actions Inactive

jamesiarmes merged commit 669a888 into main Oct 17, 2025
10 checks passed

jamesiarmes deleted the license branch October 17, 2025 18:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

fix: Set the Senzing license into the config. #40

fix: Set the Senzing license into the config. #40

Uh oh!

jamesiarmes commented Oct 15, 2025

Uh oh!

github-actions bot commented Oct 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

fix: Set the Senzing license into the config. #40

fix: Set the Senzing license into the config. #40

Uh oh!

Conversation

jamesiarmes commented Oct 15, 2025

Uh oh!

github-actions bot commented Oct 16, 2025

Plan output for service config

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants