Scouttlo
ENES
All ideas/devtools/Plataforma SaaS para detección automática de drift en infraestructuras declaradas con Terraform y remediación asistida por IA.
GitHubB2Bdevtools

Plataforma SaaS para detección automática de drift en infraestructuras declaradas con Terraform y remediación asistida por IA.

Scouted 6 hours ago

7.0/ 10
Overall score

Turn this signal into an edge

We help you build it, validate it, and get there first.

Go from idea to plan: who buys, what MVP to launch, how to validate it, and what to measure before spending months.

Extra context

Learn more about this idea

Get a clearer explanation of what the opportunity means, the current problem behind it, how this idea solves it, and the key concepts involved.

Share your email to view this expanded analysis.

Score breakdown

Urgency8.0
Market size7.0
Feasibility7.0
Competition6.0
Pain point

Desviaciones en la infraestructura declarada en Terraform causan inconsistencias y posibles problemas de rendimiento.

Who'd pay for this

Equipos de DevOps, ingenieros de infraestructura y empresas que gestionan infraestructuras en la nube con Terraform.

Source signal

"Terraform Drift Detected — Risk: MEDIUM"

Original post

🚨 Terraform Drift Detected [prod] — MEDIUM Risk

Published: 6 hours ago

Repository: tahamehdidev/Autonomous-Infrastructure-Drift-Detection-and-AI-Assisted-Remediation Author: github-actions[bot] ## 🟡 Terraform Drift Detected — Risk: MEDIUM **Environment:** prod **Run:** [23226748247](https://github.com/tahamehdidev/Autonomous-Infrastructure-Drift-Detection-and-AI-Assisted-Remediation/actions/runs/23226748247) ### AI Analysis The Terraform plan indicates that an Auto Scaling Group and associated policies, CloudWatch alarms, and an Elastic IP are being re-created. This drift might have been caused by manual changes in the AWS management console or misconfigurations in another part of the infrastructure. It is important to correct this to maintain consistency with the declared configuration in code and prevent potential scaling and monitoring issues. **Risk Reasoning:** Creating new resources like Auto Scaling Groups and alarms can impact application performance and behavior, but they pose no immediate security threat. <details> <summary>Show Terraform Plan</summary> ``` data.aws_ami.ubuntu: Reading... data.aws_ami.ubuntu: Read complete after 0s [id=ami-04680790a315cd58d] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_autoscaling_group.app_asg will be created + resource "aws_autoscaling_group" "app_asg" { + arn = (known after apply) + availability_zones = (known after apply) + default_cooldown = (known after apply) + desired_capacity = 2 + force_delete = false + force_delete_warm_pool = false + health_check_grace_period = 300 + health_check_type = "ELB" + id = (known after apply) + ignore_failed_scaling_activities = false + load_balancers = (known after apply) + max_size = 5 + metrics_granularity = "1Minute" + min_size = 2 + name = "app-asg" + name_prefix = (known after apply) + predicted_capacity = (known after apply) + protect_from_scale_in = false + region = "us-east-1" + service_linked_role_arn = (known after apply) + target_group_arns = (known after apply) + vpc_zone_identifier = (known after apply) + wait_for_capacity_timeout = "10m" + warm_pool_size = (known after apply) + availability_zone_distribution (known after apply) + capacity_reservation_specification (known after apply) + launch_template { + id = (known after apply) + name = (known after apply) + version = "$Latest" } + mixed_instances_policy (known after apply) + tag { + key = "Name" + propagate_at_launch = true + value = "app-instance" } + traffic_source (known after apply) } # aws_autoscaling_policy.scale_in will be created + resource "aws_autoscaling_policy" "scale_in" { + adjustment_type = "ChangeInCapacity" + arn = (known after apply) + autoscaling_group_name = "app-asg" + cooldown = 300 + enabled = true + id = (known after apply) + metric_aggregation_type = (known after apply) + name = "scale-in" + policy_type = "SimpleScaling" + region = "us-east-1" + scaling_adjustment = -1 } # aws_autoscaling_policy.scale_out will be created + resource "aws_autoscaling_policy" "scale_out" { + adjustment_type = "ChangeInCapacity" + arn = (known after apply) + autoscaling_group_name = "app-asg" + cooldown = 300 + enabled = true + id = (known after apply) + metric_aggregation_type = (known after apply) + name = "scale-out" + policy_type = "SimpleScaling" + region = "us-east-1" + scaling_adjustment = 1 } # aws_autoscaling_policy.target_tracking will be created + resource "aws_autoscaling_policy" "target_tracking" { + arn = (known after apply) + autoscaling_group_name = "app-asg" + enabled = true + id = (known after apply) + metric_aggregation_type = (known after apply) + name = "target-tracking-policy" + policy_type = "TargetTrackingScaling" + region = "us-east-1" + target_tracking_configuration { + disable_scale_in = false + target_value = 70 + predefined_metric_specification { + predefined_metric_type = "ASGAverageCPUUtilization" } } } # aws_cloudwatch_metric_alarm.high_cpu will be created + resource "aws_cloudwatch_metric_alarm" "high_cpu" { + actions_enabled = true + alarm_actions = (known after apply) + alarm_description = "This metric monitors ec2 cpu utilization" + alarm_name = "high-cpu-utilization" + arn = (known after apply) + comparison_operator = "GreaterThanThreshold" + dimensions = { + "AutoScalingGroupName" = "app-asg" } + evaluate_low_sample_count_percentiles = (known after apply) + evaluation_periods = 2 + id = (known after apply) + metric_name = "CPUUtilization" + namespace = "AWS/EC2" + period = 120 + region = "us-east-1" + statistic = "Average" + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Project" = "TerraWatch" } + threshold = 80 + treat_missing_data = "missing" } # aws_cloudwatch_metric_alarm.low_cpu will be created + resource "aws_cloudwatch_metric_alarm" "low_cpu" { + actions_enabled = true + alarm_actions = (known after apply) + alarm_description = "This metric monitors ec2 cpu utilization" + alarm_name = "low-cpu-utilization" + arn = (known after apply) + comparison_operator = "LessThanThreshold" + dimensions = { + "AutoScalingGroupName" = "app-asg" } + evaluate_low_sample_count_percentiles = (known after apply) + evaluation_periods = 2 + id = (known after apply) + metric_name = "CPUUtilization" + namespace = "AWS/EC2" + period = 120 + region = "us-east-1" + statistic = "Average" + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Project" = "TerraWatch" } + threshold = 20 + treat_missing_data = "missing" } # aws_eip.main[0] will be created + resource "aws_eip" "main" { + allocation_id = (known after apply) + arn = (known after apply) + association_id = (known after apply) + carrier_ip = (known after apply) + customer_owned_ip = (known after apply) + domain = "vpc" + id = (known after apply) + instance = (known after apply) + ipam_pool_id = (known after apply) + network_border_group = (known after apply) + network_interface = (known after apply) + private_dns = (known after apply) + private_ip = (known after apply) + ptr_record = (known after apply) + public_dns = (known after apply) + public_ip = (known after apply) + public_ipv4_pool = (known after apply) + region = "us-east-1" + tags = { + "Name" = "nat-eip-az-1" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "nat-eip-az-1" + "Project" = "TerraWatch" } } # aws_eip.main[1] will be created + resource "aws_eip" "main" { + allocation_id = (known after apply) + arn = (known after apply) + association_id = (known after apply) + carrier_ip = (known after apply) + customer_owned_ip = (known after apply) + domain = "vpc" + id = (known after apply) + instance = (known after apply) + ipam_pool_id = (known after apply) + network_border_group = (known after apply) + network_interface = (known after apply) + private_dns = (known after apply) + private_ip = (known after apply) + ptr_record = (known after apply) + public_dns = (known after apply) + public_ip = (known after apply) + public_ipv4_pool = (known after apply) + region = "us-east-1" + tags = { + "Name" = "nat-eip-az-2" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "nat-eip-az-2" + "Project" = "TerraWatch" } } # aws_iam_instance_profile.ec2_profile will be created + resource "aws_iam_instance_profile" "ec2_profile" { + arn = (known after apply) + create_date = (known after apply) + id = (known after apply) + name = "ec2-app-profile-prod" + name_prefix = (known after apply) + path = "/" + role = "ec2-app-role-prod" + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Project" = "TerraWatch" } + unique_id = (known after apply) } # aws_iam_role.ec2_role will be created + resource "aws_iam_role" "ec2_role" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ec2.amazonaws.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "ec2-app-role-prod" + name_prefix = (known after apply) + path = "/" + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Project" = "TerraWatch" } + unique_id = (known after apply) + inline_policy (known after apply) } # aws_iam_role_policy_attachment.cloudwatch will be created + resource "aws_iam_role_policy_attachment" "cloudwatch" { + id = (known after apply) + policy_arn = "arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy" + role = "ec2-app-role-prod" } # aws_iam_role_policy_attachment.ssm will be created + resource "aws_iam_role_policy_attachment" "ssm" { + id = (known after apply) + policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + role = "ec2-app-role-prod" } # aws_internet_gateway.main will be created + resource "aws_internet_gateway" "main" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + region = "us-east-1" + tags = { + "Name" = "main-internet-gateway" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "main-internet-gateway" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_launch_template.app will be created + resource "aws_launch_template" "app" { + arn = (known after apply) + default_version = (known after apply) + id = (known after apply) + image_id = "ami-04680790a315cd58d" + instance_type = "t3.small" + latest_version = (known after apply) + name = (known after apply) + name_prefix = "app-launch-template-" + region = "us-east-1" + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Project" = "TerraWatch" } + user_data = "IyEvYmluL2Jhc2gKCiMgVXBkYXRlIHRoZSBwYWNrYWdlIHJlcG9zaXRvcnkKYXB0LWdldCB1cGRhdGUgLXkKCiMgSW5zdGFsbCBEb2NrZXIKYXB0LWdldCBpbnN0YWxsIC15IGRvY2tlci5pbwoKIyBTdGFydCBhbmQgZW5hYmxlIERvY2tlciBzZXJ2aWNlCnN5c3RlbWN0bCBzdGFydCBkb2NrZXIKc3lzdGVtY3RsIGVuYWJsZSBkb2NrZXIKCiMgQWRkIHVidW50dSB1c2VyIHRvIGRvY2tlciBncm91cCAob3B0aW9uYWwsIGJ1dCBnb29kIHByYWN0aWNlKQp1c2VybW9kIC1hRyBkb2NrZXIgdWJ1bnR1CgojIFB1bGwgYW5kIHJ1biB0aGUgRGphbmdvIGFwcGxpY2F0aW9uIGNvbnRhaW5lcgojIE1hcHBpbmcgSG9zdCBQb3J0IDgwIChBTEIgdHJhZmZpYykgdG8gQ29udGFpbmVyIFBvcnQgODAwMCAoRGphbmdvIGRlZmF1bHQpCmRvY2tlciBydW4gLWQgXAogIC0tbmFtZSBkamFuZ28tYXBwIFwKICAtLXJlc3RhcnQgYWx3YXlzIFwKICAtcCA4MDo4MDAwIFwKICBpdHNiYWl2YWIvZGphbmdvLWFwcA==" + vpc_security_group_ids = (known after apply) + iam_instance_profile { + arn = (known after apply) } + metadata_options { + http_endpoint = "enabled" + http_protocol_ipv6 = (known after apply) + http_put_response_hop_limit = 1 + http_tokens = "required" + instance_metadata_tags = (known after apply) } + monitoring { + enabled = true } + tag_specifications { + resource_type = "instance" + tags = { + "Name" = "app-instance" } } } # aws_lb.app_lb will be created + resource "aws_lb" "app_lb" { + arn = (known after apply) + arn_suffix = (known after apply) + client_keep_alive = 3600 + desync_mitigation_mode = "defensive" + dns_name = (known after apply) + drop_invalid_header_fields = false + enable_deletion_protection = true + enable_http2 = true + enable_tls_version_and_cipher_suite_headers = false + enable_waf_fail_open = false + enable_xff_client_port = false + enable_zonal_shift = false + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply) + id = (known after apply) + idle_timeout = 60 + internal = false + ip_address_type = (known after apply) + load_balancer_type = "application" + name = "app-load-balancer" + name_prefix = (known after apply) + preserve_host_header = false + region = "us-east-1" + secondary_ips_auto_assigned_per_subnet = (known after apply) + security_groups = (known after apply) + subnets = (known after apply) + tags = { + "Name" = "app-load-balancer" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "app-load-balancer" + "Project" = "TerraWatch" } + vpc_id = (known after apply) + xff_header_processing_mode = "append" + zone_id = (known after apply) + subnet_mapping (known after apply) } # aws_lb_listener.http will be created + resource "aws_lb_listener" "http" { + arn = (known after apply) + id = (known after apply) + load_balancer_arn = (known after apply) + port = 80 + protocol = "HTTP" + region = "us-east-1" + routing_http_request_x_amzn_mtls_clientcert_header_name = (known after apply) + routing_http_request_x_amzn_mtls_clientcert_issuer_header_name = (known after apply) + routing_http_request_x_amzn_mtls_clientcert_leaf_header_name = (known after apply) + routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = (known after apply) + routing_http_request_x_amzn_mtls_clientcert_subject_header_name = (known after apply) + routing_http_request_x_amzn_mtls_clientcert_validity_header_name = (known after apply) + routing_http_request_x_amzn_tls_cipher_suite_header_name = (known after apply) + routing_http_request_x_amzn_tls_version_header_name = (known after apply) + routing_http_response_access_control_allow_credentials_header_value = (known after apply) + routing_http_response_access_control_allow_headers_header_value = (known after apply) + routing_http_response_access_control_allow_methods_header_value = (known after apply) + routing_http_response_access_control_allow_origin_header_value = (known after apply) + routing_http_response_access_control_expose_headers_header_value = (known after apply) + routing_http_response_access_control_max_age_header_value = (known after apply) + routing_http_response_content_security_policy_header_value = (known after apply) + routing_http_response_server_enabled = (known after apply) + routing_http_response_strict_transport_security_header_value = (known after apply) + routing_http_response_x_content_type_options_header_value = (known after apply) + routing_http_response_x_frame_options_header_value = (known after apply) + ssl_policy = (known after apply) + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Project" = "TerraWatch" } + tcp_idle_timeout_seconds = (known after apply) + default_action { + order = (known after apply) + type = "forward" + forward { + target_group { + arn = (known after apply) + weight = 1 } } } + mutual_authentication (known after apply) } # aws_lb_target_group.app_tg will be created + resource "aws_lb_target_group" "app_tg" { + arn = (known after apply) + arn_suffix = (known after apply) + connection_termination = (known after apply) + deregistration_delay = "300" + id = (known after apply) + ip_address_type = (known after apply) + lambda_multi_value_headers_enabled = false + load_balancer_arns = (known after apply) + load_balancing_algorithm_type = (known after apply) + load_balancing_anomaly_mitigation = (known after apply) + load_balancing_cross_zone_enabled = (known after apply) + name = "app-target-group" + name_prefix = (known after apply) + port = 80 + preserve_client_ip = (known after apply) + protocol = "HTTP" + protocol_version = (known after apply) + proxy_protocol_v2 = false + region = "us-east-1" + slow_start = 0 + tags = { + "Name" = "app-target-group" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "app-target-group" + "Project" = "TerraWatch" } + target_type = "instance" + vpc_id = (known after apply) + health_check { + enabled = true + healthy_threshold = 2 + interval = 30 + matcher = (known after apply) + path = "/" + port = "traffic-port" + protocol = "HTTP" + timeout = 5 + unhealthy_threshold = 2 } + stickiness (known after apply) + target_failover (known after apply) + target_group_health (known after apply) + target_health_state (known after apply) } # aws_nat_gateway.main[0] will be created + resource "aws_nat_gateway" "main" { + allocation_id = (known after apply) + association_id = (known after apply) + auto_provision_zones = (known after apply) + auto_scaling_ips = (known after apply) + availability_mode = (known after apply) + connectivity_type = "public" + id = (known after apply) + network_interface_id = (known after apply) + private_ip = (known after apply) + public_ip = (known after apply) + region = "us-east-1" + regional_nat_gateway_address = (known after apply) + regional_nat_gateway_auto_mode = (known after apply) + route_table_id = (known after apply) + secondary_allocation_ids = (known after apply) + secondary_private_ip_address_count = (known after apply) + secondary_private_ip_addresses = (known after apply) + subnet_id = (known after apply) + tags = { + "Name" = "nat-gateway-az-1" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "nat-gateway-az-1" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_nat_gateway.main[1] will be created + resource "aws_nat_gateway" "main" { + allocation_id = (known after apply) + association_id = (known after apply) + auto_provision_zones = (known after apply) + auto_scaling_ips = (known after apply) + availability_mode = (known after apply) + connectivity_type = "public" + id = (known after apply) + network_interface_id = (known after apply) + private_ip = (known after apply) + public_ip = (known after apply) + region = "us-east-1" + regional_nat_gateway_address = (known after apply) + regional_nat_gateway_auto_mode = (known after apply) + route_table_id = (known after apply) + secondary_allocation_ids = (known after apply) + secondary_private_ip_address_count = (known after apply) + secondary_private_ip_addresses = (known after apply) + subnet_id = (known after apply) + tags = { + "Name" = "nat-gateway-az-2" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "nat-gateway-az-2" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_route.private[0] will be created + resource "aws_route" "private" { + destination_cidr_block = "0.0.0.0/0" + id = (known after apply) + instance_id = (known after apply) + instance_owner_id = (known after apply) + nat_gateway_id = (known after apply) + network_interface_id = (known after apply) + origin = (known after apply) + region = "us-east-1" + route_table_id = (known after apply) + state = (known after apply) } # aws_route.private[1] will be created + resource "aws_route" "private" { + destination_cidr_block = "0.0.0.0/0" + id = (known after apply) + instance_id = (known after apply) + instance_owner_id = (known after apply) + nat_gateway_id = (known after apply) + network_interface_id = (known after apply) + origin = (known after apply) + region = "us-east-1" + route_table_id = (known after apply) + state = (known after apply) } # aws_route.public will be created + resource "aws_route" "public" { + destination_cidr_block = "0.0.0.0/0" + gateway_id = (known after apply) + id = (known after apply) + instance_id = (known after apply) + instance_owner_id = (known after apply) + network_interface_id = (known after apply) + origin = (known after apply) + region = "us-east-1" + route_table_id = (known after apply) + state = (known after apply) } # aws_route_table.private[0] will be created + resource "aws_route_table" "private" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + propagating_vgws = (known after apply) + region = "us-east-1" + route = (known after apply) + tags = { + "Name" = "private-route-table-1" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "private-route-table-1" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_route_table.private[1] will be created + resource "aws_route_table" "private" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + propagating_vgws = (known after apply) + region = "us-east-1" + route = (known after apply) + tags = { + "Name" = "private-route-table-2" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "private-route-table-2" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_route_table.public will be created + resource "aws_route_table" "public" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + propagating_vgws = (known after apply) + region = "us-east-1" + route = (known after apply) + tags = { + "Name" = "public-route-table" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "public-route-table" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_route_table_association.private[0] will be created + resource "aws_route_table_association" "private" { + id = (known after apply) + region = "us-east-1" + route_table_id = (known after apply) + subnet_id = (known after apply) } # aws_route_table_association.private[1] will be created + resource "aws_route_table_association" "private" { + id = (known after apply) + region = "us-east-1" + route_table_id = (known after apply) + subnet_id = (known after apply) } # aws_route_table_association.public[0] will be created + resource "aws_route_table_association" "public" { + id = (known after apply) + region = "us-east-1" + route_table_id = (known after apply) + subnet_id = (known after apply) } # aws_route_table_association.public[1] will be created + resource "aws_route_table_association" "public" { + id = (known after apply) + region = "us-east-1" + route_table_id = (known after apply) + subnet_id = (known after apply) } # aws_s3_bucket.my_bucket will be created + resource "aws_s3_bucket" "my_bucket" { + acceleration_status = (known after apply) + acl = (known after apply) + arn = (known after apply) + bucket = (known after apply) + bucket_domain_name = (known after apply) + bucket_prefix = (known after apply) + bucket_region = (known after apply) + bucket_regional_domain_name = (known after apply) + force_destroy = false + hosted_zone_id = (known after apply) + id = (known after apply) + object_lock_enabled = (known after apply) + policy = (known after apply) + region = "us-east-1" + request_payer = (known after apply) + tags = { + "Name" = "app-bucket-prod" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "app-bucket-prod" + "Project" = "TerraWatch" } + website_domain = (known after apply) + website_endpoint = (known after apply) + cors_rule (known after apply) + grant (known after apply) + lifecycle_rule (known after apply) + logging (known after apply) + object_lock_configuration (known after apply) + replication_configuration (known after apply) + server_side_encryption_configuration (known after apply) + versioning (known after apply) + website (known after apply) } # aws_s3_bucket_acl.my_bucket will be created + resource "aws_s3_bucket_acl" "my_bucket" { + acl = "private" + bucket = (known after apply) + id = (known after apply) + region = "us-east-1" + access_control_policy (known after apply) } # aws_s3_bucket_ownership_controls.my_bucket will be created + resource "aws_s3_bucket_ownership_controls" "my_bucket" { + bucket = (known after apply) + id = (known after apply) + region = "us-east-1" + rule { + object_ownership = "BucketOwnerPreferred" } } # aws_s3_bucket_public_access_block.my_bucket will be created + resource "aws_s3_bucket_public_access_block" "my_bucket" { + block_public_acls = true + block_public_policy = true + bucket = (known after apply) + id = (known after apply) + ignore_public_acls = true + region = "us-east-1" + restrict_public_buckets = true } # aws_s3_bucket_server_side_encryption_configuration.my_bucket will be created + resource "aws_s3_bucket_server_side_encryption_configuration" "my_bucket" { + bucket = (known after apply) + id = (known after apply) + region = "us-east-1" + rule { + blocked_encryption_types = [] + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" # (1 unchanged attribute hidden) } } } # aws_s3_bucket_versioning.my_bucket will be created + resource "aws_s3_bucket_versioning" "my_bucket" { + bucket = (known after apply) + id = (known after apply) + region = "us-east-1" + versioning_configuration { + mfa_delete = (known after apply) + status = "Enabled" } } # aws_security_group.alb_sg will be created + resource "aws_security_group" "alb_sg" { + arn = (known after apply) + description = "Security group for Application Load Balancer" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Allow all outbound" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "HTTP from Internet" + from_port = 80 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 80 }, + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "HTTPS from Internet" + from_port = 443 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 443 }, ] + name = "alb-security-group" + name_prefix = (known after apply) + owner_id = (known after apply) + region = "us-east-1" + revoke_rules_on_delete = false + tags = { + "Name" = "alb-security-group" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "alb-security-group" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_security_group.app_sg will be created + resource "aws_security_group" "app_sg" { + arn = (known after apply) + description = "Security group for application instances - only allow traffic from ALB" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Allow all outbound (for updates via NAT)" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [] + description = "HTTP from ALB only" + from_port = 80 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = (known after apply) + self = false + to_port = 80 }, + { + cidr_blocks = [] + description = "HTTPS from ALB only" + from_port = 443 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = (known after apply) + self = false + to_port = 443 }, ] + name = "app-security-group" + name_prefix = (known after apply) + owner_id = (known after apply) + region = "us-east-1" + revoke_rules_on_delete = false + tags = { + "Name" = "app-security-group" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "app-security-group" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_subnet.private[0] will be created + resource "aws_subnet" "private" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "us-east-1a" + availability_zone_id = (known after apply) + cidr_block = "10.0.11.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = false + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + region = "us-east-1" + tags = { + "Name" = "private-subnet-1" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "private-subnet-1" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_subnet.private[1] will be created + resource "aws_subnet" "private" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "us-east-1b" + availability_zone_id = (known after apply) + cidr_block = "10.0.12.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = false + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + region = "us-east-1" + tags = { + "Name" = "private-subnet-2" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "private-subnet-2" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_subnet.public[0] will be created + resource "aws_subnet" "public" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "us-east-1a" + availability_zone_id = (known after apply) + cidr_block = "10.0.1.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = true + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + region = "us-east-1" + tags = { + "Name" = "public-subnet-1" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "public-subnet-1" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_subnet.public[1] will be created + resource "aws_subnet" "public" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "us-east-1b" + availability_zone_id = (known after apply) + cidr_block = "10.0.2.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = true + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + region = "us-east-1" + tags = { + "Name" = "public-subnet-2" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "public-subnet-2" + "Project" = "TerraWatch" } + vpc_id = (known after apply) } # aws_vpc.main will be created + resource "aws_vpc" "main" { + arn = (known after apply) + cidr_block = "10.0.0.0/16" + default_network_acl_id = (known after apply) + default_route_table_id = (known after apply) + default_security_group_id = (known after apply) + dhcp_options_id = (known after apply) + enable_dns_hostnames = true + enable_dns_support = true + enable_network_address_usage_metrics = (known after apply) + id = (known after apply) + instance_tenancy = "default" + ipv6_association_id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_network_border_group = (known after apply) + main_route_table_id = (known after apply) + owner_id = (known after apply) + region = "us-east-1" + tags = { + "Name" = "main-vpc" } + tags_all = { + "Environment" = "prod" + "ManagedBy" = "Terraform" + "Name" = "main-vpc" + "Project" = "TerraWatch" } } # random_id.bucket_suffix will be created + resource "random_id" "bucket_suffix" { + b64_std = (known after apply) + b64_url = (known after apply) + byte_length = 4 + dec = (known after apply) + hex = (known after apply) + id = (known after apply) } Plan: 43 to add, 0 to change, 0 to destroy. Changes to Outputs: + autoscaling_group_name = "app-asg" + load_balancer_arn = (known after apply) + load_balancer_dns = (known after apply) + nat_gateway_ips = [ + (known after apply), + (known after apply), ] + private_subnet_ids = [ + (known after apply), + (known after apply), ] + public_subnet_ids = [ + (known after apply), + (known after apply), ] + s3_bucket_arn = (known after apply) + s3_bucket_name = (known after apply) + vpc_id = (known after apply) ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. ``` </details>

View on github

Related in devtools

RSSB2Bdevtools
8.3

Plataforma que calcula automáticamente el tamaño óptimo de modelo, volumen de datos de entrenamiento y presupuesto de inferencia usando Train-to-Test scaling laws

21 hours ago
Details
ProductHuntB2Bdevtools
8.0

Plataforma que analiza y optimiza sitios web para compatibilidad con agentes de IA, incluyendo auditorías automáticas, recomendaciones de mejora y herramientas de implementación.

3 days ago
Details
HNB2Bdevtools
7.8

Una plataforma SaaS de gestión de acceso a infraestructuras cloud que permita control granular, automatización de permisos y credenciales de corta duración, con integración sencilla y sin necesidad de infraestructura propia.

6 hours ago
Details
HNB2Bdevtools
7.8

Plataforma que ayuda a empresas SaaS tradicionales a integrar y orquestar agentes de IA en sus productos existentes para mantener competitividad.

21 hours ago
Details
Open source