fix: NW-4074 changed CA from "rds-ca-2019" to "rds-ca-rsa2048-g1" #562
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Changed CA from "rds-ca-2019" to "rds-ca-rsa2048-g1"
Motivation and Context
It creates inconsistence in the deployment of new RDS and breaks the jenkins pipeline of infrastructure
NW-4074
Breaking Changes
How Has This Been Tested?
examples/*
to demonstrate and validate my change(s)examples/*
projects#tested manually with terragrunt
➜ test git:(main) ✗ terragrunt plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.terraform_remote_state.base_infrastructure: Refreshing state...
data.aws_ssm_parameter.db_password: Refreshing state...
module.rds_db.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Refreshing state...
module.rds_db.module.db_parameter_group.aws_db_parameter_group.this_no_prefix[0]: Refreshing state... [id=squirrel-db-test]
data.aws_security_group.default[0]: Refreshing state...
data.aws_security_group.default[1]: Refreshing state...
module.rds_db.module.db_subnet_group.aws_db_subnet_group.this_no_prefix[0]: Refreshing state... [id=squirrel-db-test]
aws_security_group.this[0]: Refreshing state... [id=sg-05025d0e0d5432ad3]
module.rds_db.module.db_instance.aws_db_instance.this[0]: Refreshing state... [id=squirrel-db-test]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
module.rds_db.module.db_instance.aws_db_instance.this[0] is tainted, so must be replaced
-/+ resource "aws_db_instance" "this" {
~ address = "squirrel-db-test.cojrrbnlokhb.eu-central-1.rds.amazonaws.com" -> (known after apply)
allocated_storage = 50
allow_major_version_upgrade = false
apply_immediately = true
~ arn = "arn:aws:rds:eu-central-1:256612512925:db:squirrel-db-test" -> (known after apply)
auto_minor_version_upgrade = false
~ availability_zone = "eu-central-1c" -> (known after apply)
backup_retention_period = 7
backup_window = "02:00-02:30"
ca_cert_identifier = "rds-ca-rsa2048-g1"
+ character_set_name = (known after apply)
copy_tags_to_snapshot = false
db_subnet_group_name = "squirrel-db-test"
delete_automated_backups = true
deletion_protection = true
enabled_cloudwatch_logs_exports = [
"postgresql",
"upgrade",
]
~ endpoint = "squirrel-db-test.cojrrbnlokhb.eu-central-1.rds.amazonaws.com:5432" -> (known after apply)
engine = "postgres"
engine_version = "15.6"
~ hosted_zone_id = "Z1RLNUO7B9Q6NB" -> (known after apply)
iam_database_authentication_enabled = false
~ id = "squirrel-db-test" -> (known after apply)
identifier = "squirrel-db-test"
+ identifier_prefix = (known after apply)
instance_class = "db.t3.small"
~ iops = 3000 -> 0
+ kms_key_id = (known after apply)
~ license_model = "postgresql-license" -> (known after apply)
maintenance_window = "sat:02:30-sat:03:00"
max_allocated_storage = 0
monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
multi_az = false
+ name = (known after apply)
~ option_group_name = "default:postgres-15" -> (known after apply)
parameter_group_name = "squirrel-db-test"
password = (sensitive value)
performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
~ performance_insights_retention_period = 0 -> (known after apply)
port = 5432
publicly_accessible = false
~ replicas = [] -> (known after apply)
~ resource_id = "db-FH563T6VEHOV53F5JQEANL5VRA" -> (known after apply)
- security_group_names = [] -> null
skip_final_snapshot = true
~ status = "available" -> (known after apply)
storage_encrypted = false
storage_type = "gp3"
tags = {
"Application" = "squirrel"
"Environment" = "test"
"KubernetesCluster" = "eks-t0003"
"Name" = "squirrel-db-test"
"Owner" = "crossdomain"
"Resource" = "db"
"Service" = "squirrel"
"Team" = "backend"
}
+ timezone = (known after apply)
username = "postgres"
vpc_security_group_ids = [
"sg-05025d0e0d5432ad3",
]
Plan: 1 to add, 0 to change, 1 to destroy.
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
Releasing state lock. This may take a few moments...
pre-commit run -a
on my pull request