Update health check command port from 1234 to 8080

[dylanratcliffe]

No description provided.

[github-actions]

Open in Overmind ↗

---

✨docs_status|missing_docs ✨friday_deployment_wisdom|never_on_friday

🔴 Change Signals

Routine 🔴 ▅▃▂▁ Multiple ECS task definitions and RDS clusters showing first ever modifications, which is unusual compared to typical patterns.
Policies 🔴 ▃▂▁ Multiple S3 buckets and security groups are showing unusual configurations, including missing server-side encryption and required tags, and allowing SSH access from anywhere, which may need review.

View signals ↗

---

🔥 Risks

Risk of Service Disruption Due to Incorrect Port Configuration for Health Checks ‼️High Open Risk ↗
The proposed change to update the ECS service health check to port 8080 poses a risk of service disruption. The current ECS task definition and ELB target group are configured for port 1234, and there is no evidence that the application is configured to listen on port 8080. Additionally, the security group must be updated to allow traffic on port 8080. Failure to address these issues could result in failed health checks, preventing the ECS service from maintaining the desired number of healthy tasks and leading to potential downtime.

Risk of Service Disruption Due to Health Check Port Mismatch in ECS Task Definition and ELB Target Group. ‼️High Open Risk ↗
The proposed change to update the health check command port from 1234 to 8080 in the ECS task definition could lead to service disruption. The current ELB target group health check is configured on port 1234. If not updated to port 8080, the ELB may mark tasks as unhealthy, causing a failure in service availability. It is crucial to update the ELB target group health check to port 8080 to align with the ECS task definition change.

Potential Compatibility Issues Due to RDS Engine Downgrade ❗Medium Open Risk ↗
Downgrading the RDS engine version from 16.8 to 16.6 may lead to compatibility issues for applications relying on features specific to version 16.8. The ECS task definition's dependency on the RDS instance suggests a direct impact on application functionality. While no current deprecation warnings or errors are documented, the absence of such evidence does not eliminate the risk of potential issues arising post-change. It is advisable to review application database queries and functionality for compatibility with the older engine version and monitor application logs for any deprecation warnings or errors after the change.

Low Risk of Configuration Drift and Compatibility Issues Due to AMI and Port Changes Low Open Risk ↗
The proposed changes involve updating the AMI for EC2 instances and modifying the health check command port for an ECS task definition. While these changes could potentially lead to configuration drift or compatibility issues, the absence of specific evidence indicating missing software or configuration in the new AMI suggests that the risk is low. Similarly, the change in health check port should be validated in a staging environment to ensure that services are updated accordingly.

---

🟣 Expected Changes

+/- ecs-task-definition › facial-recognition-terraform-example

--- current
+++ proposed
@@ -2,17 +2,23 @@
 id: github.com/overmindtech/terraform-example.ecs-task-definition.module.scenarios[0].aws_ecs_task_definition.face
 attributes:
-  arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:7
-  arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-  container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+  arn: (known after apply)
+  arn_without_revision: (known after apply)
+  container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
   cpu: "1024"
-  enable_fault_injection: false
+  enable_fault_injection: (known after apply)
+  execution_role_arn: null
   family: facial-recognition-terraform-example
-  id: facial-recognition-terraform-example
+  id: (known after apply)
+  ipc_mode: null
   memory: "2048"
   network_mode: awsvpc
+  pid_mode: null
   requires_compatibilities:
     - FARGATE
-  revision: 7
+  revision: (known after apply)
   skip_destroy: false
+  tags: null
+  tags_all: (known after apply)
+  task_role_arn: null
   terraform_address: module.scenarios[0].aws_ecs_task_definition.face
   terraform_name: module.scenarios[0].aws_ecs_task_definition.face

+/- ec2-instance › i-04d46033c71b5bd92

--- current
+++ proposed
@@ -2,61 +2,52 @@
 id: github.com/overmindtech/terraform-example.ec2-instance.module.scenarios[0].aws_instance.app_server
 attributes:
-  ami: ami-00439b02ca7463af7
-  arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-04d46033c71b5bd92
+  ami: ami-0f802dc0fc1809acd
+  arn: (known after apply)
   associate_public_ip_address: true
-  availability_zone: eu-west-2b
-  capacity_reservation_specification:
-    - capacity_reservation_preference: open
-  cpu_core_count: 1
-  cpu_options:
-    - core_count: 1
-      threads_per_core: 2
-  cpu_threads_per_core: 2
-  credit_specification:
-    - cpu_credits: unlimited
-  disable_api_stop: false
-  disable_api_termination: false
-  ebs_optimized: false
-  enable_primary_ipv6: null
-  enclave_options:
-    - enabled: false
+  availability_zone: (known after apply)
+  capacity_reservation_specification: (known after apply)
+  cpu_core_count: (known after apply)
+  cpu_options: (known after apply)
+  cpu_threads_per_core: (known after apply)
+  disable_api_stop: (known after apply)
+  disable_api_termination: (known after apply)
+  ebs_block_device: (known after apply)
+  ebs_optimized: (known after apply)
+  enable_primary_ipv6: (known after apply)
+  enclave_options: (known after apply)
+  ephemeral_block_device: (known after apply)
   get_password_data: false
-  hibernation: false
-  host_resource_group_arn: null
-  id: i-04d46033c71b5bd92
-  instance_initiated_shutdown_behavior: stop
-  instance_state: running
+  hibernation: null
+  host_id: (known after apply)
+  host_resource_group_arn: (known after apply)
+  iam_instance_profile: (known after apply)
+  id: (known after apply)
+  instance_initiated_shutdown_behavior: (known after apply)
+  instance_lifecycle: (known after apply)
+  instance_market_options: (known after apply)
+  instance_state: (known after apply)
   instance_type: t3.small
-  ipv6_address_count: 0
+  ipv6_address_count: (known after apply)
+  ipv6_addresses: (known after apply)
   key_name: Demo Key Pair
-  maintenance_options:
-    - auto_recovery: default
-  metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-  monitoring: false
-  placement_partition_number: 0
-  primary_network_interface_id: eni-0f2d9c9bfb5a3dd29
-  private_dns: ip-10-0-10-181.eu-west-2.compute.internal
-  private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-  private_ip: 10.0.10.181
-  public_dns: ec2-18-133-196-104.eu-west-2.compute.amazonaws.com
-  public_ip: 18.133.196.104
-  root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      throughput: 0
-      volume_id: vol-0bdea47e20e19f5d7
-      volume_size: 8
-      volume_type: standard
+  maintenance_options: (known after apply)
+  metadata_options: (known after apply)
+  monitoring: (known after apply)
+  network_interface: (known after apply)
+  outpost_arn: (known after apply)
+  password_data: (known after apply)
+  placement_group: (known after apply)
+  placement_partition_number: (known after apply)
+  primary_network_interface_id: (known after apply)
+  private_dns: (known after apply)
+  private_dns_name_options: (known after apply)
+  private_ip: (known after apply)
+  public_dns: (known after apply)
+  public_ip: (known after apply)
+  root_block_device: (known after apply)
+  secondary_private_ips: (known after apply)
+  security_groups: (known after apply)
   source_dest_check: true
+  spot_instance_request_id: (known after apply)
   subnet_id: subnet-036704734045071f9
   tags:
@@ -64,10 +50,10 @@
   tags_all:
     Name: App Server
-  tenancy: default
+  tenancy: (known after apply)
   terraform_address: module.scenarios[0].aws_instance.app_server
   terraform_name: module.scenarios[0].aws_instance.app_server
   timeouts: null
-  user_data: null
-  user_data_base64: null
+  user_data: (known after apply)
+  user_data_base64: (known after apply)
   user_data_replace_on_change: false
   volume_tags: null

+/- ec2-instance › i-0b8aa9c57357e3718

--- current
+++ proposed
@@ -2,61 +2,52 @@
 id: github.com/overmindtech/terraform-example.ec2-instance.module.scenarios[0].aws_instance.webserver
 attributes:
-  ami: ami-00439b02ca7463af7
-  arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-0b8aa9c57357e3718
+  ami: ami-0f802dc0fc1809acd
+  arn: (known after apply)
   associate_public_ip_address: true
-  availability_zone: eu-west-2a
-  capacity_reservation_specification:
-    - capacity_reservation_preference: open
-  cpu_core_count: 1
-  cpu_options:
-    - core_count: 1
-      threads_per_core: 2
-  cpu_threads_per_core: 2
-  credit_specification:
-    - cpu_credits: unlimited
-  disable_api_stop: false
-  disable_api_termination: false
-  ebs_optimized: false
-  enable_primary_ipv6: null
-  enclave_options:
-    - enabled: false
+  availability_zone: (known after apply)
+  capacity_reservation_specification: (known after apply)
+  cpu_core_count: (known after apply)
+  cpu_options: (known after apply)
+  cpu_threads_per_core: (known after apply)
+  disable_api_stop: (known after apply)
+  disable_api_termination: (known after apply)
+  ebs_block_device: (known after apply)
+  ebs_optimized: (known after apply)
+  enable_primary_ipv6: (known after apply)
+  enclave_options: (known after apply)
+  ephemeral_block_device: (known after apply)
   get_password_data: false
-  hibernation: false
-  host_resource_group_arn: null
-  id: i-0b8aa9c57357e3718
-  instance_initiated_shutdown_behavior: stop
-  instance_state: running
+  hibernation: null
+  host_id: (known after apply)
+  host_resource_group_arn: (known after apply)
+  iam_instance_profile: (known after apply)
+  id: (known after apply)
+  instance_initiated_shutdown_behavior: (known after apply)
+  instance_lifecycle: (known after apply)
+  instance_market_options: (known after apply)
+  instance_state: (known after apply)
   instance_type: t3.small
-  ipv6_address_count: 0
+  ipv6_address_count: (known after apply)
+  ipv6_addresses: (known after apply)
   key_name: Demo Key Pair
-  maintenance_options:
-    - auto_recovery: default
-  metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-  monitoring: false
-  placement_partition_number: 0
-  primary_network_interface_id: eni-0feca49296a76800b
-  private_dns: ip-10-0-9-26.eu-west-2.compute.internal
-  private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-  private_ip: 10.0.9.26
-  public_dns: ec2-35-176-125-194.eu-west-2.compute.amazonaws.com
-  public_ip: 35.176.125.194
-  root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      throughput: 0
-      volume_id: vol-0f1fac7dbaaf114c5
-      volume_size: 8
-      volume_type: standard
+  maintenance_options: (known after apply)
+  metadata_options: (known after apply)
+  monitoring: (known after apply)
+  network_interface: (known after apply)
+  outpost_arn: (known after apply)
+  password_data: (known after apply)
+  placement_group: (known after apply)
+  placement_partition_number: (known after apply)
+  primary_network_interface_id: (known after apply)
+  private_dns: (known after apply)
+  private_dns_name_options: (known after apply)
+  private_ip: (known after apply)
+  public_dns: (known after apply)
+  public_ip: (known after apply)
+  root_block_device: (known after apply)
+  secondary_private_ips: (known after apply)
+  security_groups: (known after apply)
   source_dest_check: true
+  spot_instance_request_id: (known after apply)
   subnet_id: subnet-06302fc5a50644cd9
   tags:
@@ -64,10 +50,10 @@
   tags_all:
     Name: Webserver
-  tenancy: default
+  tenancy: (known after apply)
   terraform_address: module.scenarios[0].aws_instance.webserver
   terraform_name: module.scenarios[0].aws_instance.webserver
   timeouts: null
-  user_data: null
-  user_data_base64: null
+  user_data: (known after apply)
+  user_data_base64: (known after apply)
   user_data_replace_on_change: false
   volume_tags: null

~ ec2-launch-template › lt-0731f767e6be2ab94

--- current
+++ proposed
@@ -7,7 +7,7 @@
   disable_api_termination: false
   id: lt-0731f767e6be2ab94
-  image_id: ami-00439b02ca7463af7
+  image_id: ami-0f802dc0fc1809acd
   instance_type: t3.micro
-  latest_version: 19
+  latest_version: (known after apply)
   name: asg-change-launch-template-terraform-example20240827194210168200000007
   name_prefix: asg-change-launch-template-terraform-example

~ rds-db-cluster › facial-recognition-terraform-example

--- current
+++ proposed
@@ -33,5 +33,5 @@
   engine_lifecycle_support: open-source-rds-extended-support
   engine_mode: provisioned
-  engine_version: "16.8"
+  engine_version: "16.6"
   engine_version_actual: "16.8"
   final_snapshot_identifier: test

---

🟠 Unmapped Changes

~ aws_ecs_service › module.scenarios[0].aws_ecs_service.face

--- current
+++ proposed
@@ -38,5 +38,5 @@
   propagate_tags: NONE
   scheduling_strategy: REPLICA
-  task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:7
+  task_definition: (known after apply)
   terraform_address: module.scenarios[0].aws_ecs_service.face
   terraform_name: module.scenarios[0].aws_ecs_service.face

~ aws_rds_cluster_instance › module.scenarios[0].aws_rds_cluster_instance.face_database

--- current
+++ proposed
@@ -14,7 +14,7 @@
   endpoint: tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com
   engine: aurora-postgresql
-  engine_version: "16.8"
+  engine_version: "16.6"
   engine_version_actual: "16.8"
-  force_destroy: null
+  force_destroy: false
   id: tf-20240827194315707700000013
   identifier: tf-20240827194315707700000013

---

💥 Blast Radius

Items 36

Edges 52