Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 4.0"...
- Installing hashicorp/aws v4.67.0...
- Installed hashicorp/aws v4.67.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Success! The configuration is valid.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_s3_bucket_policy.ehr_repo_permit_developer_to_see_access_logs_policy[0] will be updated in-place
  ~ resource "aws_s3_bucket_policy" "ehr_repo_permit_developer_to_see_access_logs_policy" {
        id     = "pre-prod-ehr-repo-access-logs"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                    # (1 unchanged element hidden)
                    {
                        Action    = [
                            "s3:Get*",
                            "s3:ListBucket",
                        ]
                        Condition = {
                            Bool = {
                                "aws:SecureTransport" = "false"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            AWS = "arn:aws:iam::108148468272:role/RepoDeveloper"
                        }
                        Resource  = [
                            "arn:aws:s3:::pre-prod-ehr-repo-access-logs",
                            "arn:aws:s3:::pre-prod-ehr-repo-access-logs/*",
                        ]
                        Sid       = "S3PermitDeveloperAccessLogsPolicy"
                    },
                  - {
                      - Action    = "s3:*"
                      - Condition = {
                          - Bool = {
                              - "aws:SecureTransport" = "false"
                            }
                        }
                      - Effect    = "Deny"
                      - Principal = "*"
                      - Resource  = [
                          - "arn:aws:s3:::pre-prod-ehr-repo-access-logs",
                          - "arn:aws:s3:::pre-prod-ehr-repo-access-logs/*",
                        ]
                      - Sid       = "S3EnforceHTTPSPolicy"
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 4.0"...
- Installing hashicorp/aws v4.67.0...
- Installed hashicorp/aws v4.67.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Success! The configuration is valid.

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 4.0"...
- Installing hashicorp/aws v4.67.0...
- Installed hashicorp/aws v4.67.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Success! The configuration is valid.

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 4.0"...
- Installing hashicorp/aws v4.67.0...
- Installed hashicorp/aws v4.67.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Success! The configuration is valid.

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_security_group.alb_to_ehr_repo_ecs will be updated in-place
  ~ resource "aws_security_group" "alb_to_ehr_repo_ecs" {
        id                     = "sg-091d2c37cedc98276"
        name                   = "prod-alb-to-ehr-repo-ecr"
      + revoke_rules_on_delete = false
        tags                   = {
            "CreatedBy"   = "prm-deductions-ehr-repository"
            "Environment" = "prod"
            "Name"        = "prod-alb-to-ehr-repo-ecs"
        }
        # (8 unchanged attributes hidden)

      - timeouts {}
    }

  # aws_security_group.ehr_repo_alb will be updated in-place
  ~ resource "aws_security_group" "ehr_repo_alb" {
        id                     = "sg-07e5606b3bcd4649d"
        name                   = "prod-alb-ehr-repo"
      + revoke_rules_on_delete = false
        tags                   = {
            "CreatedBy"   = "prm-deductions-ehr-repository"
            "Environment" = "prod"
            "Name"        = "prod-alb-ehr-repo"
        }
        # (8 unchanged attributes hidden)

      - timeouts {}
    }

  # aws_security_group.gocd_to_ehr_repo will be updated in-place
  ~ resource "aws_security_group" "gocd_to_ehr_repo" {
        id                     = "sg-03ac6aa886cc858a1"
      ~ ingress                = (sensitive value)
        name                   = "prod-gocd-to-ehr-repo"
        tags                   = {
            "CreatedBy"   = "prm-deductions-ehr-repository"
            "Environment" = "prod"
            "Name"        = "prod-gocd-to-ehr-repo-sg"
        }
        # (8 unchanged attributes hidden)

      - timeouts {}
    }

  # aws_security_group.service_to_ehr_repo will be updated in-place
  ~ resource "aws_security_group" "service_to_ehr_repo" {
        id                     = "sg-0843b1d0b553c2023"
        name                   = "prod-service-to-ehr-repo"
      + revoke_rules_on_delete = false
        tags                   = {
            "CreatedBy"   = "prm-deductions-ehr-repository"
            "Environment" = "prod"
            "Name"        = "prod-service-to-ehr-repo-sg"
        }
        # (8 unchanged attributes hidden)

      - timeouts {}
    }

  # aws_security_group.vpn_to_ehr_repo will be updated in-place
  ~ resource "aws_security_group" "vpn_to_ehr_repo" {
        id                     = "sg-0b1fbb458ed13a742"
        name                   = "prod-vpn-to-ehr-repo"
      + revoke_rules_on_delete = false
        tags                   = {
            "CreatedBy"   = "prm-deductions-ehr-repository"
            "Environment" = "prod"
            "Name"        = "prod-vpn-to-ehr-repo-sg"
        }
        # (8 unchanged attributes hidden)

      - timeouts {}
    }

Plan: 0 to add, 5 to change, 0 to destroy.