update state

akerl · akerl · commit 982bed893644 · 2024-12-01T21:07:59.000-05:00
diff --git a/servers.tf b/servers.tf
@@ -98,6 +98,14 @@ module "heracles_validation" {
   zone_id     = module.zones["a-rwx.org"].zone_id
 }
 
+module "ledgerdb_validation" {
+  source      = "armorfret/r53-certbot/aws"
+  version     = "0.6.4"
+  admin_email = var.admin_email
+  cert_name   = "ledgerdb.servers.home.a-rwx.org"
+  zone_id     = module.zones["a-rwx.org"].zone_id
+}
+
 module "grafana_validation" {
   source      = "armorfret/r53-certbot/aws"
   version     = "0.6.4"
diff --git a/terraform.tfstate b/terraform.tfstate
@@ -1,7 +1,7 @@
 {
   "version": 4,
   "terraform_version": "1.5.7",
-  "serial": 12875,
+  "serial": 12880,
   "lineage": "6a6e3f47-d4c8-46eb-a34e-885062b7c62a",
   "outputs": {
     "domains": {
@@ -5204,6 +5204,7 @@
           "sensitive_attributes": [],
           "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==",
           "dependencies": [
+            "aws_route53_delegation_set.main",
             "data.terraform_remote_state.unifi",
             "module.zones.aws_route53_zone.this"
           ]
@@ -13153,7 +13154,7 @@
             ],
             "primary_name_server": "ns-1505.awsdns-60.org",
             "private_zone": false,
-            "resource_record_set_count": 193,
+            "resource_record_set_count": 195,
             "tags": {},
             "vpc_id": null,
             "zone_id": "Z06324102J3IVSSCKNZ4A"
@@ -13413,7 +13414,7 @@
             ],
             "primary_name_server": "ns-1505.awsdns-60.org",
             "private_zone": false,
-            "resource_record_set_count": 193,
+            "resource_record_set_count": 195,
             "tags": {},
             "vpc_id": null,
             "zone_id": "Z06324102J3IVSSCKNZ4A"
@@ -38312,7 +38313,7 @@
             "name": "certbot_heracles.servers.home.a-rwx.org",
             "path": "/",
             "permissions_boundary": "",
-            "tags": null,
+            "tags": {},
             "tags_all": {},
             "unique_id": "AIDA3D3X4QXY5553ZEJRS"
           },
@@ -38340,8 +38341,10 @@
           "sensitive_attributes": [],
           "private": "bnVsbA==",
           "dependencies": [
+            "aws_route53_delegation_set.main",
             "module.heracles_validation.aws_iam_user.this",
-            "module.heracles_validation.data.aws_iam_policy_document.certbot_validation"
+            "module.heracles_validation.data.aws_iam_policy_document.certbot_validation",
+            "module.zones.aws_route53_zone.this"
           ]
         }
       ]
@@ -38382,6 +38385,7 @@
           "sensitive_attributes": [],
           "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==",
           "dependencies": [
+            "aws_route53_delegation_set.main",
             "module.zones.aws_route53_zone.this"
           ]
         }
@@ -38607,6 +38611,201 @@
         }
       ]
     },
+    {
+      "module": "module.ledgerdb_validation",
+      "mode": "data",
+      "type": "aws_iam_policy_document",
+      "name": "certbot_validation",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "2492239216",
+            "json": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"route53:ListHostedZonesByName\",\n        \"route53:ListHostedZones\",\n        \"route53:GetChange\"\n      ],\n      \"Resource\": \"*\"\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"route53:ListResourceRecordSets\",\n        \"route53:GetHostedZone\"\n      ],\n      \"Resource\": \"arn:aws:route53:::hostedzone/Z06324102J3IVSSCKNZ4A\"\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": \"route53:ChangeResourceRecordSets\",\n      \"Resource\": \"arn:aws:route53:::hostedzone/Z06324102J3IVSSCKNZ4A\",\n      \"Condition\": {\n        \"ForAllValues:StringEquals\": {\n          \"route53:ChangeResourceRecordSetsNormalizedRecordNames\": \"_acme-challenge.ledgerdb.servers.home.a-rwx.org\"\n        }\n      }\n    }\n  ]\n}",
+            "minified_json": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"route53:ListHostedZonesByName\",\"route53:ListHostedZones\",\"route53:GetChange\"],\"Resource\":\"*\"},{\"Effect\":\"Allow\",\"Action\":[\"route53:ListResourceRecordSets\",\"route53:GetHostedZone\"],\"Resource\":\"arn:aws:route53:::hostedzone/Z06324102J3IVSSCKNZ4A\"},{\"Effect\":\"Allow\",\"Action\":\"route53:ChangeResourceRecordSets\",\"Resource\":\"arn:aws:route53:::hostedzone/Z06324102J3IVSSCKNZ4A\",\"Condition\":{\"ForAllValues:StringEquals\":{\"route53:ChangeResourceRecordSetsNormalizedRecordNames\":\"_acme-challenge.ledgerdb.servers.home.a-rwx.org\"}}}]}",
+            "override_json": null,
+            "override_policy_documents": null,
+            "policy_id": null,
+            "source_json": null,
+            "source_policy_documents": null,
+            "statement": [
+              {
+                "actions": [
+                  "route53:GetChange",
+                  "route53:ListHostedZones",
+                  "route53:ListHostedZonesByName"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [],
+                "resources": [
+                  "*"
+                ],
+                "sid": ""
+              },
+              {
+                "actions": [
+                  "route53:GetHostedZone",
+                  "route53:ListResourceRecordSets"
+                ],
+                "condition": [],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [],
+                "resources": [
+                  "arn:aws:route53:::hostedzone/Z06324102J3IVSSCKNZ4A"
+                ],
+                "sid": ""
+              },
+              {
+                "actions": [
+                  "route53:ChangeResourceRecordSets"
+                ],
+                "condition": [
+                  {
+                    "test": "ForAllValues:StringEquals",
+                    "values": [
+                      "_acme-challenge.ledgerdb.servers.home.a-rwx.org"
+                    ],
+                    "variable": "route53:ChangeResourceRecordSetsNormalizedRecordNames"
+                  }
+                ],
+                "effect": "Allow",
+                "not_actions": [],
+                "not_principals": [],
+                "not_resources": [],
+                "principals": [],
+                "resources": [
+                  "arn:aws:route53:::hostedzone/Z06324102J3IVSSCKNZ4A"
+                ],
+                "sid": ""
+              }
+            ],
+            "version": "2012-10-17"
+          },
+          "sensitive_attributes": []
+        }
+      ]
+    },
+    {
+      "module": "module.ledgerdb_validation",
+      "mode": "managed",
+      "type": "aws_iam_user",
+      "name": "this",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "arn": "arn:aws:iam::764218738161:user/certbot_ledgerdb.servers.home.a-rwx.org",
+            "force_destroy": false,
+            "id": "certbot_ledgerdb.servers.home.a-rwx.org",
+            "name": "certbot_ledgerdb.servers.home.a-rwx.org",
+            "path": "/",
+            "permissions_boundary": "",
+            "tags": null,
+            "tags_all": {},
+            "unique_id": "AIDA3D3X4QXYSR3IJT72U"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA=="
+        }
+      ]
+    },
+    {
+      "module": "module.ledgerdb_validation",
+      "mode": "managed",
+      "type": "aws_iam_user_policy",
+      "name": "this",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "id": "certbot_ledgerdb.servers.home.a-rwx.org:certbot_ledgerdb.servers.home.a-rwx.org",
+            "name": "certbot_ledgerdb.servers.home.a-rwx.org",
+            "name_prefix": "",
+            "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"route53:ListHostedZonesByName\",\"route53:ListHostedZones\",\"route53:GetChange\"],\"Effect\":\"Allow\",\"Resource\":\"*\"},{\"Action\":[\"route53:ListResourceRecordSets\",\"route53:GetHostedZone\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::hostedzone/Z06324102J3IVSSCKNZ4A\"},{\"Action\":\"route53:ChangeResourceRecordSets\",\"Condition\":{\"ForAllValues:StringEquals\":{\"route53:ChangeResourceRecordSetsNormalizedRecordNames\":\"_acme-challenge.ledgerdb.servers.home.a-rwx.org\"}},\"Effect\":\"Allow\",\"Resource\":\"arn:aws:route53:::hostedzone/Z06324102J3IVSSCKNZ4A\"}]}",
+            "user": "certbot_ledgerdb.servers.home.a-rwx.org"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.ledgerdb_validation.aws_iam_user.this",
+            "module.ledgerdb_validation.data.aws_iam_policy_document.certbot_validation"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.ledgerdb_validation",
+      "mode": "managed",
+      "type": "aws_route53_record",
+      "name": "caa",
+      "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
+      "instances": [
+        {
+          "schema_version": 2,
+          "attributes": {
+            "alias": [],
+            "allow_overwrite": null,
+            "cidr_routing_policy": [],
+            "failover_routing_policy": [],
+            "fqdn": "ledgerdb.servers.home.a-rwx.org",
+            "geolocation_routing_policy": [],
+            "geoproximity_routing_policy": [],
+            "health_check_id": "",
+            "id": "Z06324102J3IVSSCKNZ4A_ledgerdb.servers.home.a-rwx.org_CAA",
+            "latency_routing_policy": [],
+            "multivalue_answer_routing_policy": false,
+            "name": "ledgerdb.servers.home.a-rwx.org",
+            "records": [
+              "0 iodef \"mailto:admin@lesaker.org\"",
+              "0 issue \"letsencrypt.org; validationmethods=dns-01\"",
+              "0 issuewild \";\""
+            ],
+            "set_identifier": "",
+            "ttl": 60,
+            "type": "CAA",
+            "weighted_routing_policy": [],
+            "zone_id": "Z06324102J3IVSSCKNZ4A"
+          },
+          "sensitive_attributes": [],
+          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjIifQ==",
+          "dependencies": [
+            "module.zones.aws_route53_zone.this"
+          ]
+        }
+      ]
+    },
+    {
+      "module": "module.ledgerdb_validation",
+      "mode": "managed",
+      "type": "awscreds_iam_access_key",
+      "name": "this",
+      "provider": "provider[\"registry.terraform.io/armorfret/awscreds\"]",
+      "instances": [
+        {
+          "schema_version": 0,
+          "attributes": {
+            "file": "creds/certbot_ledgerdb.servers.home.a-rwx.org",
+            "id": "AKIA3D3X4QXY4AC7UHLQ",
+            "user": "certbot_ledgerdb.servers.home.a-rwx.org"
+          },
+          "sensitive_attributes": [],
+          "private": "bnVsbA==",
+          "dependencies": [
+            "module.ledgerdb_validation.aws_iam_user.this"
+          ]
+        }
+      ]
+    },
     {
       "module": "module.logs_ext_validation",
       "mode": "data",
@@ -39997,7 +40196,7 @@
             "name": "puppet-heracles",
             "path": "/",
             "permissions_boundary": "",
-            "tags": null,
+            "tags": {},
             "tags_all": {},
             "unique_id": "AIDA3D3X4QXY4Y763IBI3"
           },
diff --git a/terraform.tfstate.backup b/terraform.tfstate.backup
