Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Actions test/comment on pr #3

Open
wants to merge 24 commits into
base: main
Choose a base branch
from
Open

Actions test/comment on pr #3

wants to merge 24 commits into from

Conversation

gabebatista
Copy link
Owner

Issue number:

Summary

Changes

Please provide a summary of what's being changed

User experience

Please share what the user experience looks like before and after this change

Checklist

If your change doesn't seem to apply, please leave them unchecked.

  • I have performed a self-review of this change
  • Changes have been tested
  • Changes are documented
Is this a breaking change?

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created might not be successful.

@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌success

Terraform Initialization 🤖success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 

data.aws_availability_zones.available: Reading...
data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 1s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.access_logs_bucket_alb_write[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_backup_policy.policy[0] will be created
  + resource "aws_efs_backup_policy" "policy" {
      + file_system_id = (known after apply)
      + id             = (known after apply)

      + backup_policy {
          + status = "ENABLED"
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + access_logs {
          + bucket  = (known after apply)
          + enabled = true
          + prefix  = "cgd-jenkins-alb"
        }
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket.jenkins_alb_access_logs_bucket[0] will be created
  + resource "aws_s3_bucket" "jenkins_alb_access_logs_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration[0] will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "access-logs-lifecycle"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 7
            }

          + expiration {
              + days                         = 90
              + expired_object_delete_marker = (known after apply)
            }

          + transition {
              + days          = 30
              + storage_class = "STANDARD_IA"
            }
        }
    }

  # module.jenkins.aws_s3_bucket_policy.alb_access_logs_bucket_policy[0] will be created
  + resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.access_logs_bucket_public_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins_alb_access_logs_bucket_suffix[0] will be created
  + resource "random_string" "jenkins_alb_access_logs_bucket_suffix" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 71 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌success

Terraform Initialization 🤖success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 

data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 0s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.access_logs_bucket_alb_write[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_backup_policy.policy[0] will be created
  + resource "aws_efs_backup_policy" "policy" {
      + file_system_id = (known after apply)
      + id             = (known after apply)

      + backup_policy {
          + status = "ENABLED"
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + access_logs {
          + bucket  = (known after apply)
          + enabled = true
          + prefix  = "cgd-jenkins-alb"
        }
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket.jenkins_alb_access_logs_bucket[0] will be created
  + resource "aws_s3_bucket" "jenkins_alb_access_logs_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration[0] will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "access-logs-lifecycle"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 7
            }

          + expiration {
              + days                         = 90
              + expired_object_delete_marker = (known after apply)
            }

          + transition {
              + days          = 30
              + storage_class = "STANDARD_IA"
            }
        }
    }

  # module.jenkins.aws_s3_bucket_policy.alb_access_logs_bucket_policy[0] will be created
  + resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.access_logs_bucket_public_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins_alb_access_logs_bucket_suffix[0] will be created
  + resource "random_string" "jenkins_alb_access_logs_bucket_suffix" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 71 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌success

Terraform Initialization 🤖success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 

data.aws_availability_zones.available: Reading...
data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 0s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.access_logs_bucket_alb_write[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_backup_policy.policy[0] will be created
  + resource "aws_efs_backup_policy" "policy" {
      + file_system_id = (known after apply)
      + id             = (known after apply)

      + backup_policy {
          + status = "ENABLED"
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + access_logs {
          + bucket  = (known after apply)
          + enabled = true
          + prefix  = "cgd-jenkins-alb"
        }
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket.jenkins_alb_access_logs_bucket[0] will be created
  + resource "aws_s3_bucket" "jenkins_alb_access_logs_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration[0] will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "access-logs-lifecycle"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 7
            }

          + expiration {
              + days                         = 90
              + expired_object_delete_marker = (known after apply)
            }

          + transition {
              + days          = 30
              + storage_class = "STANDARD_IA"
            }
        }
    }

  # module.jenkins.aws_s3_bucket_policy.alb_access_logs_bucket_policy[0] will be created
  + resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.access_logs_bucket_public_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins_alb_access_logs_bucket_suffix[0] will be created
  + resource "random_string" "jenkins_alb_access_logs_bucket_suffix" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 71 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌success

Terraform Initialization 🤖success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 

data.aws_availability_zones.available: Reading...
data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 0s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.access_logs_bucket_alb_write[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_backup_policy.policy[0] will be created
  + resource "aws_efs_backup_policy" "policy" {
      + file_system_id = (known after apply)
      + id             = (known after apply)

      + backup_policy {
          + status = "ENABLED"
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + access_logs {
          + bucket  = (known after apply)
          + enabled = true
          + prefix  = "cgd-jenkins-alb"
        }
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket.jenkins_alb_access_logs_bucket[0] will be created
  + resource "aws_s3_bucket" "jenkins_alb_access_logs_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration[0] will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "access-logs-lifecycle"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 7
            }

          + expiration {
              + days                         = 90
              + expired_object_delete_marker = (known after apply)
            }

          + transition {
              + days          = 30
              + storage_class = "STANDARD_IA"
            }
        }
    }

  # module.jenkins.aws_s3_bucket_policy.alb_access_logs_bucket_policy[0] will be created
  + resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.access_logs_bucket_public_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins_alb_access_logs_bucket_suffix[0] will be created
  + resource "random_string" "jenkins_alb_access_logs_bucket_suffix" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 71 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌success

Terraform Initialization 🤖success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 

data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 0s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.access_logs_bucket_alb_write[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_backup_policy.policy[0] will be created
  + resource "aws_efs_backup_policy" "policy" {
      + file_system_id = (known after apply)
      + id             = (known after apply)

      + backup_policy {
          + status = "ENABLED"
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + access_logs {
          + bucket  = (known after apply)
          + enabled = true
          + prefix  = "cgd-jenkins-alb"
        }
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket.jenkins_alb_access_logs_bucket[0] will be created
  + resource "aws_s3_bucket" "jenkins_alb_access_logs_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration[0] will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "access-logs-lifecycle"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 7
            }

          + expiration {
              + days                         = 90
              + expired_object_delete_marker = (known after apply)
            }

          + transition {
              + days          = 30
              + storage_class = "STANDARD_IA"
            }
        }
    }

  # module.jenkins.aws_s3_bucket_policy.alb_access_logs_bucket_policy[0] will be created
  + resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.access_logs_bucket_public_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins_alb_access_logs_bucket_suffix[0] will be created
  + resource "random_string" "jenkins_alb_access_logs_bucket_suffix" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 71 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista gabebatista temporarily deployed to jenkins-test-deploy September 24, 2024 16:50 — with GitHub Actions Inactive
@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌success

Terraform Initialization 🤖success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 

data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 1s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.access_logs_bucket_alb_write[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_backup_policy.policy[0] will be created
  + resource "aws_efs_backup_policy" "policy" {
      + file_system_id = (known after apply)
      + id             = (known after apply)

      + backup_policy {
          + status = "ENABLED"
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + access_logs {
          + bucket  = (known after apply)
          + enabled = true
          + prefix  = "cgd-jenkins-alb"
        }
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket.jenkins_alb_access_logs_bucket[0] will be created
  + resource "aws_s3_bucket" "jenkins_alb_access_logs_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration[0] will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "access-logs-lifecycle"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 7
            }

          + expiration {
              + days                         = 90
              + expired_object_delete_marker = (known after apply)
            }

          + transition {
              + days          = 30
              + storage_class = "STANDARD_IA"
            }
        }
    }

  # module.jenkins.aws_s3_bucket_policy.alb_access_logs_bucket_policy[0] will be created
  + resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.access_logs_bucket_public_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins_alb_access_logs_bucket_suffix[0] will be created
  + resource "random_string" "jenkins_alb_access_logs_bucket_suffix" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 71 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌success

Terraform Initialization 🤖success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 

data.aws_availability_zones.available: Reading...
data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 1s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.access_logs_bucket_alb_write[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_backup_policy.policy[0] will be created
  + resource "aws_efs_backup_policy" "policy" {
      + file_system_id = (known after apply)
      + id             = (known after apply)

      + backup_policy {
          + status = "ENABLED"
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + access_logs {
          + bucket  = (known after apply)
          + enabled = true
          + prefix  = "cgd-jenkins-alb"
        }
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket.jenkins_alb_access_logs_bucket[0] will be created
  + resource "aws_s3_bucket" "jenkins_alb_access_logs_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration[0] will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "access-logs-lifecycle"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 7
            }

          + expiration {
              + days                         = 90
              + expired_object_delete_marker = (known after apply)
            }

          + transition {
              + days          = 30
              + storage_class = "STANDARD_IA"
            }
        }
    }

  # module.jenkins.aws_s3_bucket_policy.alb_access_logs_bucket_policy[0] will be created
  + resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.access_logs_bucket_public_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins_alb_access_logs_bucket_suffix[0] will be created
  + resource "random_string" "jenkins_alb_access_logs_bucket_suffix" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 71 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista gabebatista temporarily deployed to jenkins-test-deploy September 25, 2024 17:24 — with GitHub Actions Inactive
@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌success

Terraform Initialization 🤖success

Terraform Validation 🤖success

Terraform Plan 📖success

Show Plan 

data.aws_availability_zones.available: Reading...
data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 0s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.access_logs_bucket_alb_write[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "access_logs_bucket_alb_write" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3:PutObject",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]

          + principals {
              + identifiers = [
                  + (known after apply),
                ]
              + type        = "AWS"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_backup_policy.policy[0] will be created
  + resource "aws_efs_backup_policy" "policy" {
      + file_system_id = (known after apply)
      + id             = (known after apply)

      + backup_policy {
          + status = "ENABLED"
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = true
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)

      + access_logs {
          + bucket  = (known after apply)
          + enabled = true
          + prefix  = "cgd-jenkins-alb"
        }
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket.jenkins_alb_access_logs_bucket[0] will be created
  + resource "aws_s3_bucket" "jenkins_alb_access_logs_bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration[0] will be created
  + resource "aws_s3_bucket_lifecycle_configuration" "access_logs_bucket_lifecycle_configuration" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + rule {
          + id     = "access-logs-lifecycle"
          + status = "Enabled"

          + abort_incomplete_multipart_upload {
              + days_after_initiation = 7
            }

          + expiration {
              + days                         = 90
              + expired_object_delete_marker = (known after apply)
            }

          + transition {
              + days          = 30
              + storage_class = "STANDARD_IA"
            }
        }
    }

  # module.jenkins.aws_s3_bucket_policy.alb_access_logs_bucket_policy[0] will be created
  + resource "aws_s3_bucket_policy" "alb_access_logs_bucket_policy" {
      + bucket = (known after apply)
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.access_logs_bucket_public_block[0] will be created
  + resource "aws_s3_bucket_public_access_block" "access_logs_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins_alb_access_logs_bucket_suffix[0] will be created
  + resource "random_string" "jenkins_alb_access_logs_bucket_suffix" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 71 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista gabebatista temporarily deployed to jenkins-test-deploy September 25, 2024 20:19 — with GitHub Actions Inactive
@gabebatista gabebatista temporarily deployed to jenkins-test-deploy September 25, 2024 22:12 — with GitHub Actions Inactive
@gabebatista
Copy link
Owner Author

Terraform Format and Style 🖌``

Terraform Initialization 🤖success

Terraform Validation 🤖``

Terraform Plan 📖success

Show Plan 

data.aws_route53_zone.root: Reading...
data.aws_availability_zones.available: Reading...
data.aws_availability_zones.available: Read complete after 0s [id=us-east-1]
data.aws_route53_zone.root: Read complete after 1s [id=Z04645835X0POSYW4Z5D]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_acm_certificate.jenkins will be created
  + resource "aws_acm_certificate" "jenkins" {
      + arn                       = (known after apply)
      + domain_name               = "jenkins.gabeaws.people.aws.dev"
      + domain_validation_options = [
          + {
              + domain_name           = "jenkins.gabeaws.people.aws.dev"
              + resource_record_name  = (known after apply)
              + resource_record_type  = (known after apply)
              + resource_record_value = (known after apply)
            },
        ]
      + id                        = (known after apply)
      + key_algorithm             = (known after apply)
      + not_after                 = (known after apply)
      + not_before                = (known after apply)
      + pending_renewal           = (known after apply)
      + renewal_eligibility       = (known after apply)
      + renewal_summary           = (known after apply)
      + status                    = (known after apply)
      + subject_alternative_names = [
          + "jenkins.gabeaws.people.aws.dev",
        ]
      + tags                      = {
          + "Environment" = "dev"
        }
      + tags_all                  = {
          + "Environment" = "dev"
        }
      + type                      = (known after apply)
      + validation_emails         = (known after apply)
      + validation_method         = "DNS"
    }

  # aws_acm_certificate_validation.jenkins will be created
  + resource "aws_acm_certificate_validation" "jenkins" {
      + certificate_arn         = (known after apply)
      + id                      = (known after apply)
      + validation_record_fqdns = (known after apply)

      + timeouts {
          + create = "15m"
        }
    }

  # aws_default_security_group.default will be created
  + resource "aws_default_security_group" "default" {
      + arn                    = (known after apply)
      + description            = (known after apply)
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags_all               = (known after apply)
      + vpc_id                 = (known after apply)
    }

  # aws_ecs_cluster.jenkins_cluster will be created
  + resource "aws_ecs_cluster" "jenkins_cluster" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + name     = "jenkins-cluster"
      + tags_all = (known after apply)

      + setting {
          + name  = "containerInsights"
          + value = "enabled"
        }
    }

  # aws_ecs_cluster_capacity_providers.providers will be created
  + resource "aws_ecs_cluster_capacity_providers" "providers" {
      + capacity_providers = [
          + "FARGATE",
        ]
      + cluster_name       = "jenkins-cluster"
      + id                 = (known after apply)

      + default_capacity_provider_strategy {
          + base              = 1
          + capacity_provider = "FARGATE"
          + weight            = 100
        }
    }

  # aws_eip.nat_gateway_eip will be created
  + resource "aws_eip" "nat_gateway_eip" {
      + allocation_id        = (known after apply)
      + arn                  = (known after apply)
      + association_id       = (known after apply)
      + carrier_ip           = (known after apply)
      + customer_owned_ip    = (known after apply)
      + domain               = (known after apply)
      + id                   = (known after apply)
      + instance             = (known after apply)
      + network_border_group = (known after apply)
      + network_interface    = (known after apply)
      + private_dns          = (known after apply)
      + private_ip           = (known after apply)
      + ptr_record           = (known after apply)
      + public_dns           = (known after apply)
      + public_ip            = (known after apply)
      + public_ipv4_pool     = (known after apply)
      + tags                 = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + tags_all             = {
          + "Name"        = "jenkins-nat-eip"
          + "environment" = "cgd"
        }
      + vpc                  = (known after apply)
    }

  # aws_internet_gateway.igw will be created
  + resource "aws_internet_gateway" "igw" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + tags_all = {
          + "Name"        = "build-pipeline-igw"
          + "environment" = "cgd"
        }
      + vpc_id   = (known after apply)
    }

  # aws_nat_gateway.nat_gateway will be created
  + resource "aws_nat_gateway" "nat_gateway" {
      + allocation_id                      = (known after apply)
      + association_id                     = (known after apply)
      + connectivity_type                  = "public"
      + id                                 = (known after apply)
      + network_interface_id               = (known after apply)
      + private_ip                         = (known after apply)
      + public_ip                          = (known after apply)
      + secondary_private_ip_address_count = (known after apply)
      + secondary_private_ip_addresses     = (known after apply)
      + subnet_id                          = (known after apply)
      + tags                               = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
      + tags_all                           = {
          + "Name"        = "jenkins-nat"
          + "environment" = "cgd"
        }
    }

  # aws_route53_record.jenkins will be created
  + resource "aws_route53_record" "jenkins" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "jenkins.gabeaws.people.aws.dev"
      + type            = "A"
      + zone_id         = "Z04645835X0POSYW4Z5D"

      + alias {
          + evaluate_target_health = true
          + name                   = (known after apply)
          + zone_id                = (known after apply)
        }
    }

  # aws_route53_record.jenkins_cert["jenkins.gabeaws.people.aws.dev"] will be created
  + resource "aws_route53_record" "jenkins_cert" {
      + allow_overwrite = true
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = (known after apply)
      + records         = (known after apply)
      + ttl             = 60
      + type            = (known after apply)
      + zone_id         = "Z04645835X0POSYW4Z5D"
    }

  # aws_route_table.private_rt will be created
  + resource "aws_route_table" "private_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = ""
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = (known after apply)
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-private-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + tags_all         = {
          + "Name"        = "jenkins-public-rt"
          + "environment" = "cgd"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[0] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.private_rt_asso[1] will be created
  + resource "aws_route_table_association" "private_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[0] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_route_table_association.public_rt_asso[1] will be created
  + resource "aws_route_table_association" "public_rt_asso" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_subnet.private_subnets[0] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.private_subnets[1] will be created
  + resource "aws_subnet" "private_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pvt-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[0] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-1"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_subnet.public_subnets[1] will be created
  + resource "aws_subnet" "public_subnets" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + tags_all                                       = {
          + "Name"        = "pub-subnet-2"
          + "environment" = "cgd"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.jenkins_vpc will be created
  + resource "aws_vpc" "jenkins_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
      + tags_all                             = {
          + "Name"        = "jenkins-vpc"
          + "environment" = "cgd"
        }
    }

  # module.jenkins.data.aws_caller_identity.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_caller_identity" "current" {
      + account_id = (known after apply)
      + arn        = (known after apply)
      + id         = (known after apply)
      + user_id    = (known after apply)
    }

  # module.jenkins.data.aws_ecs_cluster.jenkins_cluster[0] will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_ecs_cluster" "jenkins_cluster" {
      + arn                                  = (known after apply)
      + cluster_name                         = "jenkins-cluster"
      + id                                   = (known after apply)
      + pending_tasks_count                  = (known after apply)
      + registered_container_instances_count = (known after apply)
      + running_tasks_count                  = (known after apply)
      + service_connect_defaults             = (known after apply)
      + setting                              = (known after apply)
      + status                               = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.data.aws_elb_service_account.main will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_elb_service_account" "main" {
      + arn = (known after apply)
      + id  = (known after apply)
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_fsxz_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_fsxz_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "fsx:CreateSnapshot",
              + "fsx:DeleteSnapshot",
              + "fsx:ListTagsForResource",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeSnapshots",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "fsx:DescribeVolumes",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.build_farm_s3_policy will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "build_farm_s3_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "s3-object-lambda:*",
              + "s3:*",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_fleet_plugin_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "ec2_fleet_plugin_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ec2:CreateTags",
              + "ec2:DescribeFleetInstances",
              + "ec2:DescribeFleets",
              + "ec2:DescribeInstanceStatus",
              + "ec2:DescribeInstanceTypes",
              + "ec2:DescribeInstances",
              + "ec2:DescribeRegions",
              + "ec2:DescribeSpotFleetInstances",
              + "ec2:DescribeSpotFleetRequests",
              + "ec2:ModifyFleet",
              + "ec2:ModifySpotFleetRequest",
              + "ec2:TerminateInstances",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:UpdateAutoScalingGroup",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "autoscaling:DescribeAutoScalingGroups",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
      + statement {
          + actions   = [
              + "iam:ListInstanceProfiles",
              + "iam:ListRoles",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "iam:PassRole",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ec2_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ec2_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ec2.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.ecs_tasks_trust_relationship will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_iam_policy_document" "ecs_tasks_trust_relationship" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "ecs-tasks.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.jenkins.data.aws_iam_policy_document.jenkins_default_policy[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "jenkins_default_policy" {
      + id            = (known after apply)
      + json          = (known after apply)
      + minified_json = (known after apply)

      + statement {
          + actions   = [
              + "ssmmessages:CreateControlChannel",
              + "ssmmessages:CreateDataChannel",
              + "ssmmessages:OpenControlChannel",
              + "ssmmessages:OpenDataChannel",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
          + sid       = "ECSExec"
        }
      + statement {
          + actions   = [
              + "elasticfilesystem:ClientMount",
              + "elasticfilesystem:ClientRootAccess",
              + "elasticfilesystem:ClientWrite",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
            ]
        }
      + statement {
          + actions   = [
              + "secretsmanager:BatchGetSecretValue",
              + "secretsmanager:GetRandomPassword",
              + "secretsmanager:ListSecrets",
            ]
          + effect    = "Allow"
          + resources = [
              + "*",
            ]
        }
    }

  # module.jenkins.data.aws_region.current will be read during apply
  # (depends on a resource or a module with changes pending)
 <= data "aws_region" "current" {
      + description = (known after apply)
      + endpoint    = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.jenkins.data.aws_vpc.build_farm_vpc will be read during apply
  # (config refers to values not yet known)
 <= data "aws_vpc" "build_farm_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + cidr_block_associations              = (known after apply)
      + default                              = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = (known after apply)
      + enable_dns_support                   = (known after apply)
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + state                                = (known after apply)
      + tags                                 = (known after apply)
    }

  # module.jenkins.aws_autoscaling_group.jenkins_build_farm_asg["example_builders"] will be created
  + resource "aws_autoscaling_group" "jenkins_build_farm_asg" {
      + arn                              = (known after apply)
      + availability_zones               = (known after apply)
      + default_cooldown                 = (known after apply)
      + desired_capacity                 = (known after apply)
      + force_delete                     = false
      + force_delete_warm_pool           = false
      + health_check_grace_period        = 300
      + health_check_type                = (known after apply)
      + id                               = (known after apply)
      + ignore_failed_scaling_activities = false
      + load_balancers                   = (known after apply)
      + max_size                         = 1
      + metrics_granularity              = "1Minute"
      + min_size                         = 0
      + name                             = "cgd-jenkins-example_builders-build-farm"
      + name_prefix                      = (known after apply)
      + predicted_capacity               = (known after apply)
      + protect_from_scale_in            = false
      + service_linked_role_arn          = (known after apply)
      + target_group_arns                = (known after apply)
      + vpc_zone_identifier              = (known after apply)
      + wait_for_capacity_timeout        = "10m"
      + warm_pool_size                   = (known after apply)

      + launch_template {
          + id      = (known after apply)
          + name    = (known after apply)
          + version = "$Latest"
        }

      + tag {
          + key                 = "ASG"
          + propagate_at_launch = true
          + value               = "example_builders"
        }
      + tag {
          + key                 = "Name"
          + propagate_at_launch = true
          + value               = "cgd-jenkins-example_builders-build-farm"
        }
    }

  # module.jenkins.aws_cloudwatch_log_group.jenkins_service_log_group will be created
  + resource "aws_cloudwatch_log_group" "jenkins_service_log_group" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + log_group_class   = (known after apply)
      + name              = "cgd-jenkins-log-group"
      + name_prefix       = (known after apply)
      + retention_in_days = 365
      + skip_destroy      = false
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
    }

  # module.jenkins.aws_ecs_service.jenkins_service will be created
  + resource "aws_ecs_service" "jenkins_service" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 1
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + force_new_deployment               = true
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "cgd-jenkins-service"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + load_balancer {
          + container_name   = "jenkins-container"
          + container_port   = 8080
          + target_group_arn = (known after apply)
        }

      + network_configuration {
          + assign_public_ip = false
          + security_groups  = (known after apply)
          + subnets          = (known after apply)
        }
    }

  # module.jenkins.aws_ecs_task_definition.jenkins_task_definition will be created
  + resource "aws_ecs_task_definition" "jenkins_task_definition" {
      + arn                      = (known after apply)
      + arn_without_revision     = (known after apply)
      + container_definitions    = (known after apply)
      + cpu                      = "1024"
      + execution_role_arn       = (known after apply)
      + family                   = "jenkins"
      + id                       = (known after apply)
      + memory                   = "4096"
      + network_mode             = "awsvpc"
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + revision                 = (known after apply)
      + skip_destroy             = false
      + tags                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                 = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + task_role_arn            = (known after apply)
      + track_latest             = false

      + runtime_platform {
          + cpu_architecture        = "X86_64"
          + operating_system_family = "LINUX"
        }

      + volume {
          + configure_at_launch = (known after apply)
          + name                = "jenkins_data"

          + efs_volume_configuration {
              + file_system_id          = (known after apply)
              + root_directory          = "/"
              + transit_encryption      = "ENABLED"
              + transit_encryption_port = 2999

              + authorization_config {
                  + access_point_id = (known after apply)
                  + iam             = "ENABLED"
                }
            }
        }
    }

  # module.jenkins.aws_efs_access_point.jenkins_efs_access_point will be created
  + resource "aws_efs_access_point" "jenkins_efs_access_point" {
      + arn             = (known after apply)
      + file_system_arn = (known after apply)
      + file_system_id  = (known after apply)
      + id              = (known after apply)
      + owner_id        = (known after apply)
      + tags            = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all        = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + posix_user {
          + gid = 1001
          + uid = 1001
        }

      + root_directory {
          + path = "/var/jenkins_home"

          + creation_info {
              + owner_gid   = 1001
              + owner_uid   = 1001
              + permissions = "755"
            }
        }
    }

  # module.jenkins.aws_efs_file_system.jenkins_efs_file_system will be created
  + resource "aws_efs_file_system" "jenkins_efs_file_system" {
      + arn                     = (known after apply)
      + availability_zone_id    = (known after apply)
      + availability_zone_name  = (known after apply)
      + creation_token          = "cgd-jenkins-efs-file-system"
      + dns_name                = (known after apply)
      + encrypted               = true
      + id                      = (known after apply)
      + kms_key_id              = (known after apply)
      + name                    = (known after apply)
      + number_of_mount_targets = (known after apply)
      + owner_id                = (known after apply)
      + performance_mode        = "generalPurpose"
      + size_in_bytes           = (known after apply)
      + tags                    = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + tags_all                = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-jenkins-efs-file-system"
        }
      + throughput_mode         = "bursting"

      + lifecycle_policy {
          + transition_to_ia = "AFTER_30_DAYS"
        }
      + lifecycle_policy {
          + transition_to_primary_storage_class = "AFTER_1_ACCESS"
        }
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[0] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_efs_mount_target.jenkins_efs_mount_target[1] will be created
  + resource "aws_efs_mount_target" "jenkins_efs_mount_target" {
      + availability_zone_id   = (known after apply)
      + availability_zone_name = (known after apply)
      + dns_name               = (known after apply)
      + file_system_arn        = (known after apply)
      + file_system_id         = (known after apply)
      + id                     = (known after apply)
      + ip_address             = (known after apply)
      + mount_target_dns_name  = (known after apply)
      + network_interface_id   = (known after apply)
      + owner_id               = (known after apply)
      + security_groups        = (known after apply)
      + subnet_id              = (known after apply)
    }

  # module.jenkins.aws_fsx_openzfs_file_system.jenkins_build_farm_fsxz_file_system["cache"] will be created
  + resource "aws_fsx_openzfs_file_system" "jenkins_build_farm_fsxz_file_system" {
      + arn                               = (known after apply)
      + automatic_backup_retention_days   = 7
      + copy_tags_to_backups              = true
      + copy_tags_to_volumes              = true
      + daily_automatic_backup_start_time = "06:00"
      + deployment_type                   = "MULTI_AZ_1"
      + dns_name                          = (known after apply)
      + endpoint_ip_address               = (known after apply)
      + endpoint_ip_address_range         = (known after apply)
      + id                                = (known after apply)
      + kms_key_id                        = (known after apply)
      + network_interface_ids             = (known after apply)
      + owner_id                          = (known after apply)
      + preferred_subnet_id               = (known after apply)
      + root_volume_id                    = (known after apply)
      + route_table_ids                   = (known after apply)
      + security_group_ids                = (known after apply)
      + skip_final_backup                 = true
      + storage_capacity                  = 256
      + storage_type                      = "SSD"
      + subnet_ids                        = (known after apply)
      + tags                              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + throughput_capacity               = 160
      + vpc_id                            = (known after apply)
      + weekly_maintenance_start_time     = (known after apply)

      + root_volume_configuration {
          + copy_tags_to_snapshots = true
          + data_compression_type  = "LZ4"
          + read_only              = false
          + record_size_kib        = 128

          + nfs_exports {
              + client_configurations {
                  + clients = (known after apply)
                  + options = [
                      + "async",
                      + "rw",
                      + "crossmnt",
                    ]
                }
            }
        }
    }

  # module.jenkins.aws_fsx_openzfs_volume.jenkins_build_farm_fsxz_volume["cache"] will be created
  + resource "aws_fsx_openzfs_volume" "jenkins_build_farm_fsxz_volume" {
      + arn                              = (known after apply)
      + copy_tags_to_snapshots           = true
      + data_compression_type            = "LZ4"
      + id                               = (known after apply)
      + name                             = "cgd-cache"
      + parent_volume_id                 = (known after apply)
      + read_only                        = (known after apply)
      + record_size_kib                  = 128
      + storage_capacity_quota_gib       = (known after apply)
      + storage_capacity_reservation_gib = (known after apply)
      + tags                             = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + tags_all                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
          + "Name"           = "cgd-cache"
        }
      + volume_type                      = "OPENZFS"

      + nfs_exports {
          + client_configurations {
              + clients = (known after apply)
              + options = [
                  + "async",
                  + "rw",
                  + "crossmnt",
                ]
            }
        }
    }

  # module.jenkins.aws_iam_instance_profile.build_farm_instance_profile will be created
  + resource "aws_iam_instance_profile" "build_farm_instance_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = (known after apply)
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_fsxz_policy will be created
  + resource "aws_iam_policy" "build_farm_fsxz_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to FSxZ."
      + id               = (known after apply)
      + name             = "cgd-build-farm-fsxz-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.build_farm_s3_policy will be created
  + resource "aws_iam_policy" "build_farm_s3_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting Build Farm EC2 instances access to Amazon S3."
      + id               = (known after apply)
      + name             = "cgd-build-farm-s3-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.ec2_fleet_plugin_policy[0] will be created
  + resource "aws_iam_policy" "ec2_fleet_plugin_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions required for Jenkins to use EC2 Fleet plugin."
      + id               = (known after apply)
      + name             = "cgd-ec2-fleet-plugin-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_policy.jenkins_default_policy[0] will be created
  + resource "aws_iam_policy" "jenkins_default_policy" {
      + arn              = (known after apply)
      + attachment_count = (known after apply)
      + description      = "Policy granting permissions for Jenkins."
      + id               = (known after apply)
      + name             = "cgd-jenkins-default-policy"
      + name_prefix      = (known after apply)
      + path             = "/"
      + policy           = (known after apply)
      + policy_id        = (known after apply)
      + tags_all         = (known after apply)
    }

  # module.jenkins.aws_iam_role.build_farm_role will be created
  + resource "aws_iam_role" "build_farm_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = (known after apply)
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_default_role[0] will be created
  + resource "aws_iam_role" "jenkins_default_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-default-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags                  = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role.jenkins_task_execution_role will be created
  + resource "aws_iam_role" "jenkins_task_execution_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration  = 3600
      + name                  = "cgd-jenkins-task-execution-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.jenkins.aws_iam_role_policy_attachment.ec2_fleet_plugin_policy_attachment[0] will be created
  + resource "aws_iam_role_policy_attachment" "ec2_fleet_plugin_policy_attachment" {
      + id         = (known after apply)
      + policy_arn = (known after apply)
      + role       = "cgd-jenkins-default-role"
    }

  # module.jenkins.aws_launch_template.jenkins_build_farm_launch_template["example_builders"] will be created
  + resource "aws_launch_template" "jenkins_build_farm_launch_template" {
      + arn                    = (known after apply)
      + default_version        = (known after apply)
      + description            = "example_builders build farm launch template."
      + ebs_optimized          = "true"
      + id                     = (known after apply)
      + image_id               = "ami-066784287e358dad1"
      + instance_type          = "t3.medium"
      + latest_version         = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "cgd-jenkins-example_builders-bf-"
      + tags_all               = (known after apply)
      + vpc_security_group_ids = (known after apply)

      + iam_instance_profile {
          + arn = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = "enabled"
          + http_protocol_ipv6          = (known after apply)
          + http_put_response_hop_limit = 1
          + http_tokens                 = "required"
          + instance_metadata_tags      = "enabled"
        }
    }

  # module.jenkins.aws_lb.jenkins_alb will be created
  + resource "aws_lb" "jenkins_alb" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = true
      + enable_deletion_protection                                   = false
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "cgd-jenkins-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                                                     = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)
    }

  # module.jenkins.aws_lb_listener.jenkins_alb_https_listener will be created
  + resource "aws_lb_listener" "jenkins_alb_https_listener" {
      + arn               = (known after apply)
      + certificate_arn   = (known after apply)
      + id                = (known after apply)
      + load_balancer_arn = (known after apply)
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
      + tags              = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all          = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.jenkins.aws_lb_target_group.jenkins_alb_target_group will be created
  + resource "aws_lb_target_group" "jenkins_alb_target_group" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "cgd-jenkins-tg"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all                           = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + target_type                        = "ip"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 2
          + interval            = 30
          + matcher             = "200"
          + path                = "/login"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 10
          + unhealthy_threshold = 2
        }
    }

  # module.jenkins.aws_s3_bucket.artifact_buckets["builds"] will be created
  + resource "aws_s3_bucket" "artifact_buckets" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      + arn                         = (known after apply)
      + bucket                      = (known after apply)
      + bucket_domain_name          = (known after apply)
      + bucket_prefix               = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = true
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + object_lock_enabled         = (known after apply)
      + policy                      = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + tags_all                    = {
          + "ENVIRONMENT" = "dev"
          + "Name"        = "game-builds"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
    }

  # module.jenkins.aws_s3_bucket_public_access_block.artifacts_bucket_public_block["builds"] will be created
  + resource "aws_s3_bucket_public_access_block" "artifacts_bucket_public_block" {
      + block_public_acls       = true
      + block_public_policy     = true
      + bucket                  = (known after apply)
      + id                      = (known after apply)
      + ignore_public_acls      = true
      + restrict_public_buckets = true
    }

  # module.jenkins.aws_s3_bucket_versioning.artifact_bucket_versioning["builds"] will be created
  + resource "aws_s3_bucket_versioning" "artifact_bucket_versioning" {
      + bucket = (known after apply)
      + id     = (known after apply)

      + versioning_configuration {
          + mfa_delete = (known after apply)
          + status     = "Enabled"
        }
    }

  # module.jenkins.aws_security_group.jenkins_alb_sg will be created
  + resource "aws_security_group" "jenkins_alb_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins ALB Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-ALB"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_farm_sg will be created
  + resource "aws_security_group" "jenkins_build_farm_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Farm Compute Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-farm"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_build_storage_sg will be created
  + resource "aws_security_group" "jenkins_build_storage_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Build Storage Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-build-storage-fsx"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_efs_security_group will be created
  + resource "aws_security_group" "jenkins_efs_security_group" {
      + arn                    = (known after apply)
      + description            = "Jenkins EFS mount target Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-efs"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_security_group.jenkins_service_sg will be created
  + resource "aws_security_group" "jenkins_service_sg" {
      + arn                    = (known after apply)
      + description            = "Jenkins Service Security Group"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = "cgd-jenkins-service"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + tags_all               = {
          + "ENVIRONMENT"    = "dev"
          + "IAC_MANAGEMENT" = "CGD-Toolkit"
          + "IAC_MODULE"     = "Jenkins"
          + "IAC_PROVIDER"   = "Terraform"
        }
      + vpc_id                 = (known after apply)
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_alb_outbound_service will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_alb_outbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow outbound traffic from Jenkins ALB to Jenkins service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_build_farm_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_build_farm_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins build farm to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv4 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv4" {
      + arn                    = (known after apply)
      + cidr_ipv4              = "0.0.0.0/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv4)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_egress_rule.jenkins_service_outbound_ipv6 will be created
  + resource "aws_vpc_security_group_egress_rule" "jenkins_service_outbound_ipv6" {
      + arn                    = (known after apply)
      + cidr_ipv6              = "::/0"
      + description            = "Allow outbound traffic from Jenkins service to internet (ipv6)"
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_farm_inbound_ssh_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_farm_inbound_ssh_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins service to Build Farm instance."
      + from_port                    = 22
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 22
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_build_vpc_all_traffic will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_build_vpc_all_traffic" {
      + arn                    = (known after apply)
      + cidr_ipv4              = (known after apply)
      + description            = "Allow inbound traffic from Build Farm instance to OpenZFS."
      + id                     = (known after apply)
      + ip_protocol            = "-1"
      + security_group_id      = (known after apply)
      + security_group_rule_id = (known after apply)
      + tags_all               = {}
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_efs_inbound_service will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_efs_inbound_service" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound access from Jenkins service containers to EFS."
      + from_port                    = 2049
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 2049
    }

  # module.jenkins.aws_vpc_security_group_ingress_rule.jenkins_service_inbound_alb will be created
  + resource "aws_vpc_security_group_ingress_rule" "jenkins_service_inbound_alb" {
      + arn                          = (known after apply)
      + description                  = "Allow inbound traffic from Jenkins ALB to service"
      + from_port                    = 8080
      + id                           = (known after apply)
      + ip_protocol                  = "tcp"
      + referenced_security_group_id = (known after apply)
      + security_group_id            = (known after apply)
      + security_group_rule_id       = (known after apply)
      + tags_all                     = {}
      + to_port                      = 8080
    }

  # module.jenkins.random_string.artifact_buckets will be created
  + resource "random_string" "artifact_buckets" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.build_farm will be created
  + resource "random_string" "build_farm" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.fsxz will be created
  + resource "random_string" "fsxz" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.jenkins.random_string.jenkins will be created
  + resource "random_string" "jenkins" {
      + id          = (known after apply)
      + length      = 4
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

Plan: 65 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + alb_arn = (known after apply)

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pushed by: @gabebatista, Action: pull_request

@gabebatista gabebatista temporarily deployed to jenkins-test-deploy September 25, 2024 22:31 — with GitHub Actions Inactive
@gabebatista gabebatista deployed to jenkins-test-deploy September 25, 2024 22:47 — with GitHub Actions Active
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@gabebatista