Untitled

mail@pastecode.io avatar
unknown
powershell
7 months ago
34 kB
1
Indexable
Never
ttdat2@ttdat2:~/Documents/TAIT-AXIOM-cloud-portal/infrastructure/axiom/dev/global$ tf plan -var-file values.tfvars -var-file ../common.tfvars
module.ec2_key_pair.tls_private_key.this[0]: Refreshing state... [id=2e83333f9b1ba70465030ee73dbe2a9eecdfb5a0]
module.bastion_host_key_pair.tls_private_key.this[0]: Refreshing state... [id=5782a053f856b2173cf9415fe2e11014e70ef3d5]
data.aws_route53_zone.this: Reading...
module.records_public_global.data.aws_route53_zone.this[0]: Reading...
module.records_public_jkc.data.aws_route53_zone.this[0]: Reading...
module.ec2_bastion.data.aws_region.default: Reading...
module.ec2_bastion.data.aws_region.default: Read complete after 0s [id=ap-southeast-2]
module.ec2_bastion.data.aws_ami.default[0]: Reading...
module.records_internal_global.data.aws_route53_zone.this[0]: Reading...
module.dev_axiom_acm["lb_internal_global"].aws_acm_certificate.this[0]: Refreshing state... [id=arn:aws:acm:ap-southeast-2:230407402264:certificate/5c3e7b9c-6a0f-4f22-8a11-f76a4da90576]
module.dev_axiom_acm["lb_public_global"].aws_acm_certificate.this[0]: Refreshing state... [id=arn:aws:acm:ap-southeast-2:230407402264:certificate/7a8d4e40-3df7-4e89-91db-121f25e1f991]
module.dev_axiom_acm["lb_public_jkc"].aws_acm_certificate.this[0]: Refreshing state... [id=arn:aws:acm:ap-southeast-2:230407402264:certificate/b82827cb-a0ed-4c03-a123-8e5b8308a0c0]
module.global_efs.aws_efs_file_system.default[0]: Refreshing state... [id=fs-04b9d0574e6238278]
module.s3_bucket.aws_s3_bucket.this[0]: Refreshing state... [id=axiom-dev-public]
module.ec2_bastion.data.aws_ami.default[0]: Read complete after 1s [id=ami-072fc55fb5b1df806]
module.ec2_key_pair.aws_key_pair.this[0]: Refreshing state... [id=axiom-dev-ec2-key]
module.bastion_host_key_pair.aws_key_pair.this[0]: Refreshing state... [id=axiom-dev-bastion-key]
module.ec2_bastion.data.aws_iam_policy_document.main: Reading...
module.ec2_bastion.data.aws_iam_policy_document.main: Read complete after 0s [id=1360668109]
module.ec2_bastion.data.aws_iam_policy_document.default: Reading...
module.ec2_bastion.data.aws_iam_policy_document.default: Read complete after 0s [id=2851119427]
module.global_vpc.aws_eip.nat[0]: Refreshing state... [id=eipalloc-048fae70b4f0bdeb0]
module.global_vpc.aws_eip.nat[1]: Refreshing state... [id=eipalloc-0892d8437d28a88ac]
module.s3_bucket.data.aws_canonical_user_id.this: Reading...
module.global_vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-0da6435ce397fe909]
data.aws_ami.amazon_ubuntu: Reading...
module.ec2_bastion.aws_iam_role.default[0]: Refreshing state... [id=axiom-dev-bastion-host]
module.global_efs.aws_efs_backup_policy.policy[0]: Refreshing state... [id=fs-04b9d0574e6238278]
data.aws_ami.amazon_ubuntu: Read complete after 0s [id=ami-0df609f69029c9bdb]
local_sensitive_file.pem_file: Refreshing state... [id=dff1fe88f658793307308d0b48d0f45bda25662e]
local_sensitive_file.bastion_pem_file: Refreshing state... [id=af19b97a5ceec1982719b7bd17555e129f90207b]
module.s3_bucket.data.aws_canonical_user_id.this: Read complete after 0s [id=5943380a7920940a6fa6bad40a31e017e073be3e5355146c2791e4ce8843e700]
module.records_public_global.data.aws_route53_zone.this[0]: Read complete after 2s [id=Z055671432S0S634NTHU1]
module.records_public_jkc.data.aws_route53_zone.this[0]: Read complete after 2s [id=Z055671432S0S634NTHU1]
data.aws_route53_zone.this: Read complete after 2s [id=Z055671432S0S634NTHU1]
module.dev_axiom_acm["lb_public_global"].aws_route53_record.validation[0]: Refreshing state... [id=Z055671432S0S634NTHU1__7b894980b189b2f0a573631922dcab27.dev.taitaxiom.net._CNAME]
module.dev_axiom_acm["lb_internal_global"].aws_route53_record.validation[0]: Refreshing state... [id=Z055671432S0S634NTHU1__adb4107579084b1a859509d305d3a777.dev.internal.taitaxiom.net._CNAME]
module.dev_axiom_acm["lb_public_jkc"].aws_route53_record.validation[0]: Refreshing state... [id=Z055671432S0S634NTHU1__324f9dff18c56b66958527ff4e973533.jkc.dev.taitaxiom.net._CNAME]
module.records_internal_global.data.aws_route53_zone.this[0]: Read complete after 2s [id=Z055671432S0S634NTHU1]
module.global_vpc.aws_subnet.database[1]: Refreshing state... [id=subnet-08bbcaddbf58bb2ff]
module.global_vpc.aws_subnet.database[0]: Refreshing state... [id=subnet-0d472a954684195f2]
module.global_vpc.aws_route_table.private[1]: Refreshing state... [id=rtb-0215738c8f4467a00]
module.global_vpc.aws_route_table.private[0]: Refreshing state... [id=rtb-0bf699127ba5aa004]
module.global_vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-047cce54d2152b804]
module.global_vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-01e839005748d824b]
module.global_vpc.aws_subnet.private[1]: Refreshing state... [id=subnet-0cbef3f74b7d3b957]
module.global_vpc.aws_subnet.private[0]: Refreshing state... [id=subnet-0dd17b5c7989cac8d]
module.global_vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-0a7b40ee5bd896fd6]
module.global_vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-0e526ebceabbd55dc]
module.global_instance_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-00dc2c158c2417082]
module.bastion_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0be8a41878c5c0bea]
module.global_alb_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-06a69778b5c6c78fe]
module.vpc_peer_global_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0b6c1bea36a33ed61]
module.global_internal_alb_sg.aws_security_group.this_name_prefix[0]: Refreshing state... [id=sg-0fc9ab55e70da3fea]
module.dev_axiom_acm["lb_public_jkc"].aws_acm_certificate_validation.this[0]: Refreshing state... [id=2023-09-14 08:49:36.345 +0000 UTC]
module.dev_axiom_acm["lb_public_global"].aws_acm_certificate_validation.this[0]: Refreshing state... [id=2023-04-18 09:20:02.494 +0000 UTC]
module.dev_axiom_acm["lb_internal_global"].aws_acm_certificate_validation.this[0]: Refreshing state... [id=2023-04-18 09:19:58.208 +0000 UTC]
module.global_vpc.aws_db_subnet_group.database[0]: Refreshing state... [id=axiom-dev-global-vpc]
module.global_vpc.aws_route_table_association.database[1]: Refreshing state... [id=rtbassoc-05d4554c58e67ab89]
module.global_vpc.aws_route_table_association.database[0]: Refreshing state... [id=rtbassoc-0b2045663a68e4b90]
module.global_vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-01e839005748d824b1080289494]
module.global_vpc.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-0502363a53e3f4133]
module.global_vpc.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-0247b677e6f9e2d53]
module.global_vpc.aws_nat_gateway.this[1]: Refreshing state... [id=nat-0a4d123b0e95643c4]
module.global_vpc.aws_nat_gateway.this[0]: Refreshing state... [id=nat-04905d4dd70f55897]
module.global_vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-003924971890b4784]
module.global_vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-083998ffa1625060b]
module.ec2_bastion.aws_iam_instance_profile.default[0]: Refreshing state... [id=axiom-dev-bastion-host]
module.ec2_bastion.aws_iam_role_policy.main[0]: Refreshing state... [id=axiom-dev-bastion-host:axiom-dev-bastion-host]
module.global_instance_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-3155990802]
module.global_instance_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1627724821]
module.global_instance_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-2017164023]
module.s3_bucket.aws_s3_bucket_cors_configuration.this[0]: Refreshing state... [id=axiom-dev-public]
module.s3_bucket.data.aws_iam_policy_document.require_latest_tls[0]: Reading...
module.s3_bucket.data.aws_iam_policy_document.require_latest_tls[0]: Read complete after 0s [id=1020211636]
module.s3_bucket.aws_s3_bucket_versioning.this[0]: Refreshing state... [id=axiom-dev-public]
module.s3_bucket.data.aws_iam_policy_document.deny_insecure_transport[0]: Reading...
module.s3_bucket.data.aws_iam_policy_document.deny_insecure_transport[0]: Read complete after 0s [id=139497408]
module.s3_bucket.time_sleep.wait_5_seconds: Refreshing state... [id=2023-05-10T09:31:33Z]
module.bastion_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-4222147668]
module.bastion_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-397094554]
module.bastion_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-4284525822]
module.global_alb_sg.aws_security_group_rule.ingress_rules[1]: Refreshing state... [id=sgrule-236079876]
module.global_alb_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-1307854855]
module.global_alb_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-2812078898]
module.global_alb_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1283934780]
module.vpc_peer_global_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-176287787]
module.vpc_peer_global_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-1390332429]
module.vpc_peer_global_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-2510975806]
module.global_internal_alb_sg.aws_security_group_rule.egress_rules[0]: Refreshing state... [id=sgrule-1101408001]
module.global_internal_alb_sg.aws_security_group_rule.ingress_rules[0]: Refreshing state... [id=sgrule-2559529377]
module.global_internal_alb_sg.aws_security_group_rule.ingress_rules[1]: Refreshing state... [id=sgrule-223549111]
module.global_internal_alb_sg.aws_security_group_rule.ingress_with_self[0]: Refreshing state... [id=sgrule-1933407901]
module.public_global_alb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:loadbalancer/app/axiom-dev-public-global-alb/865d3c3f0f613da3]
module.public_jkc_alb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:loadbalancer/app/axiom-dev-public-jkc-alb/d889359f6017c8bd]
module.global_vpc.aws_route.private_nat_gateway[0]: Refreshing state... [id=r-rtb-0bf699127ba5aa0041080289494]
module.global_vpc.aws_route.private_nat_gateway[1]: Refreshing state... [id=r-rtb-0215738c8f4467a001080289494]
module.s3_bucket.data.aws_iam_policy_document.combined[0]: Reading...
module.s3_bucket.data.aws_iam_policy_document.combined[0]: Read complete after 0s [id=926642990]
module.internal_global_alb.aws_lb.this[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:loadbalancer/app/axiom-dev-internal-global-alb/bce0b29a945ac6a5]
module.global_instance_sg.aws_security_group_rule.ingress_with_source_security_group_id[1]: Refreshing state... [id=sgrule-3363319852]
module.global_instance_sg.aws_security_group_rule.ingress_with_source_security_group_id[0]: Refreshing state... [id=sgrule-4115184472]
module.s3_bucket.aws_s3_bucket_acl.this[0]: Refreshing state... [id=axiom-dev-public,public-read]
module.global_instances["one"].aws_instance.this[0]: Refreshing state... [id=i-04fb0eb7144c3897e]
module.s3_bucket.aws_s3_bucket_policy.this[0]: Refreshing state... [id=axiom-dev-public]
module.ec2_bastion.aws_instance.default[0]: Refreshing state... [id=i-0e6d7a6d17e0427b6]
module.global_efs.module.security_group.aws_security_group.default[0]: Refreshing state... [id=sg-03c7ee256dcf0e065]
module.s3_bucket.aws_s3_bucket_public_access_block.this[0]: Refreshing state... [id=axiom-dev-public]
module.s3_bucket.aws_s3_bucket_ownership_controls.this[0]: Refreshing state... [id=axiom-dev-public]
module.global_efs.module.security_group.aws_security_group_rule.keyed["_list_[0]"]: Refreshing state... [id=sgrule-2724511909]
module.global_efs.module.security_group.aws_security_group_rule.keyed["_allow_all_egress_"]: Refreshing state... [id=sgrule-2837459592]
module.global_efs.aws_efs_mount_target.default[0]: Refreshing state... [id=fsmt-03927a7300b8e5302]
module.records_public_global.aws_route53_record.this["dev CNAME"]: Refreshing state... [id=Z055671432S0S634NTHU1_dev.taitaxiom.net_CNAME]
module.records_public_jkc.aws_route53_record.this["jkc.dev CNAME"]: Refreshing state... [id=Z055671432S0S634NTHU1_jkc.dev.taitaxiom.net_CNAME]
module.records_internal_global.aws_route53_record.this["dev.internal CNAME"]: Refreshing state... [id=Z055671432S0S634NTHU1_dev.internal.taitaxiom.net_CNAME]
module.internal_global_alb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:targetgroup/gi12023041809220502280000000a/20ab8ea31e001193]
module.public_global_alb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:targetgroup/gp12023041809220510050000000b/e5fda6568f96092c]
module.public_jkc_alb.aws_lb_target_group.main[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:targetgroup/gp120230914085119790000000002/fa76eead16259a21]
module.ec2_bastion.aws_eip.default[0]: Refreshing state... [id=eipalloc-061be3f76c1951df6]
module.internal_global_alb.aws_lb_target_group_attachment.this["0.global_ec2_one"]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:targetgroup/gi12023041809220502280000000a/20ab8ea31e001193-2023041809220635700000000c]
module.internal_global_alb.aws_lb_listener.frontend_https[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:listener/app/axiom-dev-internal-global-alb/bce0b29a945ac6a5/8942fa9a1df16f73]
module.internal_global_alb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:listener/app/axiom-dev-internal-global-alb/bce0b29a945ac6a5/67d72b3af97231a5]
module.public_jkc_alb.aws_lb_target_group_attachment.this["0.global_ec2_one"]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:targetgroup/gp120230914085119790000000002/fa76eead16259a21-20230914085123085600000003]
module.public_jkc_alb.aws_lb_listener.frontend_https[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:listener/app/axiom-dev-public-jkc-alb/d889359f6017c8bd/b95bdc628e014f62]
module.public_jkc_alb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:listener/app/axiom-dev-public-jkc-alb/d889359f6017c8bd/146f0868bcc41f68]
module.public_global_alb.aws_lb_listener.frontend_https[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:listener/app/axiom-dev-public-global-alb/865d3c3f0f613da3/e074ce8e88f8fbc1]
module.public_global_alb.aws_lb_target_group_attachment.this["0.global_ec2_one"]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:targetgroup/gp12023041809220510050000000b/e5fda6568f96092c-2023041809220637300000000d]
module.public_global_alb.aws_lb_listener.frontend_http_tcp[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:listener/app/axiom-dev-public-global-alb/865d3c3f0f613da3/5359269e63f5845d]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:

  # module.bastion_sg.aws_security_group.this_name_prefix[0] has changed
  ~ resource "aws_security_group" "this_name_prefix" {
        id                     = "sg-0be8a41878c5c0bea"
      ~ ingress                = [
          - {
              - cidr_blocks      = [
                  - "103.108.136.130/32",
                  - "202.37.96.0/23",
                  - "114.23.100.143/32",
                ]
              - description      = "SSH"
              - from_port        = 22
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 22
            },
          + {
              + cidr_blocks      = [
                  + "202.37.96.0/23",
                  + "103.199.5.237/32",
                ]
              + description      = "SSH"
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
          - {
              - cidr_blocks      = [
                  - "3.104.121.85/32",
                ]
              - description      = "SSH"
              - from_port        = 22
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = []
              - self             = false
              - to_port          = 22
            },
            # (1 unchanged element hidden)
        ]
        name                   = "axiom-dev-bastion-sg-20230512101549435800000001"
        tags                   = {
            "BillOwner"   = "axiom"
            "Environment" = "dev"
            "Name"        = "axiom-dev-bastion-sg"
            "ProjectName" = "axiom"
        }
        # (8 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.dev_axiom_acm["lb_public_jkc"].aws_acm_certificate.this[0] has changed
  ~ resource "aws_acm_certificate" "this" {
        id                        = "arn:aws:acm:ap-southeast-2:230407402264:certificate/b82827cb-a0ed-4c03-a123-8e5b8308a0c0"
      + not_after                 = "2024-10-12T23:59:59Z"
      + not_before                = "2023-09-14T00:00:00Z"
      ~ renewal_eligibility       = "INELIGIBLE" -> "ELIGIBLE"
      ~ status                    = "PENDING_VALIDATION" -> "ISSUED"
      + tags                      = {}
        # (11 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.ec2_bastion.aws_instance.default[0] has changed
  ~ resource "aws_instance" "default" {
        id                                   = "i-0e6d7a6d17e0427b6"
        tags                                 = {
            "Name" = "axiom-dev-bastion-host"
        }
        # (34 unchanged attributes hidden)

      ~ metadata_options {
          + http_protocol_ipv6          = "disabled"
            # (4 unchanged attributes hidden)
        }

        # (7 unchanged blocks hidden)
    }

  # module.global_efs.aws_efs_file_system.default[0] has changed
  ~ resource "aws_efs_file_system" "default" {
        id                              = "fs-04b9d0574e6238278"
      + name                            = "axiom-dev-global-efs"
      ~ size_in_bytes                   = [
          ~ {
              ~ value             = 651163648 -> 742772736
              ~ value_in_ia       = 434438144 -> 506097664
              ~ value_in_standard = 216725504 -> 236675072
            },
        ]
        tags                            = {
            "BillOwner"   = "axiom"
            "Environment" = "dev"
            "Name"        = "axiom-dev-global-efs"
            "ProjectName" = "axiom"
        }
        # (11 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.global_vpc.aws_nat_gateway.this[0] has changed
  ~ resource "aws_nat_gateway" "this" {
        id                                 = "nat-04905d4dd70f55897"
      + secondary_allocation_ids           = []
      + secondary_private_ip_address_count = 0
      + secondary_private_ip_addresses     = []
        tags                               = {
            "BillOwner"   = "axiom"
            "Environment" = "dev"
            "Name"        = "axiom-dev-global-vpc-ap-southeast-2a"
            "ProjectName" = "axiom"
        }
        # (8 unchanged attributes hidden)
    }

  # module.global_vpc.aws_nat_gateway.this[1] has changed
  ~ resource "aws_nat_gateway" "this" {
        id                                 = "nat-0a4d123b0e95643c4"
      + secondary_allocation_ids           = []
      + secondary_private_ip_address_count = 0
      + secondary_private_ip_addresses     = []
        tags                               = {
            "BillOwner"   = "axiom"
            "Environment" = "dev"
            "Name"        = "axiom-dev-global-vpc-ap-southeast-2b"
            "ProjectName" = "axiom"
        }
        # (8 unchanged attributes hidden)
    }

  # module.public_jkc_alb.aws_lb_listener.frontend_http_tcp[0] has changed
  ~ resource "aws_lb_listener" "frontend_http_tcp" {
        id                = "arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:listener/app/axiom-dev-public-jkc-alb/d889359f6017c8bd/146f0868bcc41f68"
      + tags              = {}
        # (5 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.public_jkc_alb.aws_lb_listener.frontend_https[0] has changed
  ~ resource "aws_lb_listener" "frontend_https" {
        id                = "arn:aws:elasticloadbalancing:ap-southeast-2:230407402264:listener/app/axiom-dev-public-jkc-alb/d889359f6017c8bd/b95bdc628e014f62"
      + tags              = {}
        # (7 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # local_sensitive_file.bastion_pem_file will be created
  + resource "local_sensitive_file" "bastion_pem_file" {
      + content              = (sensitive value)
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "700"
      + file_permission      = "600"
      + filename             = "./bastion.pem"
      + id                   = (known after apply)
    }

  # local_sensitive_file.pem_file will be created
  + resource "local_sensitive_file" "pem_file" {
      + content              = (sensitive value)
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "700"
      + file_permission      = "600"
      + filename             = "./ec2.pem"
      + id                   = (known after apply)
    }

  # module.bastion_sg.aws_security_group_rule.ingress_rules[0] must be replaced
-/+ resource "aws_security_group_rule" "ingress_rules" {
      ~ cidr_blocks              = [ # forces replacement
            # (1 unchanged element hidden)
            "103.199.5.237/32",
          + "3.104.121.85/32",
        ]
      ~ id                       = "sgrule-4284525822" -> (known after apply)
      + security_group_rule_id   = (known after apply)
      + source_security_group_id = (known after apply)
        # (9 unchanged attributes hidden)
    }

  # module.ec2_bastion.aws_eip.default[0] will be updated in-place
  ~ resource "aws_eip" "default" {
        id                   = "eipalloc-061be3f76c1951df6"
      ~ instance             = "i-0e6d7a6d17e0427b6" -> (known after apply)
        tags                 = {
            "Name" = "axiom-dev-bastion-host"
        }
        # (12 unchanged attributes hidden)
    }

  # module.ec2_bastion.aws_instance.default[0] must be replaced
-/+ resource "aws_instance" "default" {
      ~ ami                                  = "ami-0fa557cdf74e148d5" -> "ami-072fc55fb5b1df806" # forces replacement
      ~ arn                                  = "arn:aws:ec2:ap-southeast-2:230407402264:instance/i-0e6d7a6d17e0427b6" -> (known after apply)
      ~ availability_zone                    = "ap-southeast-2a" -> (known after apply)
      ~ cpu_core_count                       = 1 -> (known after apply)
      ~ cpu_threads_per_core                 = 1 -> (known after apply)
      ~ disable_api_stop                     = false -> (known after apply)
      ~ ebs_optimized                        = false -> (known after apply)
      - hibernation                          = false -> null
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      ~ id                                   = "i-0e6d7a6d17e0427b6" -> (known after apply)
      ~ instance_initiated_shutdown_behavior = "stop" -> (known after apply)
      + instance_lifecycle                   = (known after apply)
      ~ instance_state                       = "running" -> (known after apply)
      ~ ipv6_address_count                   = 0 -> (known after apply)
      ~ ipv6_addresses                       = [] -> (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      ~ placement_partition_number           = 0 -> (known after apply)
      ~ primary_network_interface_id         = "eni-061620af038cf6e02" -> (known after apply)
      ~ private_dns                          = "ip-10-98-0-129.ap-southeast-2.compute.internal" -> (known after apply)
      ~ private_ip                           = "10.98.0.129" -> (known after apply)
      ~ public_dns                           = "ec2-52-62-172-216.ap-southeast-2.compute.amazonaws.com" -> (known after apply)
      ~ public_ip                            = "52.62.172.216" -> (known after apply)
      ~ secondary_private_ips                = [] -> (known after apply)
      ~ security_groups                      = [] -> (known after apply)
      + spot_instance_request_id             = (known after apply)
        tags                                 = {
            "Name" = "axiom-dev-bastion-host"
        }
      ~ tenancy                              = "default" -> (known after apply)
      + user_data_base64                     = (known after apply)
        # (13 unchanged attributes hidden)

      ~ capacity_reservation_specification {
          ~ capacity_reservation_preference = "open" -> (known after apply)

          + capacity_reservation_target {
              + capacity_reservation_id                 = (known after apply)
              + capacity_reservation_resource_group_arn = (known after apply)
            }
        }

      ~ cpu_options {
          + amd_sev_snp      = (known after apply)
          ~ core_count       = 1 -> (known after apply)
          ~ threads_per_core = 1 -> (known after apply)
        }

      - credit_specification {
          - cpu_credits = "standard" -> null
        }

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + tags                  = (known after apply)
          + throughput            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      ~ enclave_options {
          ~ enabled = false -> (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      + instance_market_options {
          + market_type = (known after apply)

          + spot_options {
              + instance_interruption_behavior = (known after apply)
              + max_price                      = (known after apply)
              + spot_instance_type             = (known after apply)
              + valid_until                    = (known after apply)
            }
        }

      ~ maintenance_options {
          ~ auto_recovery = "default" -> (known after apply)
        }

      ~ metadata_options {
          ~ instance_metadata_tags      = "disabled" -> (known after apply)
            # (4 unchanged attributes hidden)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_card_index    = (known after apply)
          + network_interface_id  = (known after apply)
        }

      ~ private_dns_name_options {
          ~ enable_resource_name_dns_a_record    = false -> (known after apply)
          ~ enable_resource_name_dns_aaaa_record = false -> (known after apply)
          ~ hostname_type                        = "ip-name" -> (known after apply)
        }

      ~ root_block_device {
          ~ device_name           = "/dev/xvda" -> (known after apply)
          ~ iops                  = 0 -> (known after apply)
          ~ kms_key_id            = "arn:aws:kms:ap-southeast-2:230407402264:key/54a320af-91ac-4543-97ac-58bff64f5403" -> (known after apply)
          - tags                  = {} -> null
          ~ throughput            = 0 -> (known after apply)
          ~ volume_id             = "vol-06ef619d303765455" -> (known after apply)
          ~ volume_type           = "standard" -> (known after apply)
            # (3 unchanged attributes hidden)
        }
    }

Plan: 4 to add, 1 to change, 2 to destroy.

Changes to Outputs:
  ~ acm         = {
      ~ lb_public_jkc      = {
          ~ acm_certificate_status                    = "PENDING_VALIDATION" -> "ISSUED"
            # (6 unchanged elements hidden)
        }
        # (2 unchanged elements hidden)
    }
  ~ ec2_bastion = {
      ~ arn                 = "arn:aws:ec2:ap-southeast-2:230407402264:instance/i-0e6d7a6d17e0427b6" -> (known after apply)
      ~ id                  = "i-0e6d7a6d17e0427b6" -> (known after apply)
      ~ instance_id         = "i-0e6d7a6d17e0427b6" -> (known after apply)
        name                = "axiom-dev-bastion-host"
      ~ private_dns         = "ip-10-98-0-129.ap-southeast-2.compute.internal" -> (known after apply)
      ~ private_ip          = "10.98.0.129" -> (known after apply)
        # (9 unchanged elements hidden)
    }
╷
│ Warning: Value for undeclared variable
│ 
│ The root module does not declare a variable named "global_alb_internal_sg_desc" but a value was found in file "values.tfvars". If you meant to use this value, add a "variable" block to the configuration.
│ 
│ To silence these warnings, use TF_VAR_... environment variables to provide certain "global" settings to all configurations in your organization. To reduce the verbosity of these warnings, use the -compact-warnings option.
╵
╷
│ Warning: Value for undeclared variable
│ 
│ The root module does not declare a variable named "regional_image_name" but a value was found in file "../common.tfvars". If you meant to use this value, add a "variable" block to the configuration.
│ 
│ To silence these warnings, use TF_VAR_... environment variables to provide certain "global" settings to all configurations in your organization. To reduce the verbosity of these warnings, use the -compact-warnings option.
╵
╷
│ Warning: Values for undeclared variables
│ 
│ In addition to the other similar warnings shown, 4 other variable(s) defined without being declared.
╵
╷
│ Warning: Argument is deprecated
│ 
│   with module.ec2_bastion.aws_eip.default,
│   on .terraform/modules/ec2_bastion/main.tf line 98, in resource "aws_eip" "default":
│   98:   vpc      = true
│ 
│ use domain attribute instead
│ 
│ (and 4 more similar warnings elsewhere)
╵

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.