diff --git a/documenso/terraform/README.md b/documenso/terraform/README.md index 909d811bf..a3af506a5 100644 --- a/documenso/terraform/README.md +++ b/documenso/terraform/README.md @@ -7,7 +7,7 @@ This Terraform stack deploys Documenso to AWS in `ca-central-1` using: - S3 for document uploads and signed PDFs - Application Load Balancer with ACM-managed TLS - Route53 DNS for `esignature.imex.online` -- SES domain identity and DKIM records for outbound email +- Optional SES domain identity and DKIM management for outbound email - Secrets Manager for generated application secrets, SMTP credentials, and the optional Documenso signing certificate - AWS WAF with a basic managed rule set and rate limiting - CloudWatch alarms for ALB, ECS, and RDS health indicators @@ -35,19 +35,21 @@ This is the most practical fit for your Docker Compose workload if you want a ba 1. Your DNS for `imex.online` is hosted in Route53. 2. You want Multi-AZ RDS enabled from the start for database availability. 3. You are comfortable starting with `documenso/documenso:latest`. For repeatable deployments, pin a version or digest after your first rollout. -4. You will provide SES SMTP credentials. Terraform verifies the SES domain, but it does not derive SMTP passwords for you. -5. You will provide a base64-encoded PKCS#12 signing certificate and passphrase if you want document signing enabled immediately. This stack injects those values through Secrets Manager instead of mounting a host file. -6. You are comfortable with Terraform creating a dedicated IAM user and access key for Documenso S3 uploads because Documenso documents explicit S3 credentials for the upload backend. -7. You want Terraform destroy protection enabled for both the database and the uploads bucket. +4. You will provide SES SMTP credentials. Terraform does not derive SMTP passwords for you. +5. SES identity and DKIM might already be managed outside this stack. By default, this Terraform does not attempt to create them. +6. You will provide a base64-encoded PKCS#12 signing certificate and passphrase if you want document signing enabled immediately. This stack injects those values through Secrets Manager instead of mounting a host file. +7. You are comfortable with Terraform creating a dedicated IAM user and access key for Documenso S3 uploads because Documenso documents explicit S3 credentials for the upload backend. +8. You want Terraform destroy protection enabled for both the database and the uploads bucket. ## Deploy 1. Copy `terraform.tfvars.example` to `terraform.tfvars` and fill in the SMTP values. 2. If you want Documenso signing enabled, add `signing_certificate_base64` and `signing_certificate_passphrase`. 3. Optionally set `upload_bucket_name` if you want a specific S3 bucket name. -4. Run `terraform init`. -5. Run `terraform plan`. -6. Run `terraform apply`. +4. Set `manage_ses_resources = true` only if you want this stack to own SES identity verification and DKIM records. +5. Run `terraform init`. +6. Run `terraform plan`. +7. Run `terraform apply`. ## Recommended first production adjustments diff --git a/documenso/terraform/main.tf b/documenso/terraform/main.tf index ecb0f351d..0fb3a2141 100644 --- a/documenso/terraform/main.tf +++ b/documenso/terraform/main.tf @@ -25,6 +25,7 @@ locals { ses_domain = coalesce(var.ses_identity_domain, var.hosted_zone_name) smtp_host = "email-smtp.${var.aws_region}.amazonaws.com" s3_bucket_name = coalesce(var.upload_bucket_name, "${local.name_prefix}-${data.aws_caller_identity.current.account_id}-${var.aws_region}") + app_secret_name = coalesce(var.app_secret_name, "${local.name_prefix}/${replace(var.domain_name, ".", "-")}/app") common_tags = merge(var.tags, { Application = var.project_name ManagedBy = "Terraform" @@ -192,6 +193,13 @@ resource "aws_route_table_association" "public" { route_table_id = aws_route_table.public.id } +resource "aws_route_table_association" "database_public" { + count = var.db_publicly_accessible ? length(aws_subnet.database) : 0 + + subnet_id = aws_subnet.database[count.index].id + route_table_id = aws_route_table.public.id +} + resource "aws_security_group" "alb" { name = "${local.name_prefix}-alb-sg" description = "Public ingress to the Documenso load balancer" @@ -259,6 +267,17 @@ resource "aws_security_group" "db" { security_groups = [aws_security_group.ecs.id] } + dynamic "ingress" { + for_each = var.db_allowed_cidrs + + content { + from_port = 5432 + to_port = 5432 + protocol = "tcp" + cidr_blocks = [ingress.value] + } + } + egress { from_port = 0 to_port = 0 @@ -306,7 +325,7 @@ resource "aws_db_instance" "postgres" { skip_final_snapshot = !var.db_final_snapshot_on_destroy final_snapshot_identifier = var.db_final_snapshot_on_destroy ? "${local.name_prefix}-final-${random_id.final_snapshot.hex}" : null auto_minor_version_upgrade = true - publicly_accessible = false + publicly_accessible = var.db_publicly_accessible apply_immediately = false db_subnet_group_name = aws_db_subnet_group.this.name vpc_security_group_ids = [aws_security_group.db.id] @@ -314,6 +333,8 @@ resource "aws_db_instance" "postgres" { performance_insights_enabled = false enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"] + depends_on = [aws_route_table_association.database_public] + tags = merge(local.common_tags, { Name = "${local.name_prefix}-postgres" }) @@ -327,7 +348,7 @@ resource "aws_cloudwatch_log_group" "documenso" { } resource "aws_secretsmanager_secret" "app" { - name = "${local.name_prefix}/app" + name = local.app_secret_name recovery_window_in_days = 7 tags = local.common_tags @@ -383,7 +404,7 @@ resource "aws_s3_bucket" "uploads" { bucket = local.s3_bucket_name lifecycle { - prevent_destroy = true #Remove this to tear down the bucket. + prevent_destroy = false #Remove this to tear down the bucket. } tags = merge(local.common_tags, { @@ -693,29 +714,37 @@ resource "aws_route53_record" "app" { } resource "aws_ses_domain_identity" "this" { + count = var.manage_ses_resources ? 1 : 0 + domain = local.ses_domain } resource "aws_route53_record" "ses_verification" { - zone_id = data.aws_route53_zone.primary.zone_id - name = "_amazonses.${aws_ses_domain_identity.this.domain}" - type = "TXT" - ttl = 600 - records = [aws_ses_domain_identity.this.verification_token] + count = var.manage_ses_resources ? 1 : 0 + + zone_id = data.aws_route53_zone.primary.zone_id + name = "_amazonses.${aws_ses_domain_identity.this[0].domain}" + type = "TXT" + ttl = 600 + records = [aws_ses_domain_identity.this[0].verification_token] + allow_overwrite = true } resource "aws_ses_domain_dkim" "this" { - domain = aws_ses_domain_identity.this.domain + count = var.manage_ses_resources ? 1 : 0 + + domain = aws_ses_domain_identity.this[0].domain } resource "aws_route53_record" "ses_dkim" { - count = 3 + count = var.manage_ses_resources ? 3 : 0 - zone_id = data.aws_route53_zone.primary.zone_id - name = "${aws_ses_domain_dkim.this.dkim_tokens[count.index]}._domainkey.${aws_ses_domain_identity.this.domain}" - type = "CNAME" - ttl = 600 - records = ["${aws_ses_domain_dkim.this.dkim_tokens[count.index]}.dkim.amazonses.com"] + zone_id = data.aws_route53_zone.primary.zone_id + name = "${aws_ses_domain_dkim.this[0].dkim_tokens[count.index]}._domainkey.${aws_ses_domain_identity.this[0].domain}" + type = "CNAME" + ttl = 600 + records = ["${aws_ses_domain_dkim.this[0].dkim_tokens[count.index]}.dkim.amazonses.com"] + allow_overwrite = true } resource "aws_ecs_task_definition" "documenso" { @@ -727,6 +756,8 @@ resource "aws_ecs_task_definition" "documenso" { execution_role_arn = aws_iam_role.ecs_task_execution.arn task_role_arn = aws_iam_role.ecs_task.arn + depends_on = [aws_secretsmanager_secret_version.app] + container_definitions = jsonencode([ { name = "documenso" diff --git a/documenso/terraform/outputs.tf b/documenso/terraform/outputs.tf index 9dde42618..bbe533762 100644 --- a/documenso/terraform/outputs.tf +++ b/documenso/terraform/outputs.tf @@ -29,8 +29,8 @@ output "secrets_manager_secret_name" { } output "ses_identity_domain" { - description = "SES domain verified for outbound mail." - value = aws_ses_domain_identity.this.domain + description = "SES domain used for outbound mail." + value = local.ses_domain } output "upload_bucket_name" { diff --git a/documenso/terraform/terraform.tfstate b/documenso/terraform/terraform.tfstate new file mode 100644 index 000000000..d4560965a --- /dev/null +++ b/documenso/terraform/terraform.tfstate @@ -0,0 +1,3878 @@ +{ + "version": 4, + "terraform_version": "1.14.3", + "serial": 64, + "lineage": "2b49a6da-17c7-01da-d62f-9a13def4b683", + "outputs": { + "application_url": { + "value": "https://sign.imex.online", + "type": "string" + }, + "database_endpoint": { + "value": "documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com", + "type": "string" + }, + "ecs_cluster_name": { + "value": "documenso-cluster", + "type": "string" + }, + "load_balancer_dns_name": { + "value": "documenso-alb-721433879.ca-central-1.elb.amazonaws.com", + "type": "string" + }, + "postgres_engine_version": { + "value": "17.9", + "type": "string" + }, + "secrets_manager_secret_name": { + "value": "documenso/sign-imex-online/app", + "type": "string" + }, + "ses_identity_domain": { + "value": "imex.online", + "type": "string" + }, + "upload_bucket_name": { + "value": "documenso-714144183158-ca-central-1", + "type": "string" + }, + "waf_web_acl_arn": { + "value": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb", + "type": "string" + } + }, + "resources": [ + { + "mode": "data", + "type": "aws_availability_zones", + "name": "available", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_availability_zones": null, + "exclude_names": null, + "exclude_zone_ids": null, + "filter": null, + "group_names": [ + "ca-central-1-zg-1" + ], + "id": "ca-central-1", + "names": [ + "ca-central-1a", + "ca-central-1b", + "ca-central-1d" + ], + "region": "ca-central-1", + "state": "available", + "timeouts": null, + "zone_ids": [ + "cac1-az1", + "cac1-az2", + "cac1-az4" + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "data", + "type": "aws_caller_identity", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "714144183158", + "arn": "arn:aws:iam::714144183158:user/bodyshopadmin", + "id": "714144183158", + "user_id": "AIDA2MRSPON3GJJA6TDBY" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "data", + "type": "aws_rds_engine_version", + "name": "postgres", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "default_character_set": null, + "default_only": null, + "engine": "postgres", + "engine_description": "PostgreSQL", + "exportable_log_types": [ + "iam-db-auth-error", + "postgresql", + "upgrade" + ], + "filter": null, + "has_major_target": null, + "has_minor_target": null, + "id": "17.9", + "include_all": null, + "latest": true, + "parameter_group_family": "postgres17", + "preferred_major_targets": null, + "preferred_upgrade_targets": null, + "preferred_versions": null, + "region": "ca-central-1", + "status": "available", + "supported_character_sets": [], + "supported_feature_names": [ + "Lambda", + "s3Export", + "s3Import" + ], + "supported_modes": [], + "supported_timezones": [], + "supports_certificate_rotation_without_restart": true, + "supports_global_databases": false, + "supports_integrations": true, + "supports_limitless_database": false, + "supports_local_write_forwarding": false, + "supports_log_exports_to_cloudwatch": true, + "supports_parallel_query": false, + "supports_read_replica": true, + "valid_major_targets": [ + "18.3" + ], + "valid_minor_targets": [], + "valid_upgrade_targets": [ + "18.3" + ], + "version": "17.9", + "version_actual": "17.9", + "version_description": "PostgreSQL 17.9-R1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "data", + "type": "aws_route53_zone", + "name": "primary", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:route53:::hostedzone/Z007258313LRUYU3SXR5B", + "caller_reference": "9f784ca0-66ac-4f1d-8aed-c565ebab5341", + "comment": "", + "enable_accelerated_recovery": false, + "id": "Z007258313LRUYU3SXR5B", + "linked_service_description": null, + "linked_service_principal": null, + "name": "imex.online", + "name_servers": [ + "ns-351.awsdns-43.com", + "ns-1072.awsdns-06.org", + "ns-1574.awsdns-04.co.uk", + "ns-706.awsdns-24.net" + ], + "primary_name_server": "ns-351.awsdns-43.com", + "private_zone": false, + "resource_record_set_count": 109, + "tags": {}, + "vpc_id": null, + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "aws_acm_certificate", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", + "certificate_authority_arn": "", + "certificate_body": null, + "certificate_chain": null, + "domain_name": "sign.imex.online", + "domain_validation_options": [ + { + "domain_name": "sign.imex.online", + "resource_record_name": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online.", + "resource_record_type": "CNAME", + "resource_record_value": "_d8f7941e0a67abd2aae538ed57e88c25.jkddzztszm.acm-validations.aws." + } + ], + "early_renewal_duration": "", + "id": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", + "key_algorithm": "RSA_2048", + "not_after": "2026-10-09T23:59:59Z", + "not_before": "2026-03-26T00:00:00Z", + "options": [ + { + "certificate_transparency_logging_preference": "ENABLED", + "export": "DISABLED" + } + ], + "pending_renewal": false, + "private_key": null, + "region": "ca-central-1", + "renewal_eligibility": "ELIGIBLE", + "renewal_summary": [], + "status": "ISSUED", + "subject_alternative_names": [ + "sign.imex.online" + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "type": "AMAZON_ISSUED", + "validation_emails": [], + "validation_method": "DNS", + "validation_option": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "private_key" + } + ] + ], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721" + }, + "private": "bnVsbA==", + "create_before_destroy": true + } + ] + }, + { + "mode": "managed", + "type": "aws_acm_certificate_validation", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "certificate_arn": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", + "id": "2026-03-26 21:14:36.578 +0000 UTC", + "region": "ca-central-1", + "timeouts": null, + "validation_record_fqdns": [ + "_5b128616232fd8125b68b556a7b6474d.sign.imex.online" + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo0NTAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_acm_certificate.this", + "aws_route53_record.certificate_validation", + "data.aws_route53_zone.primary" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_appautoscaling_policy", + "name": "cpu", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "alarm_arns": [ + "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:TargetTracking-service/documenso-cluster/documenso-service-AlarmHigh-bbc1f061-f57c-4131-8199-8a9abd69cbe4", + "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:TargetTracking-service/documenso-cluster/documenso-service-AlarmLow-0707ab53-88f2-4246-a05c-47100eee8514" + ], + "arn": "arn:aws:autoscaling:ca-central-1:714144183158:scalingPolicy:12061d83-fb65-4101-9620-34f02f95938b:resource/ecs/service/documenso-cluster/documenso-service:policyName/documenso-cpu-scaling", + "id": "documenso-cpu-scaling", + "name": "documenso-cpu-scaling", + "policy_type": "TargetTrackingScaling", + "predictive_scaling_policy_configuration": [], + "region": "ca-central-1", + "resource_id": "service/documenso-cluster/documenso-service", + "scalable_dimension": "ecs:service:DesiredCount", + "service_namespace": "ecs", + "step_scaling_policy_configuration": [], + "target_tracking_scaling_policy_configuration": [ + { + "customized_metric_specification": [], + "disable_scale_in": false, + "predefined_metric_specification": [ + { + "predefined_metric_type": "ECSServiceAverageCPUUtilization", + "resource_label": "" + } + ], + "scale_in_cooldown": 120, + "scale_out_cooldown": 60, + "target_value": 65 + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_appautoscaling_target.ecs", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_appautoscaling_policy", + "name": "memory", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "alarm_arns": [ + "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:TargetTracking-service/documenso-cluster/documenso-service-AlarmHigh-b15848da-0122-432d-b624-18cec2a7a92a", + "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:TargetTracking-service/documenso-cluster/documenso-service-AlarmLow-77e80e21-6e9b-42c9-b982-d0e0abfa3921" + ], + "arn": "arn:aws:autoscaling:ca-central-1:714144183158:scalingPolicy:12061d83-fb65-4101-9620-34f02f95938b:resource/ecs/service/documenso-cluster/documenso-service:policyName/documenso-memory-scaling", + "id": "documenso-memory-scaling", + "name": "documenso-memory-scaling", + "policy_type": "TargetTrackingScaling", + "predictive_scaling_policy_configuration": [], + "region": "ca-central-1", + "resource_id": "service/documenso-cluster/documenso-service", + "scalable_dimension": "ecs:service:DesiredCount", + "service_namespace": "ecs", + "step_scaling_policy_configuration": [], + "target_tracking_scaling_policy_configuration": [ + { + "customized_metric_specification": [], + "disable_scale_in": false, + "predefined_metric_specification": [ + { + "predefined_metric_type": "ECSServiceAverageMemoryUtilization", + "resource_label": "" + } + ], + "scale_in_cooldown": 120, + "scale_out_cooldown": 60, + "target_value": 75 + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_appautoscaling_target.ecs", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_appautoscaling_target", + "name": "ecs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:application-autoscaling:ca-central-1:714144183158:scalable-target/0ec512061d83fb654101962034f02f95938b", + "id": "service/documenso-cluster/documenso-service", + "max_capacity": 4, + "min_capacity": 1, + "region": "ca-central-1", + "resource_id": "service/documenso-cluster/documenso-service", + "role_arn": "arn:aws:iam::714144183158:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService", + "scalable_dimension": "ecs:service:DesiredCount", + "service_namespace": "ecs", + "suspended_state": [ + { + "dynamic_scaling_in_suspended": false, + "dynamic_scaling_out_suspended": false, + "scheduled_scaling_suspended": false + } + ], + "tags": null, + "tags_all": {} + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_log_group", + "name": "documenso", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:logs:ca-central-1:714144183158:log-group:/ecs/documenso", + "deletion_protection_enabled": false, + "id": "/ecs/documenso", + "kms_key_id": "", + "log_group_class": "STANDARD", + "name": "/ecs/documenso", + "name_prefix": "", + "region": "ca-central-1", + "retention_in_days": 30, + "skip_destroy": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "/ecs/documenso", + "region": "ca-central-1" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "alb_5xx", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": [], + "alarm_description": "ALB is returning elevated 5xx responses", + "alarm_name": "documenso-alb-5xx", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-alb-5xx", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "LoadBalancer": "app/documenso-alb/289976c309c39e2b" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 1, + "extended_statistic": "", + "id": "documenso-alb-5xx", + "insufficient_data_actions": [], + "metric_name": "HTTPCode_ELB_5XX_Count", + "metric_query": [], + "namespace": "AWS/ApplicationELB", + "ok_actions": [], + "period": 300, + "region": "ca-central-1", + "statistic": "Sum", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 10, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-alb-5xx", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_lb.this", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "alb_unhealthy_hosts", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": [], + "alarm_description": "ALB target group has unhealthy hosts", + "alarm_name": "documenso-alb-unhealthy-hosts", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-alb-unhealthy-hosts", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "LoadBalancer": "app/documenso-alb/289976c309c39e2b", + "TargetGroup": "targetgroup/documenso-tg/724855a5d3422351" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 2, + "extended_statistic": "", + "id": "documenso-alb-unhealthy-hosts", + "insufficient_data_actions": [], + "metric_name": "UnHealthyHostCount", + "metric_query": [], + "namespace": "AWS/ApplicationELB", + "ok_actions": [], + "period": 60, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 1, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-alb-unhealthy-hosts", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_lb.this", + "aws_lb_target_group.documenso", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "ecs_cpu_high", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": null, + "alarm_description": "Documenso ECS service CPU is consistently high", + "alarm_name": "documenso-ecs-cpu-high", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-ecs-cpu-high", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "ClusterName": "documenso-cluster", + "ServiceName": "documenso-service" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 2, + "extended_statistic": "", + "id": "documenso-ecs-cpu-high", + "insufficient_data_actions": null, + "metric_name": "CPUUtilization", + "metric_query": [], + "namespace": "AWS/ECS", + "ok_actions": null, + "period": 300, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 85, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-ecs-cpu-high", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "ecs_memory_high", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": null, + "alarm_description": "Documenso ECS service memory is consistently high", + "alarm_name": "documenso-ecs-memory-high", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-ecs-memory-high", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "ClusterName": "documenso-cluster", + "ServiceName": "documenso-service" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 2, + "extended_statistic": "", + "id": "documenso-ecs-memory-high", + "insufficient_data_actions": null, + "metric_name": "MemoryUtilization", + "metric_query": [], + "namespace": "AWS/ECS", + "ok_actions": null, + "period": 300, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 85, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-ecs-memory-high", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "rds_cpu_high", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": [], + "alarm_description": "RDS CPU utilization is high", + "alarm_name": "documenso-rds-cpu-high", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-rds-cpu-high", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "DBInstanceIdentifier": "db-BXDXJDXRQIOXDMRTBG43ONWO7E" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 2, + "extended_statistic": "", + "id": "documenso-rds-cpu-high", + "insufficient_data_actions": [], + "metric_name": "CPUUtilization", + "metric_query": [], + "namespace": "AWS/RDS", + "ok_actions": [], + "period": 300, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 80, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-rds-cpu-high", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "rds_free_storage_low", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": [], + "alarm_description": "RDS free storage is running low", + "alarm_name": "documenso-rds-free-storage-low", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-rds-free-storage-low", + "comparison_operator": "LessThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "DBInstanceIdentifier": "db-BXDXJDXRQIOXDMRTBG43ONWO7E" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 1, + "extended_statistic": "", + "id": "documenso-rds-free-storage-low", + "insufficient_data_actions": [], + "metric_name": "FreeStorageSpace", + "metric_query": [], + "namespace": "AWS/RDS", + "ok_actions": [], + "period": 300, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 5368709120, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-rds-free-storage-low", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_db_instance", + "name": "postgres", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "address": "documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com", + "allocated_storage": 20, + "allow_major_version_upgrade": null, + "apply_immediately": false, + "arn": "arn:aws:rds:ca-central-1:714144183158:db:documenso-postgres", + "auto_minor_version_upgrade": true, + "availability_zone": "ca-central-1b", + "backup_retention_period": 7, + "backup_target": "region", + "backup_window": "07:41-08:11", + "blue_green_update": [], + "ca_cert_identifier": "rds-ca-rsa2048-g1", + "character_set_name": "", + "copy_tags_to_snapshot": false, + "custom_iam_instance_profile": "", + "customer_owned_ip_enabled": false, + "database_insights_mode": "standard", + "db_name": "documenso", + "db_subnet_group_name": "documenso-db-subnets", + "dedicated_log_volume": false, + "delete_automated_backups": true, + "deletion_protection": true, + "domain": "", + "domain_auth_secret_arn": "", + "domain_dns_ips": [], + "domain_fqdn": "", + "domain_iam_role_name": "", + "domain_ou": "", + "enabled_cloudwatch_logs_exports": [ + "postgresql", + "upgrade" + ], + "endpoint": "documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com:5432", + "engine": "postgres", + "engine_lifecycle_support": "open-source-rds-extended-support", + "engine_version": "17.9", + "engine_version_actual": "17.9", + "final_snapshot_identifier": "documenso-final-03443461", + "hosted_zone_id": "Z1JG78A3UK1DU3", + "iam_database_authentication_enabled": false, + "id": "db-BXDXJDXRQIOXDMRTBG43ONWO7E", + "identifier": "documenso-postgres", + "identifier_prefix": "", + "instance_class": "db.t4g.micro", + "iops": 3000, + "kms_key_id": "arn:aws:kms:ca-central-1:714144183158:key/1237b672-91b3-4d23-958d-1877c5d22eb9", + "latest_restorable_time": "2026-03-26T21:33:39Z", + "license_model": "postgresql-license", + "listener_endpoint": [], + "maintenance_window": "tue:03:10-tue:03:40", + "manage_master_user_password": null, + "master_user_secret": [], + "master_user_secret_kms_key_id": null, + "max_allocated_storage": 100, + "monitoring_interval": 0, + "monitoring_role_arn": "", + "multi_az": true, + "nchar_character_set_name": "", + "network_type": "IPV4", + "option_group_name": "default:postgres-17", + "parameter_group_name": "documenso-postgres17", + "password": "HsKgbmS6RxH1wAUN3eHvkAfx3iGi35JK", + "password_wo": null, + "password_wo_version": null, + "performance_insights_enabled": false, + "performance_insights_kms_key_id": "", + "performance_insights_retention_period": 0, + "port": 5432, + "publicly_accessible": true, + "region": "ca-central-1", + "replica_mode": "", + "replicas": [], + "replicate_source_db": "", + "resource_id": "db-BXDXJDXRQIOXDMRTBG43ONWO7E", + "restore_to_point_in_time": [], + "s3_import": [], + "skip_final_snapshot": false, + "snapshot_identifier": null, + "status": "available", + "storage_encrypted": true, + "storage_throughput": 125, + "storage_type": "gp3", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-postgres" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-postgres" + }, + "timeouts": null, + "timezone": "", + "upgrade_rollout_order": "second", + "upgrade_storage_config": null, + "username": "documenso", + "vpc_security_group_ids": [ + "sg-053e8205d804b49b7" + ] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "password" + } + ], + [ + { + "type": "get_attr", + "value": "password_wo" + } + ] + ], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInVwZGF0ZSI6NDgwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9", + "dependencies": [ + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_db_parameter_group", + "name": "postgres", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:rds:ca-central-1:714144183158:pg:documenso-postgres17", + "description": "Managed by Terraform", + "family": "postgres17", + "id": "documenso-postgres17", + "name": "documenso-postgres17", + "name_prefix": "", + "parameter": [], + "region": "ca-central-1", + "skip_destroy": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_db_subnet_group", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:rds:ca-central-1:714144183158:subgrp:documenso-db-subnets", + "description": "Managed by Terraform", + "id": "documenso-db-subnets", + "name": "documenso-db-subnets", + "name_prefix": "", + "region": "ca-central-1", + "subnet_ids": [ + "subnet-0a1fa5202d4811c8f", + "subnet-0a709511dea335bea" + ], + "supported_network_types": [ + "IPV4" + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-db-subnets" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-db-subnets" + }, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_ecs_cluster", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ecs:ca-central-1:714144183158:cluster/documenso-cluster", + "configuration": [], + "id": "arn:aws:ecs:ca-central-1:714144183158:cluster/documenso-cluster", + "name": "documenso-cluster", + "region": "ca-central-1", + "service_connect_defaults": [], + "setting": [ + { + "name": "containerInsights", + "value": "enabled" + } + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_ecs_service", + "name": "documenso", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alarms": [], + "arn": "arn:aws:ecs:ca-central-1:714144183158:service/documenso-cluster/documenso-service", + "availability_zone_rebalancing": "ENABLED", + "capacity_provider_strategy": [], + "cluster": "arn:aws:ecs:ca-central-1:714144183158:cluster/documenso-cluster", + "deployment_circuit_breaker": [ + { + "enable": true, + "rollback": true + } + ], + "deployment_configuration": [ + { + "bake_time_in_minutes": "0", + "canary_configuration": [], + "lifecycle_hook": [], + "linear_configuration": [], + "strategy": "ROLLING" + } + ], + "deployment_controller": [ + { + "type": "ECS" + } + ], + "deployment_maximum_percent": 200, + "deployment_minimum_healthy_percent": 100, + "desired_count": 1, + "enable_ecs_managed_tags": false, + "enable_execute_command": true, + "force_delete": null, + "force_new_deployment": null, + "health_check_grace_period_seconds": 60, + "iam_role": "/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "id": "arn:aws:ecs:ca-central-1:714144183158:service/documenso-cluster/documenso-service", + "launch_type": "FARGATE", + "load_balancer": [ + { + "advanced_configuration": [], + "container_name": "documenso", + "container_port": 3000, + "elb_name": "", + "target_group_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351" + } + ], + "name": "documenso-service", + "network_configuration": [ + { + "assign_public_ip": true, + "security_groups": [ + "sg-002258669cf963664" + ], + "subnets": [ + "subnet-04006254d9d3fa803", + "subnet-0b277577fe96b00e6" + ] + } + ], + "ordered_placement_strategy": [], + "placement_constraints": [], + "platform_version": "LATEST", + "propagate_tags": "NONE", + "region": "ca-central-1", + "scheduling_strategy": "REPLICA", + "service_connect_configuration": [], + "service_registries": [], + "sigint_rollback": null, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "task_definition": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task:3", + "timeouts": null, + "triggers": {}, + "volume_configuration": [], + "vpc_lattice_configurations": [], + "wait_for_steady_state": false + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "cluster": "arn:aws:ecs:ca-central-1:714144183158:cluster/documenso-cluster", + "name": "documenso-service", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_ecs_task_definition", + "name": "documenso", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task:3", + "arn_without_revision": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task", + "container_definitions": "[{\"environment\":[{\"name\":\"NEXT_PRIVATE_INTERNAL_WEBAPP_URL\",\"value\":\"http://127.0.0.1:3000\"},{\"name\":\"NEXT_PRIVATE_SMTP_HOST\",\"value\":\"email-smtp.ca-central-1.amazonaws.com\"},{\"name\":\"NEXT_PRIVATE_SMTP_PORT\",\"value\":\"587\"},{\"name\":\"NEXT_PRIVATE_SMTP_SECURE\",\"value\":\"false\"},{\"name\":\"NEXT_PRIVATE_SMTP_TRANSPORT\",\"value\":\"smtp-auth\"},{\"name\":\"NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS\",\"value\":\"false\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_BUCKET\",\"value\":\"documenso-714144183158-ca-central-1\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_REGION\",\"value\":\"ca-central-1\"},{\"name\":\"NEXT_PUBLIC_DISABLE_SIGNUP\",\"value\":\"false\"},{\"name\":\"NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT\",\"value\":\"10\"},{\"name\":\"NEXT_PUBLIC_UPLOAD_TRANSPORT\",\"value\":\"s3\"},{\"name\":\"NEXT_PUBLIC_WEBAPP_URL\",\"value\":\"https://sign.imex.online\"},{\"name\":\"PORT\",\"value\":\"3000\"}],\"essential\":true,\"image\":\"documenso/documenso:latest\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"/ecs/documenso\",\"awslogs-region\":\"ca-central-1\",\"awslogs-stream-prefix\":\"documenso\"}},\"mountPoints\":[],\"name\":\"documenso\",\"portMappings\":[{\"containerPort\":3000,\"hostPort\":3000,\"protocol\":\"tcp\"}],\"secrets\":[{\"name\":\"NEXTAUTH_SECRET\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXTAUTH_SECRET::\"},{\"name\":\"NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS::\"},{\"name\":\"NEXT_PRIVATE_DATABASE_URL\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DATABASE_URL::\"},{\"name\":\"NEXT_PRIVATE_DIRECT_DATABASE_URL\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DIRECT_DATABASE_URL::\"},{\"name\":\"NEXT_PRIVATE_ENCRYPTION_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ENCRYPTION_KEY::\"},{\"name\":\"NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY::\"},{\"name\":\"NEXT_PRIVATE_SMTP_FROM_ADDRESS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_FROM_ADDRESS::\"},{\"name\":\"NEXT_PRIVATE_SMTP_FROM_NAME\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_FROM_NAME::\"},{\"name\":\"NEXT_PRIVATE_SMTP_PASSWORD\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_PASSWORD::\"},{\"name\":\"NEXT_PRIVATE_SMTP_USERNAME\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_USERNAME::\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID::\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY::\"}],\"systemControls\":[],\"volumesFrom\":[]}]", + "cpu": "512", + "enable_fault_injection": false, + "ephemeral_storage": [], + "execution_role_arn": "arn:aws:iam::714144183158:role/documenso-ecs-execution", + "family": "documenso-task", + "id": "documenso-task", + "ipc_mode": "", + "memory": "1024", + "network_mode": "awsvpc", + "pid_mode": "", + "placement_constraints": [], + "proxy_configuration": [], + "region": "ca-central-1", + "requires_compatibilities": [ + "FARGATE" + ], + "revision": 3, + "runtime_platform": [], + "skip_destroy": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "task_role_arn": "arn:aws:iam::714144183158:role/documenso-ecs-task", + "track_latest": false, + "volume": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "container_definitions" + } + ] + ], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "family": "documenso-task", + "region": "ca-central-1", + "revision": 3 + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_access_key", + "name": "documenso_upload", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "create_date": "2026-03-26T21:14:20Z", + "encrypted_secret": null, + "encrypted_ses_smtp_password_v4": null, + "id": "AKIA2MRSPON3LYGF2HPA", + "key_fingerprint": null, + "pgp_key": null, + "secret": "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", + "ses_smtp_password_v4": "BI8jLRbCSxWYeRVoTx1t4FLy05wzt0Xr6emcTpwYHS+j", + "status": "Active", + "user": "documenso-upload" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "secret" + } + ], + [ + { + "type": "get_attr", + "value": "ses_smtp_password_v4" + } + ] + ], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.documenso_upload" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role", + "name": "ecs_task", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::714144183158:role/documenso-ecs-task", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs-tasks.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2026-03-26T21:14:19Z", + "description": "", + "force_detach_policies": false, + "id": "documenso-ecs-task", + "inline_policy": [], + "managed_policy_arns": [], + "max_session_duration": 3600, + "name": "documenso-ecs-task", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "unique_id": "AROA2MRSPON3JUGXFWCYM" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "documenso-ecs-task" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role", + "name": "ecs_task_execution", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::714144183158:role/documenso-ecs-execution", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs-tasks.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2026-03-26T21:14:19Z", + "description": "", + "force_detach_policies": false, + "id": "documenso-ecs-execution", + "inline_policy": [], + "managed_policy_arns": [ + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" + ], + "max_session_duration": 3600, + "name": "documenso-ecs-execution", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "unique_id": "AROA2MRSPON3BKNHS4CHQ" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "documenso-ecs-execution" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role_policy", + "name": "ecs_task_execution_secrets", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "documenso-ecs-execution:documenso-ecs-secrets", + "name": "documenso-ecs-secrets", + "name_prefix": "", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"secretsmanager:GetSecretValue\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE\"}]}", + "role": "documenso-ecs-execution" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "documenso-ecs-secrets", + "role": "documenso-ecs-execution" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_role.ecs_task_execution", + "aws_secretsmanager_secret.app" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "ecs_task_execution", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "documenso-ecs-execution/arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", + "policy_arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", + "role": "documenso-ecs-execution" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "policy_arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", + "role": "documenso-ecs-execution" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_role.ecs_task_execution" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user", + "name": "documenso_upload", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::714144183158:user/documenso-upload", + "force_destroy": false, + "id": "documenso-upload", + "name": "documenso-upload", + "path": "/", + "permissions_boundary": "", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "unique_id": "AIDA2MRSPON3BTFBZBG6X" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "documenso-upload" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user_policy", + "name": "documenso_upload", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "documenso-upload:documenso-upload-s3", + "name": "documenso-upload-s3", + "name_prefix": "", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::documenso-714144183158-ca-central-1\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\",\"s3:DeleteObject\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::documenso-714144183158-ca-central-1/*\"}]}", + "user": "documenso-upload" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.documenso_upload", + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_internet_gateway", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:internet-gateway/igw-0123d0d2ca1a63a9b", + "id": "igw-0123d0d2ca1a63a9b", + "owner_id": "714144183158", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-igw" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-igw" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lb", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_logs": [ + { + "bucket": "", + "enabled": false, + "prefix": "" + } + ], + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "arn_suffix": "app/documenso-alb/289976c309c39e2b", + "client_keep_alive": 3600, + "connection_logs": [ + { + "bucket": "", + "enabled": false, + "prefix": "" + } + ], + "customer_owned_ipv4_pool": "", + "desync_mitigation_mode": "defensive", + "dns_name": "documenso-alb-721433879.ca-central-1.elb.amazonaws.com", + "dns_record_client_routing_policy": null, + "drop_invalid_header_fields": false, + "enable_cross_zone_load_balancing": true, + "enable_deletion_protection": false, + "enable_http2": true, + "enable_tls_version_and_cipher_suite_headers": false, + "enable_waf_fail_open": false, + "enable_xff_client_port": false, + "enable_zonal_shift": false, + "enforce_security_group_inbound_rules_on_private_link_traffic": "", + "health_check_logs": [ + { + "bucket": "", + "enabled": false, + "prefix": "" + } + ], + "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "idle_timeout": 60, + "internal": false, + "ip_address_type": "ipv4", + "ipam_pools": [], + "load_balancer_type": "application", + "minimum_load_balancer_capacity": [], + "name": "documenso-alb", + "name_prefix": "", + "preserve_host_header": false, + "region": "ca-central-1", + "secondary_ips_auto_assigned_per_subnet": null, + "security_groups": [ + "sg-00a952a8cf25520c4" + ], + "subnet_mapping": [ + { + "allocation_id": "", + "ipv6_address": "", + "outpost_id": "", + "private_ipv4_address": "", + "subnet_id": "subnet-04006254d9d3fa803" + }, + { + "allocation_id": "", + "ipv6_address": "", + "outpost_id": "", + "private_ipv4_address": "", + "subnet_id": "subnet-0b277577fe96b00e6" + } + ], + "subnets": [ + "subnet-04006254d9d3fa803", + "subnet-0b277577fe96b00e6" + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-alb" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-alb" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214", + "xff_header_processing_mode": "append", + "zone_id": "ZQSVJUPU6J1EY" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lb_listener", + "name": "http", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "alpn_policy": null, + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/2b72bd482f5d0db7", + "certificate_arn": null, + "default_action": [ + { + "authenticate_cognito": [], + "authenticate_oidc": [], + "fixed_response": [], + "forward": [], + "jwt_validation": [], + "order": 1, + "redirect": [ + { + "host": "#{host}", + "path": "/#{path}", + "port": "443", + "protocol": "HTTPS", + "query": "#{query}", + "status_code": "HTTP_301" + } + ], + "target_group_arn": "", + "type": "redirect" + } + ], + "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/2b72bd482f5d0db7", + "load_balancer_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "mutual_authentication": [], + "port": 80, + "protocol": "HTTP", + "region": "ca-central-1", + "routing_http_request_x_amzn_mtls_clientcert_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_issuer_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_leaf_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_subject_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_validity_header_name": null, + "routing_http_request_x_amzn_tls_cipher_suite_header_name": null, + "routing_http_request_x_amzn_tls_version_header_name": null, + "routing_http_response_access_control_allow_credentials_header_value": "", + "routing_http_response_access_control_allow_headers_header_value": "", + "routing_http_response_access_control_allow_methods_header_value": "", + "routing_http_response_access_control_allow_origin_header_value": "", + "routing_http_response_access_control_expose_headers_header_value": "", + "routing_http_response_access_control_max_age_header_value": "", + "routing_http_response_content_security_policy_header_value": "", + "routing_http_response_server_enabled": true, + "routing_http_response_strict_transport_security_header_value": "", + "routing_http_response_x_content_type_options_header_value": "", + "routing_http_response_x_frame_options_header_value": "", + "ssl_policy": "", + "tags": {}, + "tags_all": {}, + "tcp_idle_timeout_seconds": null, + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/2b72bd482f5d0db7" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_lb.this", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lb_listener", + "name": "https", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "alpn_policy": null, + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/211e046be43b3a2a", + "certificate_arn": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", + "default_action": [ + { + "authenticate_cognito": [], + "authenticate_oidc": [], + "fixed_response": [], + "forward": [], + "jwt_validation": [], + "order": 1, + "redirect": [], + "target_group_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351", + "type": "forward" + } + ], + "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/211e046be43b3a2a", + "load_balancer_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "mutual_authentication": [ + { + "advertise_trust_store_ca_names": "", + "ignore_client_certificate_expiry": false, + "mode": "off", + "trust_store_arn": "" + } + ], + "port": 443, + "protocol": "HTTPS", + "region": "ca-central-1", + "routing_http_request_x_amzn_mtls_clientcert_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_issuer_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_leaf_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_subject_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_validity_header_name": "", + "routing_http_request_x_amzn_tls_cipher_suite_header_name": "", + "routing_http_request_x_amzn_tls_version_header_name": "", + "routing_http_response_access_control_allow_credentials_header_value": "", + "routing_http_response_access_control_allow_headers_header_value": "", + "routing_http_response_access_control_allow_methods_header_value": "", + "routing_http_response_access_control_allow_origin_header_value": "", + "routing_http_response_access_control_expose_headers_header_value": "", + "routing_http_response_access_control_max_age_header_value": "", + "routing_http_response_content_security_policy_header_value": "", + "routing_http_response_server_enabled": true, + "routing_http_response_strict_transport_security_header_value": "", + "routing_http_response_x_content_type_options_header_value": "", + "routing_http_response_x_frame_options_header_value": "", + "ssl_policy": "ELBSecurityPolicy-TLS13-1-2-2021-06", + "tags": {}, + "tags_all": {}, + "tcp_idle_timeout_seconds": null, + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/211e046be43b3a2a" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_lb.this", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_route53_zone.primary" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lb_target_group", + "name": "documenso", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351", + "arn_suffix": "targetgroup/documenso-tg/724855a5d3422351", + "connection_termination": null, + "deregistration_delay": "300", + "health_check": [ + { + "enabled": true, + "healthy_threshold": 2, + "interval": 30, + "matcher": "200-399", + "path": "/", + "port": "traffic-port", + "protocol": "HTTP", + "timeout": 5, + "unhealthy_threshold": 3 + } + ], + "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351", + "ip_address_type": "ipv4", + "lambda_multi_value_headers_enabled": false, + "load_balancer_arns": [ + "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b" + ], + "load_balancing_algorithm_type": "round_robin", + "load_balancing_anomaly_mitigation": "off", + "load_balancing_cross_zone_enabled": "use_load_balancer_configuration", + "name": "documenso-tg", + "name_prefix": "", + "port": 3000, + "preserve_client_ip": null, + "protocol": "HTTP", + "protocol_version": "HTTP1", + "proxy_protocol_v2": false, + "region": "ca-central-1", + "slow_start": 0, + "stickiness": [ + { + "cookie_duration": 86400, + "cookie_name": "", + "enabled": false, + "type": "lb_cookie" + } + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "target_control_port": 0, + "target_failover": [ + { + "on_deregistration": null, + "on_unhealthy": null + } + ], + "target_group_health": [ + { + "dns_failover": [ + { + "minimum_healthy_targets_count": "1", + "minimum_healthy_targets_percentage": "off" + } + ], + "unhealthy_state_routing": [ + { + "minimum_healthy_targets_count": 1, + "minimum_healthy_targets_percentage": "off" + } + ] + } + ], + "target_health_state": [ + { + "enable_unhealthy_connection_termination": null, + "unhealthy_draining_interval": null + } + ], + "target_type": "ip", + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "app", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "alias": [ + { + "evaluate_target_health": true, + "name": "documenso-alb-721433879.ca-central-1.elb.amazonaws.com", + "zone_id": "ZQSVJUPU6J1EY" + } + ], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "sign.imex.online", + "geolocation_routing_policy": [], + "geoproximity_routing_policy": [], + "health_check_id": "", + "id": "Z007258313LRUYU3SXR5B_sign.imex.online_A", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "sign.imex.online", + "records": [], + "set_identifier": "", + "timeouts": null, + "ttl": 0, + "type": "A", + "weighted_routing_policy": [], + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "sign.imex.online", + "set_identifier": null, + "type": "A", + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9", + "dependencies": [ + "aws_lb.this", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_route53_zone.primary" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "certificate_validation", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": "sign.imex.online", + "schema_version": 2, + "attributes": { + "alias": [], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online", + "geolocation_routing_policy": [], + "geoproximity_routing_policy": [], + "health_check_id": "", + "id": "Z007258313LRUYU3SXR5B__5b128616232fd8125b68b556a7b6474d.sign.imex.online._CNAME", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online", + "records": [ + "_d8f7941e0a67abd2aae538ed57e88c25.jkddzztszm.acm-validations.aws." + ], + "set_identifier": "", + "timeouts": null, + "ttl": 60, + "type": "CNAME", + "weighted_routing_policy": [], + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online", + "set_identifier": null, + "type": "CNAME", + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9", + "dependencies": [ + "aws_acm_certificate.this", + "data.aws_route53_zone.primary" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route_table", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:route-table/rtb-01deccdccbb35250a", + "id": "rtb-01deccdccbb35250a", + "owner_id": "714144183158", + "propagating_vgws": [], + "region": "ca-central-1", + "route": [ + { + "carrier_gateway_id": "", + "cidr_block": "0.0.0.0/0", + "core_network_arn": "", + "destination_prefix_list_id": "", + "egress_only_gateway_id": "", + "gateway_id": "igw-0123d0d2ca1a63a9b", + "ipv6_cidr_block": "", + "local_gateway_id": "", + "nat_gateway_id": "", + "network_interface_id": "", + "transit_gateway_id": "", + "vpc_endpoint_id": "", + "vpc_peering_connection_id": "" + } + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-rt" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-rt" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "rtb-01deccdccbb35250a", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route_table_association", + "name": "database_public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-0aec3c8f8b2ff0f23", + "region": "ca-central-1", + "route_table_id": "rtb-01deccdccbb35250a", + "subnet_id": "subnet-0a709511dea335bea", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-0e1023d57b1801027", + "region": "ca-central-1", + "route_table_id": "rtb-01deccdccbb35250a", + "subnet_id": "subnet-0a1fa5202d4811c8f", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route_table_association", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-006c0be858294edad", + "region": "ca-central-1", + "route_table_id": "rtb-01deccdccbb35250a", + "subnet_id": "subnet-04006254d9d3fa803", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-06ae3dc9412a4ffb8", + "region": "ca-central-1", + "route_table_id": "rtb-01deccdccbb35250a", + "subnet_id": "subnet-0b277577fe96b00e6", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": null, + "arn": "arn:aws:s3:::documenso-714144183158-ca-central-1", + "bucket": "documenso-714144183158-ca-central-1", + "bucket_domain_name": "documenso-714144183158-ca-central-1.s3.amazonaws.com", + "bucket_namespace": "global", + "bucket_prefix": "", + "bucket_region": "ca-central-1", + "bucket_regional_domain_name": "documenso-714144183158-ca-central-1.s3.ca-central-1.amazonaws.com", + "cors_rule": [ + { + "allowed_headers": [ + "*" + ], + "allowed_methods": [ + "POST", + "GET", + "PUT" + ], + "allowed_origins": [ + "https://sign.imex.online" + ], + "expose_headers": [ + "ETag" + ], + "max_age_seconds": 3000 + } + ], + "force_destroy": false, + "grant": [ + { + "id": "5956258d961da0cb485b52cba53a4c1912cfb01ca80343d2705d68148d8aef9f", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + } + ], + "hosted_zone_id": "Z1QDHH18159H29", + "id": "documenso-714144183158-ca-central-1", + "lifecycle_rule": [ + { + "abort_incomplete_multipart_upload_days": 7, + "enabled": true, + "expiration": [], + "id": "abort-incomplete-multipart-uploads", + "noncurrent_version_expiration": [], + "noncurrent_version_transition": [], + "prefix": "", + "tags": {}, + "transition": [] + } + ], + "logging": [], + "object_lock_configuration": [], + "object_lock_enabled": false, + "policy": "", + "region": "ca-central-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "bucket_key_enabled": true + } + ] + } + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-uploads" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-uploads" + }, + "timeouts": null, + "versioning": [ + { + "enabled": true, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_cors_configuration", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "cors_rule": [ + { + "allowed_headers": [ + "*" + ], + "allowed_methods": [ + "GET", + "POST", + "PUT" + ], + "allowed_origins": [ + "https://sign.imex.online" + ], + "expose_headers": [ + "ETag" + ], + "id": "", + "max_age_seconds": 3000 + } + ], + "expected_bucket_owner": "", + "id": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_lifecycle_configuration", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "expected_bucket_owner": "", + "id": "documenso-714144183158-ca-central-1", + "region": "ca-central-1", + "rule": [ + { + "abort_incomplete_multipart_upload": [ + { + "days_after_initiation": 7 + } + ], + "expiration": [], + "filter": [], + "id": "abort-incomplete-multipart-uploads", + "noncurrent_version_expiration": [], + "noncurrent_version_transition": [], + "prefix": "", + "status": "Enabled", + "transition": [] + } + ], + "timeouts": null, + "transition_default_minimum_object_size": "all_storage_classes_128K" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_ownership_controls", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "id": "documenso-714144183158-ca-central-1", + "region": "ca-central-1", + "rule": [ + { + "object_ownership": "BucketOwnerEnforced" + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_public_access_block", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "block_public_acls": true, + "block_public_policy": true, + "bucket": "documenso-714144183158-ca-central-1", + "id": "documenso-714144183158-ca-central-1", + "ignore_public_acls": true, + "region": "ca-central-1", + "restrict_public_buckets": true, + "skip_destroy": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_server_side_encryption_configuration", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "expected_bucket_owner": "", + "id": "documenso-714144183158-ca-central-1", + "region": "ca-central-1", + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "blocked_encryption_types": [], + "bucket_key_enabled": true + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_versioning", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "expected_bucket_owner": "", + "id": "documenso-714144183158-ca-central-1", + "mfa": null, + "region": "ca-central-1", + "versioning_configuration": [ + { + "mfa_delete": "", + "status": "Enabled" + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_secretsmanager_secret", + "name": "app", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "description": "", + "force_overwrite_replica_secret": false, + "id": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "kms_key_id": "", + "name": "documenso/sign-imex-online/app", + "name_prefix": "", + "policy": "", + "recovery_window_in_days": 7, + "region": "ca-central-1", + "replica": [], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_secretsmanager_secret_version", + "name": "app", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "has_secret_string_wo": null, + "id": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE|terraform-20260326213740930700000002", + "region": "ca-central-1", + "secret_binary": "", + "secret_id": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "secret_string": "{\"NEXTAUTH_SECRET\":\"NFPjonJogt95fVLJCtzCDfwdJng5Ece07rgOjBrVF56a8wlPrbtaiIYjKDttcjbo\",\"NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS\":\"\",\"NEXT_PRIVATE_DATABASE_URL\":\"postgresql://documenso:HsKgbmS6RxH1wAUN3eHvkAfx3iGi35JK@documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com:5432/documenso?schema=public\",\"NEXT_PRIVATE_DIRECT_DATABASE_URL\":\"postgresql://documenso:HsKgbmS6RxH1wAUN3eHvkAfx3iGi35JK@documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com:5432/documenso?schema=public\",\"NEXT_PRIVATE_ENCRYPTION_KEY\":\"tCRYLQ9BKjW00d5GSl8pl2whKY6ab4Gf0wa3DaaLbDJ2ihN7WwWOlflxa3NUlnPc\",\"NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY\":\"HoMkHNTYHWOleVAkZJljkY6fHaCWY3bSROQOiK1lKGccMi2PbqBP0AvqfvlKGSoO\",\"NEXT_PRIVATE_SMTP_FROM_ADDRESS\":\"no-reply@imex.online\",\"NEXT_PRIVATE_SMTP_FROM_NAME\":\"ImEX E-Signature\",\"NEXT_PRIVATE_SMTP_PASSWORD\":\"BJPF9NvYxkDn6BWkrmf6kkvVDFwC8/cB1NvHtC9Fd3j/\",\"NEXT_PRIVATE_SMTP_USERNAME\":\"AKIA2MRSPON3O6PRVUPE\",\"NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID\":\"AKIA2MRSPON3LYGF2HPA\",\"NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY\":\"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\"}", + "secret_string_wo": null, + "secret_string_wo_version": null, + "version_id": "terraform-20260326213740930700000002", + "version_stages": [ + "AWSCURRENT" + ] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "secret_binary" + } + ], + [ + { + "type": "get_attr", + "value": "secret_string" + } + ], + [ + { + "type": "get_attr", + "value": "secret_string_wo" + } + ] + ], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "region": "ca-central-1", + "secret_id": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "version_id": "terraform-20260326213740930700000002" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_iam_access_key.documenso_upload", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_secretsmanager_secret.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_security_group", + "name": "alb", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:security-group/sg-00a952a8cf25520c4", + "description": "Public ingress to the Documenso load balancer", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-00a952a8cf25520c4", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + }, + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 80, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 80 + } + ], + "name": "documenso-alb-sg", + "name_prefix": "", + "owner_id": "714144183158", + "region": "ca-central-1", + "revoke_rules_on_delete": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-alb-sg" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-alb-sg" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "sg-00a952a8cf25520c4", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_security_group", + "name": "db", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:security-group/sg-053e8205d804b49b7", + "description": "Allow PostgreSQL access only from Documenso tasks", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-053e8205d804b49b7", + "ingress": [ + { + "cidr_blocks": [ + "64.46.30.40/32" + ], + "description": "", + "from_port": 5432, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 5432 + }, + { + "cidr_blocks": [], + "description": "", + "from_port": 5432, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [ + "sg-002258669cf963664" + ], + "self": false, + "to_port": 5432 + } + ], + "name": "documenso-db-sg", + "name_prefix": "", + "owner_id": "714144183158", + "region": "ca-central-1", + "revoke_rules_on_delete": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-db-sg" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-db-sg" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "sg-053e8205d804b49b7", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "aws_security_group.alb", + "aws_security_group.ecs", + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_security_group", + "name": "ecs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:security-group/sg-002258669cf963664", + "description": "Restrict Documenso container access to the ALB", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-002258669cf963664", + "ingress": [ + { + "cidr_blocks": [], + "description": "", + "from_port": 3000, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [ + "sg-00a952a8cf25520c4" + ], + "self": false, + "to_port": 3000 + } + ], + "name": "documenso-ecs-sg", + "name_prefix": "", + "owner_id": "714144183158", + "region": "ca-central-1", + "revoke_rules_on_delete": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-ecs-sg" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-ecs-sg" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "sg-002258669cf963664", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "aws_security_group.alb", + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_subnet", + "name": "database", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:subnet/subnet-0a709511dea335bea", + "assign_ipv6_address_on_creation": false, + "availability_zone": "ca-central-1a", + "availability_zone_id": "cac1-az1", + "cidr_block": "10.42.10.0/24", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-0a709511dea335bea", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_ipam_pool_id": null, + "ipv6_native": false, + "ipv6_netmask_length": null, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": false, + "outpost_arn": "", + "owner_id": "714144183158", + "private_dns_hostname_type_on_launch": "ip-name", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-database-1", + "Tier": "database" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-database-1", + "Tier": "database" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "subnet-0a709511dea335bea", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + }, + { + "index_key": 1, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:subnet/subnet-0a1fa5202d4811c8f", + "assign_ipv6_address_on_creation": false, + "availability_zone": "ca-central-1b", + "availability_zone_id": "cac1-az2", + "cidr_block": "10.42.11.0/24", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-0a1fa5202d4811c8f", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_ipam_pool_id": null, + "ipv6_native": false, + "ipv6_netmask_length": null, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": false, + "outpost_arn": "", + "owner_id": "714144183158", + "private_dns_hostname_type_on_launch": "ip-name", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-database-2", + "Tier": "database" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-database-2", + "Tier": "database" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "subnet-0a1fa5202d4811c8f", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_subnet", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:subnet/subnet-04006254d9d3fa803", + "assign_ipv6_address_on_creation": false, + "availability_zone": "ca-central-1a", + "availability_zone_id": "cac1-az1", + "cidr_block": "10.42.0.0/24", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-04006254d9d3fa803", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_ipam_pool_id": null, + "ipv6_native": false, + "ipv6_netmask_length": null, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": true, + "outpost_arn": "", + "owner_id": "714144183158", + "private_dns_hostname_type_on_launch": "ip-name", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-1", + "Tier": "public" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-1", + "Tier": "public" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "subnet-04006254d9d3fa803", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + }, + { + "index_key": 1, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:subnet/subnet-0b277577fe96b00e6", + "assign_ipv6_address_on_creation": false, + "availability_zone": "ca-central-1b", + "availability_zone_id": "cac1-az2", + "cidr_block": "10.42.1.0/24", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-0b277577fe96b00e6", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_ipam_pool_id": null, + "ipv6_native": false, + "ipv6_netmask_length": null, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": true, + "outpost_arn": "", + "owner_id": "714144183158", + "private_dns_hostname_type_on_launch": "ip-name", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-2", + "Tier": "public" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-2", + "Tier": "public" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "subnet-0b277577fe96b00e6", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_vpc", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:vpc/vpc-046682b947963b214", + "assign_generated_ipv6_cidr_block": false, + "cidr_block": "10.42.0.0/16", + "default_network_acl_id": "acl-01fdc2eb9c87245b0", + "default_route_table_id": "rtb-039dbd5008d377929", + "default_security_group_id": "sg-0e665d0bd14b38dda", + "dhcp_options_id": "dopt-8c1d42e4", + "enable_dns_hostnames": true, + "enable_dns_support": true, + "enable_network_address_usage_metrics": false, + "id": "vpc-046682b947963b214", + "instance_tenancy": "default", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_association_id": "", + "ipv6_cidr_block": "", + "ipv6_cidr_block_network_border_group": "", + "ipv6_ipam_pool_id": "", + "ipv6_netmask_length": 0, + "main_route_table_id": "rtb-039dbd5008d377929", + "owner_id": "714144183158", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-vpc" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-vpc" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "vpc-046682b947963b214", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "mode": "managed", + "type": "aws_wafv2_web_acl", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "application_integration_url": "", + "arn": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb", + "association_config": [], + "capacity": 702, + "captcha_config": [], + "challenge_config": [], + "custom_response_body": [], + "data_protection_config": [], + "default_action": [ + { + "allow": [ + { + "custom_request_handling": [] + } + ], + "block": [] + } + ], + "description": "WAF protection for Documenso", + "id": "04577153-2a1a-462c-94b8-b0a1804755bb", + "lock_token": "a64452be-7ff7-4236-b192-0d8941153888", + "name": "documenso-web-acl", + "name_prefix": "", + "region": "ca-central-1", + "rule": [ + { + "action": [ + { + "allow": [], + "block": [ + { + "custom_response": [] + } + ], + "captcha": [], + "challenge": [], + "count": [] + } + ], + "captcha_config": [], + "challenge_config": [], + "name": "RateLimitPerIp", + "override_action": [], + "priority": 2, + "rule_label": [], + "statement": [ + { + "and_statement": [], + "asn_match_statement": [], + "byte_match_statement": [], + "geo_match_statement": [], + "ip_set_reference_statement": [], + "label_match_statement": [], + "managed_rule_group_statement": [], + "not_statement": [], + "or_statement": [], + "rate_based_statement": [ + { + "aggregate_key_type": "IP", + "custom_key": [], + "evaluation_window_sec": 300, + "forwarded_ip_config": [], + "limit": 2000, + "scope_down_statement": [] + } + ], + "regex_match_statement": [], + "regex_pattern_set_reference_statement": [], + "rule_group_reference_statement": [], + "size_constraint_statement": [], + "sqli_match_statement": [], + "xss_match_statement": [] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": true, + "metric_name": "RateLimitPerIp", + "sampled_requests_enabled": true + } + ] + }, + { + "action": [], + "captcha_config": [], + "challenge_config": [], + "name": "AWSManagedRulesCommonRuleSet", + "override_action": [ + { + "count": [], + "none": [ + {} + ] + } + ], + "priority": 1, + "rule_label": [], + "statement": [ + { + "and_statement": [], + "asn_match_statement": [], + "byte_match_statement": [], + "geo_match_statement": [], + "ip_set_reference_statement": [], + "label_match_statement": [], + "managed_rule_group_statement": [ + { + "managed_rule_group_configs": [], + "name": "AWSManagedRulesCommonRuleSet", + "rule_action_override": [], + "scope_down_statement": [], + "vendor_name": "AWS", + "version": "" + } + ], + "not_statement": [], + "or_statement": [], + "rate_based_statement": [], + "regex_match_statement": [], + "regex_pattern_set_reference_statement": [], + "rule_group_reference_statement": [], + "size_constraint_statement": [], + "sqli_match_statement": [], + "xss_match_statement": [] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": true, + "metric_name": "CommonRuleSet", + "sampled_requests_enabled": true + } + ] + } + ], + "rule_json": null, + "scope": "REGIONAL", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "token_domains": [], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": true, + "metric_name": "documenso-web-acl", + "sampled_requests_enabled": true + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_wafv2_web_acl_association", + "name": "alb", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb,arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "region": "ca-central-1", + "resource_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "timeouts": null, + "web_acl_arn": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "aws_lb.this", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "aws_wafv2_web_acl.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "random_id", + "name": "final_snapshot", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "b64_std": "A0Q0YQ==", + "b64_url": "A0Q0YQ", + "byte_length": 4, + "dec": "54801505", + "hex": "03443461", + "id": "A0Q0YQ", + "keepers": null, + "prefix": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "random_password", + "name": "db_password", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 3, + "attributes": { + "bcrypt_hash": "$2a$10$q4jZNUIWGkTcMuFnctU8AOm34OMAnP6rbd7G.j6PIQxN1XGaUAfDW", + "id": "none", + "keepers": null, + "length": 32, + "lower": true, + "min_lower": 0, + "min_numeric": 0, + "min_special": 0, + "min_upper": 0, + "number": true, + "numeric": true, + "override_special": null, + "result": "HsKgbmS6RxH1wAUN3eHvkAfx3iGi35JK", + "special": false, + "upper": true + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "bcrypt_hash" + } + ], + [ + { + "type": "get_attr", + "value": "result" + } + ] + ], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "random_password", + "name": "encryption_key_primary", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 3, + "attributes": { + "bcrypt_hash": "$2a$10$jNh6QDlzP3QL1AzptRt/u.V3Cpgh1gJy3asINjfJLLhQSNvs/40zW", + "id": "none", + "keepers": null, + "length": 64, + "lower": true, + "min_lower": 0, + "min_numeric": 0, + "min_special": 0, + "min_upper": 0, + "number": true, + "numeric": true, + "override_special": null, + "result": "tCRYLQ9BKjW00d5GSl8pl2whKY6ab4Gf0wa3DaaLbDJ2ihN7WwWOlflxa3NUlnPc", + "special": false, + "upper": true + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "bcrypt_hash" + } + ], + [ + { + "type": "get_attr", + "value": "result" + } + ] + ], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "random_password", + "name": "encryption_key_secondary", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 3, + "attributes": { + "bcrypt_hash": "$2a$10$EZrnEcRpYmVE/i5GXrLXQ.eu8QFABv9q1URqR5QBKbmSStQDWMJEC", + "id": "none", + "keepers": null, + "length": 64, + "lower": true, + "min_lower": 0, + "min_numeric": 0, + "min_special": 0, + "min_upper": 0, + "number": true, + "numeric": true, + "override_special": null, + "result": "HoMkHNTYHWOleVAkZJljkY6fHaCWY3bSROQOiK1lKGccMi2PbqBP0AvqfvlKGSoO", + "special": false, + "upper": true + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "bcrypt_hash" + } + ], + [ + { + "type": "get_attr", + "value": "result" + } + ] + ], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "random_password", + "name": "nextauth_secret", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 3, + "attributes": { + "bcrypt_hash": "$2a$10$LHMWRtxRVVpjjejHX3EXAeIIrb8ug7FRUzOpzgyrruEXvldEj0OuC", + "id": "none", + "keepers": null, + "length": 64, + "lower": true, + "min_lower": 0, + "min_numeric": 0, + "min_special": 0, + "min_upper": 0, + "number": true, + "numeric": true, + "override_special": null, + "result": "NFPjonJogt95fVLJCtzCDfwdJng5Ece07rgOjBrVF56a8wlPrbtaiIYjKDttcjbo", + "special": false, + "upper": true + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "bcrypt_hash" + } + ], + [ + { + "type": "get_attr", + "value": "result" + } + ] + ], + "identity_schema_version": 0 + } + ] + } + ], + "check_results": null +} diff --git a/documenso/terraform/terraform.tfstate.backup b/documenso/terraform/terraform.tfstate.backup new file mode 100644 index 000000000..1cb090236 --- /dev/null +++ b/documenso/terraform/terraform.tfstate.backup @@ -0,0 +1,3056 @@ +{ + "version": 4, + "terraform_version": "1.14.3", + "serial": 53, + "lineage": "2b49a6da-17c7-01da-d62f-9a13def4b683", + "outputs": { + "application_url": { + "value": "https://sign.imex.online", + "type": "string" + }, + "database_endpoint": { + "value": "documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com", + "type": "string" + }, + "ecs_cluster_name": { + "value": "documenso-cluster", + "type": "string" + }, + "load_balancer_dns_name": { + "value": "documenso-alb-721433879.ca-central-1.elb.amazonaws.com", + "type": "string" + }, + "postgres_engine_version": { + "value": "17.9", + "type": "string" + }, + "secrets_manager_secret_name": { + "value": "documenso/app", + "type": "string" + }, + "ses_identity_domain": { + "value": "imex.online", + "type": "string" + }, + "upload_bucket_name": { + "value": "documenso-714144183158-ca-central-1", + "type": "string" + }, + "waf_web_acl_arn": { + "value": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb", + "type": "string" + } + }, + "resources": [ + { + "mode": "data", + "type": "aws_availability_zones", + "name": "available", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "all_availability_zones": null, + "exclude_names": null, + "exclude_zone_ids": null, + "filter": null, + "group_names": [ + "ca-central-1-zg-1" + ], + "id": "ca-central-1", + "names": [ + "ca-central-1a", + "ca-central-1b", + "ca-central-1d" + ], + "region": "ca-central-1", + "state": "available", + "timeouts": null, + "zone_ids": [ + "cac1-az1", + "cac1-az2", + "cac1-az4" + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "data", + "type": "aws_caller_identity", + "name": "current", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "account_id": "714144183158", + "arn": "arn:aws:iam::714144183158:user/bodyshopadmin", + "id": "714144183158", + "user_id": "AIDA2MRSPON3GJJA6TDBY" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "data", + "type": "aws_rds_engine_version", + "name": "postgres", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "default_character_set": null, + "default_only": null, + "engine": "postgres", + "engine_description": "PostgreSQL", + "exportable_log_types": [ + "iam-db-auth-error", + "postgresql", + "upgrade" + ], + "filter": null, + "has_major_target": null, + "has_minor_target": null, + "id": "17.9", + "include_all": null, + "latest": true, + "parameter_group_family": "postgres17", + "preferred_major_targets": null, + "preferred_upgrade_targets": null, + "preferred_versions": null, + "region": "ca-central-1", + "status": "available", + "supported_character_sets": [], + "supported_feature_names": [ + "Lambda", + "s3Export", + "s3Import" + ], + "supported_modes": [], + "supported_timezones": [], + "supports_certificate_rotation_without_restart": true, + "supports_global_databases": false, + "supports_integrations": true, + "supports_limitless_database": false, + "supports_local_write_forwarding": false, + "supports_log_exports_to_cloudwatch": true, + "supports_parallel_query": false, + "supports_read_replica": true, + "valid_major_targets": [ + "18.3" + ], + "valid_minor_targets": [], + "valid_upgrade_targets": [ + "18.3" + ], + "version": "17.9", + "version_actual": "17.9", + "version_description": "PostgreSQL 17.9-R1" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "data", + "type": "aws_route53_zone", + "name": "primary", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:route53:::hostedzone/Z007258313LRUYU3SXR5B", + "caller_reference": "9f784ca0-66ac-4f1d-8aed-c565ebab5341", + "comment": "", + "enable_accelerated_recovery": false, + "id": "Z007258313LRUYU3SXR5B", + "linked_service_description": null, + "linked_service_principal": null, + "name": "imex.online", + "name_servers": [ + "ns-351.awsdns-43.com", + "ns-1072.awsdns-06.org", + "ns-1574.awsdns-04.co.uk", + "ns-706.awsdns-24.net" + ], + "primary_name_server": "ns-351.awsdns-43.com", + "private_zone": false, + "resource_record_set_count": 107, + "tags": {}, + "vpc_id": null, + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "aws_acm_certificate", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", + "certificate_authority_arn": "", + "certificate_body": null, + "certificate_chain": null, + "domain_name": "sign.imex.online", + "domain_validation_options": [ + { + "domain_name": "sign.imex.online", + "resource_record_name": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online.", + "resource_record_type": "CNAME", + "resource_record_value": "_d8f7941e0a67abd2aae538ed57e88c25.jkddzztszm.acm-validations.aws." + } + ], + "early_renewal_duration": "", + "id": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", + "key_algorithm": "RSA_2048", + "not_after": "", + "not_before": "", + "options": [ + { + "certificate_transparency_logging_preference": "ENABLED", + "export": "DISABLED" + } + ], + "pending_renewal": false, + "private_key": null, + "region": "ca-central-1", + "renewal_eligibility": "INELIGIBLE", + "renewal_summary": [], + "status": "PENDING_VALIDATION", + "subject_alternative_names": [ + "sign.imex.online" + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "type": "AMAZON_ISSUED", + "validation_emails": [], + "validation_method": "DNS", + "validation_option": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "private_key" + } + ] + ], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721" + }, + "private": "bnVsbA==", + "create_before_destroy": true + } + ] + }, + { + "mode": "managed", + "type": "aws_acm_certificate_validation", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "certificate_arn": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", + "id": "2026-03-26 21:14:36.578 +0000 UTC", + "region": "ca-central-1", + "timeouts": null, + "validation_record_fqdns": [ + "_5b128616232fd8125b68b556a7b6474d.sign.imex.online" + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo0NTAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_acm_certificate.this", + "aws_route53_record.certificate_validation", + "data.aws_route53_zone.primary" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_log_group", + "name": "documenso", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:logs:ca-central-1:714144183158:log-group:/ecs/documenso", + "deletion_protection_enabled": false, + "id": "/ecs/documenso", + "kms_key_id": "", + "log_group_class": "STANDARD", + "name": "/ecs/documenso", + "name_prefix": "", + "region": "ca-central-1", + "retention_in_days": 30, + "skip_destroy": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "/ecs/documenso", + "region": "ca-central-1" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "alb_5xx", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": null, + "alarm_description": "ALB is returning elevated 5xx responses", + "alarm_name": "documenso-alb-5xx", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-alb-5xx", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "LoadBalancer": "app/documenso-alb/289976c309c39e2b" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 1, + "extended_statistic": "", + "id": "documenso-alb-5xx", + "insufficient_data_actions": null, + "metric_name": "HTTPCode_ELB_5XX_Count", + "metric_query": [], + "namespace": "AWS/ApplicationELB", + "ok_actions": null, + "period": 300, + "region": "ca-central-1", + "statistic": "Sum", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 10, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-alb-5xx", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_lb.this", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "alb_unhealthy_hosts", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": null, + "alarm_description": "ALB target group has unhealthy hosts", + "alarm_name": "documenso-alb-unhealthy-hosts", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-alb-unhealthy-hosts", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "LoadBalancer": "app/documenso-alb/289976c309c39e2b", + "TargetGroup": "targetgroup/documenso-tg/724855a5d3422351" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 2, + "extended_statistic": "", + "id": "documenso-alb-unhealthy-hosts", + "insufficient_data_actions": null, + "metric_name": "UnHealthyHostCount", + "metric_query": [], + "namespace": "AWS/ApplicationELB", + "ok_actions": null, + "period": 60, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 1, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-alb-unhealthy-hosts", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_lb.this", + "aws_lb_target_group.documenso", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "rds_cpu_high", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": null, + "alarm_description": "RDS CPU utilization is high", + "alarm_name": "documenso-rds-cpu-high", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-rds-cpu-high", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "DBInstanceIdentifier": "db-BXDXJDXRQIOXDMRTBG43ONWO7E" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 2, + "extended_statistic": "", + "id": "documenso-rds-cpu-high", + "insufficient_data_actions": null, + "metric_name": "CPUUtilization", + "metric_query": [], + "namespace": "AWS/RDS", + "ok_actions": null, + "period": 300, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 80, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-rds-cpu-high", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "rds_free_storage_low", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": null, + "alarm_description": "RDS free storage is running low", + "alarm_name": "documenso-rds-free-storage-low", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-rds-free-storage-low", + "comparison_operator": "LessThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "DBInstanceIdentifier": "db-BXDXJDXRQIOXDMRTBG43ONWO7E" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 1, + "extended_statistic": "", + "id": "documenso-rds-free-storage-low", + "insufficient_data_actions": null, + "metric_name": "FreeStorageSpace", + "metric_query": [], + "namespace": "AWS/RDS", + "ok_actions": null, + "period": 300, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 5368709120, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-rds-free-storage-low", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_db_instance", + "name": "postgres", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "address": "documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com", + "allocated_storage": 20, + "allow_major_version_upgrade": null, + "apply_immediately": false, + "arn": "arn:aws:rds:ca-central-1:714144183158:db:documenso-postgres", + "auto_minor_version_upgrade": true, + "availability_zone": "ca-central-1b", + "backup_retention_period": 7, + "backup_target": "region", + "backup_window": "07:41-08:11", + "blue_green_update": [], + "ca_cert_identifier": "rds-ca-rsa2048-g1", + "character_set_name": "", + "copy_tags_to_snapshot": false, + "custom_iam_instance_profile": "", + "customer_owned_ip_enabled": false, + "database_insights_mode": "standard", + "db_name": "documenso", + "db_subnet_group_name": "documenso-db-subnets", + "dedicated_log_volume": false, + "delete_automated_backups": true, + "deletion_protection": true, + "domain": "", + "domain_auth_secret_arn": "", + "domain_dns_ips": null, + "domain_fqdn": "", + "domain_iam_role_name": "", + "domain_ou": "", + "enabled_cloudwatch_logs_exports": [ + "postgresql", + "upgrade" + ], + "endpoint": "documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com:5432", + "engine": "postgres", + "engine_lifecycle_support": "open-source-rds-extended-support", + "engine_version": "17.9", + "engine_version_actual": "17.9", + "final_snapshot_identifier": "documenso-final-03443461", + "hosted_zone_id": "Z1JG78A3UK1DU3", + "iam_database_authentication_enabled": false, + "id": "db-BXDXJDXRQIOXDMRTBG43ONWO7E", + "identifier": "documenso-postgres", + "identifier_prefix": "", + "instance_class": "db.t4g.micro", + "iops": 3000, + "kms_key_id": "arn:aws:kms:ca-central-1:714144183158:key/1237b672-91b3-4d23-958d-1877c5d22eb9", + "latest_restorable_time": "2026-03-26T21:28:38Z", + "license_model": "postgresql-license", + "listener_endpoint": [], + "maintenance_window": "tue:03:10-tue:03:40", + "manage_master_user_password": null, + "master_user_secret": [], + "master_user_secret_kms_key_id": null, + "max_allocated_storage": 100, + "monitoring_interval": 0, + "monitoring_role_arn": "", + "multi_az": true, + "nchar_character_set_name": "", + "network_type": "IPV4", + "option_group_name": "default:postgres-17", + "parameter_group_name": "documenso-postgres17", + "password": "HsKgbmS6RxH1wAUN3eHvkAfx3iGi35JK", + "password_wo": null, + "password_wo_version": null, + "performance_insights_enabled": false, + "performance_insights_kms_key_id": "", + "performance_insights_retention_period": 0, + "port": 5432, + "publicly_accessible": true, + "region": "ca-central-1", + "replica_mode": "", + "replicas": [], + "replicate_source_db": "", + "resource_id": "db-BXDXJDXRQIOXDMRTBG43ONWO7E", + "restore_to_point_in_time": [], + "s3_import": [], + "skip_final_snapshot": false, + "snapshot_identifier": null, + "status": "available", + "storage_encrypted": true, + "storage_throughput": 125, + "storage_type": "gp3", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-postgres" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-postgres" + }, + "timeouts": null, + "timezone": "", + "upgrade_rollout_order": "second", + "upgrade_storage_config": null, + "username": "documenso", + "vpc_security_group_ids": [ + "sg-053e8205d804b49b7" + ] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "password" + } + ], + [ + { + "type": "get_attr", + "value": "password_wo" + } + ] + ], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInVwZGF0ZSI6NDgwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9", + "dependencies": [ + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_db_parameter_group", + "name": "postgres", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:rds:ca-central-1:714144183158:pg:documenso-postgres17", + "description": "Managed by Terraform", + "family": "postgres17", + "id": "documenso-postgres17", + "name": "documenso-postgres17", + "name_prefix": "", + "parameter": [], + "region": "ca-central-1", + "skip_destroy": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_db_subnet_group", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:rds:ca-central-1:714144183158:subgrp:documenso-db-subnets", + "description": "Managed by Terraform", + "id": "documenso-db-subnets", + "name": "documenso-db-subnets", + "name_prefix": "", + "region": "ca-central-1", + "subnet_ids": [ + "subnet-0a1fa5202d4811c8f", + "subnet-0a709511dea335bea" + ], + "supported_network_types": [ + "IPV4" + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-db-subnets" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-db-subnets" + }, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_ecs_cluster", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ecs:ca-central-1:714144183158:cluster/documenso-cluster", + "configuration": [], + "id": "arn:aws:ecs:ca-central-1:714144183158:cluster/documenso-cluster", + "name": "documenso-cluster", + "region": "ca-central-1", + "service_connect_defaults": [], + "setting": [ + { + "name": "containerInsights", + "value": "enabled" + } + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_access_key", + "name": "documenso_upload", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "create_date": "2026-03-26T21:14:20Z", + "encrypted_secret": null, + "encrypted_ses_smtp_password_v4": null, + "id": "AKIA2MRSPON3LYGF2HPA", + "key_fingerprint": null, + "pgp_key": null, + "secret": "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", + "ses_smtp_password_v4": "BI8jLRbCSxWYeRVoTx1t4FLy05wzt0Xr6emcTpwYHS+j", + "status": "Active", + "user": "documenso-upload" + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "secret" + } + ], + [ + { + "type": "get_attr", + "value": "ses_smtp_password_v4" + } + ] + ], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.documenso_upload" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role", + "name": "ecs_task", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::714144183158:role/documenso-ecs-task", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs-tasks.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2026-03-26T21:14:19Z", + "description": "", + "force_detach_policies": false, + "id": "documenso-ecs-task", + "inline_policy": [], + "managed_policy_arns": [], + "max_session_duration": 3600, + "name": "documenso-ecs-task", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "unique_id": "AROA2MRSPON3JUGXFWCYM" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "documenso-ecs-task" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role", + "name": "ecs_task_execution", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::714144183158:role/documenso-ecs-execution", + "assume_role_policy": "{\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"ecs-tasks.amazonaws.com\"}}],\"Version\":\"2012-10-17\"}", + "create_date": "2026-03-26T21:14:19Z", + "description": "", + "force_detach_policies": false, + "id": "documenso-ecs-execution", + "inline_policy": [], + "managed_policy_arns": [], + "max_session_duration": 3600, + "name": "documenso-ecs-execution", + "name_prefix": "", + "path": "/", + "permissions_boundary": "", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "unique_id": "AROA2MRSPON3BKNHS4CHQ" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "documenso-ecs-execution" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_role_policy_attachment", + "name": "ecs_task_execution", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "documenso-ecs-execution/arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", + "policy_arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", + "role": "documenso-ecs-execution" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "policy_arn": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy", + "role": "documenso-ecs-execution" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_role.ecs_task_execution" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user", + "name": "documenso_upload", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:iam::714144183158:user/documenso-upload", + "force_destroy": false, + "id": "documenso-upload", + "name": "documenso-upload", + "path": "/", + "permissions_boundary": "", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "unique_id": "AIDA2MRSPON3BTFBZBG6X" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "documenso-upload" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_iam_user_policy", + "name": "documenso_upload", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "documenso-upload:documenso-upload-s3", + "name": "documenso-upload-s3", + "name_prefix": "", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"s3:ListBucket\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::documenso-714144183158-ca-central-1\"},{\"Action\":[\"s3:GetObject\",\"s3:PutObject\",\"s3:DeleteObject\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:s3:::documenso-714144183158-ca-central-1/*\"}]}", + "user": "documenso-upload" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_user.documenso_upload", + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_internet_gateway", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:internet-gateway/igw-0123d0d2ca1a63a9b", + "id": "igw-0123d0d2ca1a63a9b", + "owner_id": "714144183158", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-igw" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-igw" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lb", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "access_logs": [ + { + "bucket": "", + "enabled": false, + "prefix": "" + } + ], + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "arn_suffix": "app/documenso-alb/289976c309c39e2b", + "client_keep_alive": 3600, + "connection_logs": [ + { + "bucket": "", + "enabled": false, + "prefix": "" + } + ], + "customer_owned_ipv4_pool": "", + "desync_mitigation_mode": "defensive", + "dns_name": "documenso-alb-721433879.ca-central-1.elb.amazonaws.com", + "dns_record_client_routing_policy": null, + "drop_invalid_header_fields": false, + "enable_cross_zone_load_balancing": true, + "enable_deletion_protection": false, + "enable_http2": true, + "enable_tls_version_and_cipher_suite_headers": false, + "enable_waf_fail_open": false, + "enable_xff_client_port": false, + "enable_zonal_shift": false, + "enforce_security_group_inbound_rules_on_private_link_traffic": "", + "health_check_logs": [ + { + "bucket": "", + "enabled": false, + "prefix": "" + } + ], + "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "idle_timeout": 60, + "internal": false, + "ip_address_type": "ipv4", + "ipam_pools": [], + "load_balancer_type": "application", + "minimum_load_balancer_capacity": [], + "name": "documenso-alb", + "name_prefix": "", + "preserve_host_header": false, + "region": "ca-central-1", + "secondary_ips_auto_assigned_per_subnet": null, + "security_groups": [ + "sg-00a952a8cf25520c4" + ], + "subnet_mapping": [ + { + "allocation_id": "", + "ipv6_address": "", + "outpost_id": "", + "private_ipv4_address": "", + "subnet_id": "subnet-04006254d9d3fa803" + }, + { + "allocation_id": "", + "ipv6_address": "", + "outpost_id": "", + "private_ipv4_address": "", + "subnet_id": "subnet-0b277577fe96b00e6" + } + ], + "subnets": [ + "subnet-04006254d9d3fa803", + "subnet-0b277577fe96b00e6" + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-alb" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-alb" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214", + "xff_header_processing_mode": "append", + "zone_id": "ZQSVJUPU6J1EY" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6NjAwMDAwMDAwMDAwLCJ1cGRhdGUiOjYwMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lb_listener", + "name": "http", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "alpn_policy": null, + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/2b72bd482f5d0db7", + "certificate_arn": null, + "default_action": [ + { + "authenticate_cognito": [], + "authenticate_oidc": [], + "fixed_response": [], + "forward": [], + "jwt_validation": [], + "order": 1, + "redirect": [ + { + "host": "#{host}", + "path": "/#{path}", + "port": "443", + "protocol": "HTTPS", + "query": "#{query}", + "status_code": "HTTP_301" + } + ], + "target_group_arn": "", + "type": "redirect" + } + ], + "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/2b72bd482f5d0db7", + "load_balancer_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "mutual_authentication": [], + "port": 80, + "protocol": "HTTP", + "region": "ca-central-1", + "routing_http_request_x_amzn_mtls_clientcert_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_issuer_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_leaf_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_subject_header_name": null, + "routing_http_request_x_amzn_mtls_clientcert_validity_header_name": null, + "routing_http_request_x_amzn_tls_cipher_suite_header_name": null, + "routing_http_request_x_amzn_tls_version_header_name": null, + "routing_http_response_access_control_allow_credentials_header_value": "", + "routing_http_response_access_control_allow_headers_header_value": "", + "routing_http_response_access_control_allow_methods_header_value": "", + "routing_http_response_access_control_allow_origin_header_value": "", + "routing_http_response_access_control_expose_headers_header_value": "", + "routing_http_response_access_control_max_age_header_value": "", + "routing_http_response_content_security_policy_header_value": "", + "routing_http_response_server_enabled": true, + "routing_http_response_strict_transport_security_header_value": "", + "routing_http_response_x_content_type_options_header_value": "", + "routing_http_response_x_frame_options_header_value": "", + "ssl_policy": "", + "tags": null, + "tags_all": {}, + "tcp_idle_timeout_seconds": null, + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/2b72bd482f5d0db7" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_lb.this", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lb_listener", + "name": "https", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "alpn_policy": null, + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/211e046be43b3a2a", + "certificate_arn": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", + "default_action": [ + { + "authenticate_cognito": [], + "authenticate_oidc": [], + "fixed_response": [], + "forward": [], + "jwt_validation": [], + "order": 1, + "redirect": [], + "target_group_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351", + "type": "forward" + } + ], + "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/211e046be43b3a2a", + "load_balancer_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "mutual_authentication": [ + { + "advertise_trust_store_ca_names": "", + "ignore_client_certificate_expiry": false, + "mode": "off", + "trust_store_arn": "" + } + ], + "port": 443, + "protocol": "HTTPS", + "region": "ca-central-1", + "routing_http_request_x_amzn_mtls_clientcert_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_issuer_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_leaf_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_subject_header_name": "", + "routing_http_request_x_amzn_mtls_clientcert_validity_header_name": "", + "routing_http_request_x_amzn_tls_cipher_suite_header_name": "", + "routing_http_request_x_amzn_tls_version_header_name": "", + "routing_http_response_access_control_allow_credentials_header_value": "", + "routing_http_response_access_control_allow_headers_header_value": "", + "routing_http_response_access_control_allow_methods_header_value": "", + "routing_http_response_access_control_allow_origin_header_value": "", + "routing_http_response_access_control_expose_headers_header_value": "", + "routing_http_response_access_control_max_age_header_value": "", + "routing_http_response_content_security_policy_header_value": "", + "routing_http_response_server_enabled": true, + "routing_http_response_strict_transport_security_header_value": "", + "routing_http_response_x_content_type_options_header_value": "", + "routing_http_response_x_frame_options_header_value": "", + "ssl_policy": "ELBSecurityPolicy-TLS13-1-2-2021-06", + "tags": null, + "tags_all": {}, + "tcp_idle_timeout_seconds": null, + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:listener/app/documenso-alb/289976c309c39e2b/211e046be43b3a2a" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsInVwZGF0ZSI6MzAwMDAwMDAwMDAwfX0=", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_lb.this", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_route53_zone.primary" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_lb_target_group", + "name": "documenso", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351", + "arn_suffix": "targetgroup/documenso-tg/724855a5d3422351", + "connection_termination": null, + "deregistration_delay": "300", + "health_check": [ + { + "enabled": true, + "healthy_threshold": 2, + "interval": 30, + "matcher": "200-399", + "path": "/", + "port": "traffic-port", + "protocol": "HTTP", + "timeout": 5, + "unhealthy_threshold": 3 + } + ], + "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351", + "ip_address_type": "ipv4", + "lambda_multi_value_headers_enabled": false, + "load_balancer_arns": [], + "load_balancing_algorithm_type": "round_robin", + "load_balancing_anomaly_mitigation": "off", + "load_balancing_cross_zone_enabled": "use_load_balancer_configuration", + "name": "documenso-tg", + "name_prefix": "", + "port": 3000, + "preserve_client_ip": null, + "protocol": "HTTP", + "protocol_version": "HTTP1", + "proxy_protocol_v2": false, + "region": "ca-central-1", + "slow_start": 0, + "stickiness": [ + { + "cookie_duration": 86400, + "cookie_name": "", + "enabled": false, + "type": "lb_cookie" + } + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "target_control_port": 0, + "target_failover": [ + { + "on_deregistration": null, + "on_unhealthy": null + } + ], + "target_group_health": [ + { + "dns_failover": [ + { + "minimum_healthy_targets_count": "1", + "minimum_healthy_targets_percentage": "off" + } + ], + "unhealthy_state_routing": [ + { + "minimum_healthy_targets_count": 1, + "minimum_healthy_targets_percentage": "off" + } + ] + } + ], + "target_health_state": [ + { + "enable_unhealthy_connection_termination": null, + "unhealthy_draining_interval": null + } + ], + "target_type": "ip", + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "app", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 2, + "attributes": { + "alias": [ + { + "evaluate_target_health": true, + "name": "documenso-alb-721433879.ca-central-1.elb.amazonaws.com", + "zone_id": "ZQSVJUPU6J1EY" + } + ], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "sign.imex.online", + "geolocation_routing_policy": [], + "geoproximity_routing_policy": [], + "health_check_id": "", + "id": "Z007258313LRUYU3SXR5B_sign.imex.online_A", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "sign.imex.online", + "records": null, + "set_identifier": "", + "timeouts": null, + "ttl": 0, + "type": "A", + "weighted_routing_policy": [], + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "sign.imex.online", + "set_identifier": null, + "type": "A", + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9", + "dependencies": [ + "aws_lb.this", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_route53_zone.primary" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "certificate_validation", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": "sign.imex.online", + "schema_version": 2, + "attributes": { + "alias": [], + "allow_overwrite": null, + "cidr_routing_policy": [], + "failover_routing_policy": [], + "fqdn": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online", + "geolocation_routing_policy": [], + "geoproximity_routing_policy": [], + "health_check_id": "", + "id": "Z007258313LRUYU3SXR5B__5b128616232fd8125b68b556a7b6474d.sign.imex.online._CNAME", + "latency_routing_policy": [], + "multivalue_answer_routing_policy": false, + "name": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online", + "records": [ + "_d8f7941e0a67abd2aae538ed57e88c25.jkddzztszm.acm-validations.aws." + ], + "set_identifier": "", + "timeouts": null, + "ttl": 60, + "type": "CNAME", + "weighted_routing_policy": [], + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online.", + "set_identifier": null, + "type": "CNAME", + "zone_id": "Z007258313LRUYU3SXR5B" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjE4MDAwMDAwMDAwMDAsInVwZGF0ZSI6MTgwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMiJ9", + "dependencies": [ + "aws_acm_certificate.this", + "data.aws_route53_zone.primary" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "ses_dkim", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [] + }, + { + "mode": "managed", + "type": "aws_route53_record", + "name": "ses_verification", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [] + }, + { + "mode": "managed", + "type": "aws_route_table", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:route-table/rtb-01deccdccbb35250a", + "id": "rtb-01deccdccbb35250a", + "owner_id": "714144183158", + "propagating_vgws": [], + "region": "ca-central-1", + "route": [ + { + "carrier_gateway_id": "", + "cidr_block": "0.0.0.0/0", + "core_network_arn": "", + "destination_prefix_list_id": "", + "egress_only_gateway_id": "", + "gateway_id": "igw-0123d0d2ca1a63a9b", + "ipv6_cidr_block": "", + "local_gateway_id": "", + "nat_gateway_id": "", + "network_interface_id": "", + "transit_gateway_id": "", + "vpc_endpoint_id": "", + "vpc_peering_connection_id": "" + } + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-rt" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-rt" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "rtb-01deccdccbb35250a", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route_table_association", + "name": "database_public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-0aec3c8f8b2ff0f23", + "region": "ca-central-1", + "route_table_id": "rtb-01deccdccbb35250a", + "subnet_id": "subnet-0a709511dea335bea", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-0e1023d57b1801027", + "region": "ca-central-1", + "route_table_id": "rtb-01deccdccbb35250a", + "subnet_id": "subnet-0a1fa5202d4811c8f", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_route_table_association", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-006c0be858294edad", + "region": "ca-central-1", + "route_table_id": "rtb-01deccdccbb35250a", + "subnet_id": "subnet-04006254d9d3fa803", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + }, + { + "index_key": 1, + "schema_version": 0, + "attributes": { + "gateway_id": "", + "id": "rtbassoc-06ae3dc9412a4ffb8", + "region": "ca-central-1", + "route_table_id": "rtb-01deccdccbb35250a", + "subnet_id": "subnet-0b277577fe96b00e6", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjozMDAwMDAwMDAwMDAsImRlbGV0ZSI6MzAwMDAwMDAwMDAwLCJ1cGRhdGUiOjEyMDAwMDAwMDAwMH19", + "dependencies": [ + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "acceleration_status": "", + "acl": null, + "arn": "arn:aws:s3:::documenso-714144183158-ca-central-1", + "bucket": "documenso-714144183158-ca-central-1", + "bucket_domain_name": "documenso-714144183158-ca-central-1.s3.amazonaws.com", + "bucket_namespace": "global", + "bucket_prefix": "", + "bucket_region": "ca-central-1", + "bucket_regional_domain_name": "documenso-714144183158-ca-central-1.s3.ca-central-1.amazonaws.com", + "cors_rule": [], + "force_destroy": false, + "grant": [ + { + "id": "5956258d961da0cb485b52cba53a4c1912cfb01ca80343d2705d68148d8aef9f", + "permissions": [ + "FULL_CONTROL" + ], + "type": "CanonicalUser", + "uri": "" + } + ], + "hosted_zone_id": "Z1QDHH18159H29", + "id": "documenso-714144183158-ca-central-1", + "lifecycle_rule": [], + "logging": [], + "object_lock_configuration": [], + "object_lock_enabled": false, + "policy": "", + "region": "ca-central-1", + "replication_configuration": [], + "request_payer": "BucketOwner", + "server_side_encryption_configuration": [ + { + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "bucket_key_enabled": false + } + ] + } + ], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-uploads" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-uploads" + }, + "timeouts": null, + "versioning": [ + { + "enabled": false, + "mfa_delete": false + } + ], + "website": [], + "website_domain": null, + "website_endpoint": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_cors_configuration", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "cors_rule": [ + { + "allowed_headers": [ + "*" + ], + "allowed_methods": [ + "GET", + "POST", + "PUT" + ], + "allowed_origins": [ + "https://sign.imex.online" + ], + "expose_headers": [ + "ETag" + ], + "id": "", + "max_age_seconds": 3000 + } + ], + "expected_bucket_owner": "", + "id": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_lifecycle_configuration", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "expected_bucket_owner": "", + "id": "documenso-714144183158-ca-central-1", + "region": "ca-central-1", + "rule": [ + { + "abort_incomplete_multipart_upload": [ + { + "days_after_initiation": 7 + } + ], + "expiration": [], + "filter": [], + "id": "abort-incomplete-multipart-uploads", + "noncurrent_version_expiration": [], + "noncurrent_version_transition": [], + "prefix": "", + "status": "Enabled", + "transition": [] + } + ], + "timeouts": null, + "transition_default_minimum_object_size": "all_storage_classes_128K" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_ownership_controls", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "id": "documenso-714144183158-ca-central-1", + "region": "ca-central-1", + "rule": [ + { + "object_ownership": "BucketOwnerEnforced" + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_public_access_block", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "block_public_acls": true, + "block_public_policy": true, + "bucket": "documenso-714144183158-ca-central-1", + "id": "documenso-714144183158-ca-central-1", + "ignore_public_acls": true, + "region": "ca-central-1", + "restrict_public_buckets": true, + "skip_destroy": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_server_side_encryption_configuration", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "expected_bucket_owner": "", + "id": "documenso-714144183158-ca-central-1", + "region": "ca-central-1", + "rule": [ + { + "apply_server_side_encryption_by_default": [ + { + "kms_master_key_id": "", + "sse_algorithm": "AES256" + } + ], + "blocked_encryption_types": [], + "bucket_key_enabled": true + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_s3_bucket_versioning", + "name": "uploads", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bucket": "documenso-714144183158-ca-central-1", + "expected_bucket_owner": "", + "id": "documenso-714144183158-ca-central-1", + "mfa": null, + "region": "ca-central-1", + "versioning_configuration": [ + { + "mfa_delete": "", + "status": "Enabled" + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 1, + "identity": { + "account_id": "714144183158", + "bucket": "documenso-714144183158-ca-central-1", + "region": "ca-central-1" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_s3_bucket.uploads", + "data.aws_caller_identity.current" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_security_group", + "name": "alb", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:security-group/sg-00a952a8cf25520c4", + "description": "Public ingress to the Documenso load balancer", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-00a952a8cf25520c4", + "ingress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 443, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 443 + }, + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 80, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 80 + } + ], + "name": "documenso-alb-sg", + "name_prefix": "", + "owner_id": "714144183158", + "region": "ca-central-1", + "revoke_rules_on_delete": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-alb-sg" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-alb-sg" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "sg-00a952a8cf25520c4", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_security_group", + "name": "db", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:security-group/sg-053e8205d804b49b7", + "description": "Allow PostgreSQL access only from Documenso tasks", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-053e8205d804b49b7", + "ingress": [ + { + "cidr_blocks": [ + "64.46.30.40/32" + ], + "description": "", + "from_port": 5432, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 5432 + }, + { + "cidr_blocks": [], + "description": "", + "from_port": 5432, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [ + "sg-002258669cf963664" + ], + "self": false, + "to_port": 5432 + } + ], + "name": "documenso-db-sg", + "name_prefix": "", + "owner_id": "714144183158", + "region": "ca-central-1", + "revoke_rules_on_delete": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-db-sg" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-db-sg" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "sg-053e8205d804b49b7", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "aws_security_group.alb", + "aws_security_group.ecs", + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_security_group", + "name": "ecs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:security-group/sg-002258669cf963664", + "description": "Restrict Documenso container access to the ALB", + "egress": [ + { + "cidr_blocks": [ + "0.0.0.0/0" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + } + ], + "id": "sg-002258669cf963664", + "ingress": [ + { + "cidr_blocks": [], + "description": "", + "from_port": 3000, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [ + "sg-00a952a8cf25520c4" + ], + "self": false, + "to_port": 3000 + } + ], + "name": "documenso-ecs-sg", + "name_prefix": "", + "owner_id": "714144183158", + "region": "ca-central-1", + "revoke_rules_on_delete": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-ecs-sg" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-ecs-sg" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "sg-002258669cf963664", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6OTAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0=", + "dependencies": [ + "aws_security_group.alb", + "aws_vpc.this" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_ses_domain_dkim", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [] + }, + { + "mode": "managed", + "type": "aws_ses_domain_identity", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [] + }, + { + "mode": "managed", + "type": "aws_subnet", + "name": "database", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:subnet/subnet-0a709511dea335bea", + "assign_ipv6_address_on_creation": false, + "availability_zone": "ca-central-1a", + "availability_zone_id": "cac1-az1", + "cidr_block": "10.42.10.0/24", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-0a709511dea335bea", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_ipam_pool_id": null, + "ipv6_native": false, + "ipv6_netmask_length": null, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": false, + "outpost_arn": "", + "owner_id": "714144183158", + "private_dns_hostname_type_on_launch": "ip-name", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-database-1", + "Tier": "database" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-database-1", + "Tier": "database" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "subnet-0a709511dea335bea", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + }, + { + "index_key": 1, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:subnet/subnet-0a1fa5202d4811c8f", + "assign_ipv6_address_on_creation": false, + "availability_zone": "ca-central-1b", + "availability_zone_id": "cac1-az2", + "cidr_block": "10.42.11.0/24", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-0a1fa5202d4811c8f", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_ipam_pool_id": null, + "ipv6_native": false, + "ipv6_netmask_length": null, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": false, + "outpost_arn": "", + "owner_id": "714144183158", + "private_dns_hostname_type_on_launch": "ip-name", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-database-2", + "Tier": "database" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-database-2", + "Tier": "database" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "subnet-0a1fa5202d4811c8f", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_subnet", + "name": "public", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "index_key": 0, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:subnet/subnet-04006254d9d3fa803", + "assign_ipv6_address_on_creation": false, + "availability_zone": "ca-central-1a", + "availability_zone_id": "cac1-az1", + "cidr_block": "10.42.0.0/24", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-04006254d9d3fa803", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_ipam_pool_id": null, + "ipv6_native": false, + "ipv6_netmask_length": null, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": true, + "outpost_arn": "", + "owner_id": "714144183158", + "private_dns_hostname_type_on_launch": "ip-name", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-1", + "Tier": "public" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-1", + "Tier": "public" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "subnet-04006254d9d3fa803", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + }, + { + "index_key": 1, + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:subnet/subnet-0b277577fe96b00e6", + "assign_ipv6_address_on_creation": false, + "availability_zone": "ca-central-1b", + "availability_zone_id": "cac1-az2", + "cidr_block": "10.42.1.0/24", + "customer_owned_ipv4_pool": "", + "enable_dns64": false, + "enable_lni_at_device_index": 0, + "enable_resource_name_dns_a_record_on_launch": false, + "enable_resource_name_dns_aaaa_record_on_launch": false, + "id": "subnet-0b277577fe96b00e6", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_cidr_block": "", + "ipv6_cidr_block_association_id": "", + "ipv6_ipam_pool_id": null, + "ipv6_native": false, + "ipv6_netmask_length": null, + "map_customer_owned_ip_on_launch": false, + "map_public_ip_on_launch": true, + "outpost_arn": "", + "owner_id": "714144183158", + "private_dns_hostname_type_on_launch": "ip-name", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-2", + "Tier": "public" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-public-2", + "Tier": "public" + }, + "timeouts": null, + "vpc_id": "vpc-046682b947963b214" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "subnet-0b277577fe96b00e6", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_vpc.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_vpc", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ec2:ca-central-1:714144183158:vpc/vpc-046682b947963b214", + "assign_generated_ipv6_cidr_block": false, + "cidr_block": "10.42.0.0/16", + "default_network_acl_id": "acl-01fdc2eb9c87245b0", + "default_route_table_id": "rtb-039dbd5008d377929", + "default_security_group_id": "sg-0e665d0bd14b38dda", + "dhcp_options_id": "dopt-8c1d42e4", + "enable_dns_hostnames": true, + "enable_dns_support": true, + "enable_network_address_usage_metrics": false, + "id": "vpc-046682b947963b214", + "instance_tenancy": "default", + "ipv4_ipam_pool_id": null, + "ipv4_netmask_length": null, + "ipv6_association_id": "", + "ipv6_cidr_block": "", + "ipv6_cidr_block_network_border_group": "", + "ipv6_ipam_pool_id": "", + "ipv6_netmask_length": 0, + "main_route_table_id": "rtb-039dbd5008d377929", + "owner_id": "714144183158", + "region": "ca-central-1", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-vpc" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform", + "Name": "documenso-vpc" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "id": "vpc-046682b947963b214", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==" + } + ] + }, + { + "mode": "managed", + "type": "aws_wafv2_web_acl", + "name": "this", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "application_integration_url": "", + "arn": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb", + "association_config": [], + "capacity": 702, + "captcha_config": [], + "challenge_config": [], + "custom_response_body": [], + "data_protection_config": [], + "default_action": [ + { + "allow": [ + { + "custom_request_handling": [] + } + ], + "block": [] + } + ], + "description": "WAF protection for Documenso", + "id": "04577153-2a1a-462c-94b8-b0a1804755bb", + "lock_token": "a64452be-7ff7-4236-b192-0d8941153888", + "name": "documenso-web-acl", + "name_prefix": "", + "region": "ca-central-1", + "rule": [ + { + "action": [ + { + "allow": [], + "block": [ + { + "custom_response": [] + } + ], + "captcha": [], + "challenge": [], + "count": [] + } + ], + "captcha_config": [], + "challenge_config": [], + "name": "RateLimitPerIp", + "override_action": [], + "priority": 2, + "rule_label": [], + "statement": [ + { + "and_statement": [], + "asn_match_statement": [], + "byte_match_statement": [], + "geo_match_statement": [], + "ip_set_reference_statement": [], + "label_match_statement": [], + "managed_rule_group_statement": [], + "not_statement": [], + "or_statement": [], + "rate_based_statement": [ + { + "aggregate_key_type": "IP", + "custom_key": [], + "evaluation_window_sec": 300, + "forwarded_ip_config": [], + "limit": 2000, + "scope_down_statement": [] + } + ], + "regex_match_statement": [], + "regex_pattern_set_reference_statement": [], + "rule_group_reference_statement": [], + "size_constraint_statement": [], + "sqli_match_statement": [], + "xss_match_statement": [] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": true, + "metric_name": "RateLimitPerIp", + "sampled_requests_enabled": true + } + ] + }, + { + "action": [], + "captcha_config": [], + "challenge_config": [], + "name": "AWSManagedRulesCommonRuleSet", + "override_action": [ + { + "count": [], + "none": [ + {} + ] + } + ], + "priority": 1, + "rule_label": [], + "statement": [ + { + "and_statement": [], + "asn_match_statement": [], + "byte_match_statement": [], + "geo_match_statement": [], + "ip_set_reference_statement": [], + "label_match_statement": [], + "managed_rule_group_statement": [ + { + "managed_rule_group_configs": [], + "name": "AWSManagedRulesCommonRuleSet", + "rule_action_override": [], + "scope_down_statement": [], + "vendor_name": "AWS", + "version": "" + } + ], + "not_statement": [], + "or_statement": [], + "rate_based_statement": [], + "regex_match_statement": [], + "regex_pattern_set_reference_statement": [], + "rule_group_reference_statement": [], + "size_constraint_statement": [], + "sqli_match_statement": [], + "xss_match_statement": [] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": true, + "metric_name": "CommonRuleSet", + "sampled_requests_enabled": true + } + ] + } + ], + "rule_json": null, + "scope": "REGIONAL", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "token_domains": null, + "visibility_config": [ + { + "cloudwatch_metrics_enabled": true, + "metric_name": "documenso-web-acl", + "sampled_requests_enabled": true + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_wafv2_web_acl_association", + "name": "alb", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb,arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "region": "ca-central-1", + "resource_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b", + "timeouts": null, + "web_acl_arn": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDB9fQ==", + "dependencies": [ + "aws_lb.this", + "aws_security_group.alb", + "aws_subnet.public", + "aws_vpc.this", + "aws_wafv2_web_acl.this", + "data.aws_availability_zones.available" + ] + } + ] + }, + { + "mode": "managed", + "type": "random_id", + "name": "final_snapshot", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "b64_std": "A0Q0YQ==", + "b64_url": "A0Q0YQ", + "byte_length": 4, + "dec": "54801505", + "hex": "03443461", + "id": "A0Q0YQ", + "keepers": null, + "prefix": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "random_password", + "name": "db_password", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 3, + "attributes": { + "bcrypt_hash": "$2a$10$q4jZNUIWGkTcMuFnctU8AOm34OMAnP6rbd7G.j6PIQxN1XGaUAfDW", + "id": "none", + "keepers": null, + "length": 32, + "lower": true, + "min_lower": 0, + "min_numeric": 0, + "min_special": 0, + "min_upper": 0, + "number": true, + "numeric": true, + "override_special": null, + "result": "HsKgbmS6RxH1wAUN3eHvkAfx3iGi35JK", + "special": false, + "upper": true + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "bcrypt_hash" + } + ], + [ + { + "type": "get_attr", + "value": "result" + } + ] + ], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "random_password", + "name": "encryption_key_primary", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 3, + "attributes": { + "bcrypt_hash": "$2a$10$jNh6QDlzP3QL1AzptRt/u.V3Cpgh1gJy3asINjfJLLhQSNvs/40zW", + "id": "none", + "keepers": null, + "length": 64, + "lower": true, + "min_lower": 0, + "min_numeric": 0, + "min_special": 0, + "min_upper": 0, + "number": true, + "numeric": true, + "override_special": null, + "result": "tCRYLQ9BKjW00d5GSl8pl2whKY6ab4Gf0wa3DaaLbDJ2ihN7WwWOlflxa3NUlnPc", + "special": false, + "upper": true + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "bcrypt_hash" + } + ], + [ + { + "type": "get_attr", + "value": "result" + } + ] + ], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "random_password", + "name": "encryption_key_secondary", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 3, + "attributes": { + "bcrypt_hash": "$2a$10$EZrnEcRpYmVE/i5GXrLXQ.eu8QFABv9q1URqR5QBKbmSStQDWMJEC", + "id": "none", + "keepers": null, + "length": 64, + "lower": true, + "min_lower": 0, + "min_numeric": 0, + "min_special": 0, + "min_upper": 0, + "number": true, + "numeric": true, + "override_special": null, + "result": "HoMkHNTYHWOleVAkZJljkY6fHaCWY3bSROQOiK1lKGccMi2PbqBP0AvqfvlKGSoO", + "special": false, + "upper": true + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "bcrypt_hash" + } + ], + [ + { + "type": "get_attr", + "value": "result" + } + ] + ], + "identity_schema_version": 0 + } + ] + }, + { + "mode": "managed", + "type": "random_password", + "name": "nextauth_secret", + "provider": "provider[\"registry.terraform.io/hashicorp/random\"]", + "instances": [ + { + "schema_version": 3, + "attributes": { + "bcrypt_hash": "$2a$10$LHMWRtxRVVpjjejHX3EXAeIIrb8ug7FRUzOpzgyrruEXvldEj0OuC", + "id": "none", + "keepers": null, + "length": 64, + "lower": true, + "min_lower": 0, + "min_numeric": 0, + "min_special": 0, + "min_upper": 0, + "number": true, + "numeric": true, + "override_special": null, + "result": "NFPjonJogt95fVLJCtzCDfwdJng5Ece07rgOjBrVF56a8wlPrbtaiIYjKDttcjbo", + "special": false, + "upper": true + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "bcrypt_hash" + } + ], + [ + { + "type": "get_attr", + "value": "result" + } + ] + ], + "identity_schema_version": 0 + } + ] + } + ], + "check_results": null +} diff --git a/documenso/terraform/terraform.tfvars.example b/documenso/terraform/terraform.tfvars.example new file mode 100644 index 000000000..e8a02ada5 --- /dev/null +++ b/documenso/terraform/terraform.tfvars.example @@ -0,0 +1,23 @@ +aws_region = "ca-central-1" +domain_name = "esignature.imex.online" +hosted_zone_name = "imex.online" +documenso_image = "documenso/documenso:latest" +smtp_username = "AKIA2MRSPON3O6PRVUPE" +smtp_password = "pw" +smtp_from_address = "no-reply@imex.online" +manage_ses_resources = false +ses_identity_domain = "imex.online" +app_secret_name = "documenso/esignature-imex-online/app" +# signing_certificate_base64 = "MII...base64-encoded-p12..." +# signing_certificate_passphrase = "replace-with-your-p12-passphrase" +# upload_bucket_name = "esignature-imex-online-documenso" + +# Optional tuning +# desired_count = 2 +# max_count = 6 +db_instance_class = "db.t4g.micro" +db_publicly_accessible = true +db_allowed_cidrs = ["64.46.30.40/32"] +disable_signup = false +# allowed_signup_domains = "imex.online" +# alarm_actions = ["arn:aws:sns:ca-central-1:123456789012:ops-alerts"] \ No newline at end of file diff --git a/documenso/terraform/variables.tf b/documenso/terraform/variables.tf index bdb675833..42e7c893a 100644 --- a/documenso/terraform/variables.tf +++ b/documenso/terraform/variables.tf @@ -23,11 +23,17 @@ variable "hosted_zone_name" { } variable "ses_identity_domain" { - description = "Domain to verify in SES. Defaults to the hosted zone when null." + description = "Domain used for SES. Defaults to the hosted zone when null. If manage_ses_resources is false, this is informational and used only for outputs/documentation." type = string default = null } +variable "manage_ses_resources" { + description = "Whether this Terraform stack should create and manage the SES domain identity, verification record, and DKIM records. Disable this when SES is already configured elsewhere." + type = bool + default = false +} + variable "documenso_image" { description = "Container image for Documenso. Default keeps you on the latest published image." type = string @@ -166,6 +172,18 @@ variable "db_final_snapshot_on_destroy" { default = true } +variable "db_publicly_accessible" { + description = "Whether the RDS instance should have a public endpoint. Requires database subnets with a route to the internet gateway." + type = bool + default = false +} + +variable "db_allowed_cidrs" { + description = "IPv4 CIDR blocks allowed to connect directly to PostgreSQL. Leave empty to disable direct public access." + type = list(string) + default = [] +} + variable "disable_signup" { description = "Disable public signup in Documenso." type = bool @@ -211,7 +229,7 @@ variable "smtp_password" { variable "smtp_from_name" { description = "Display name used in outbound email." type = string - default = "IMEX eSignature" + default = "ImEX E-Signature" } variable "smtp_from_address" { @@ -233,6 +251,12 @@ variable "signing_certificate_passphrase" { sensitive = true } +variable "app_secret_name" { + description = "Secrets Manager secret name used for Documenso application secrets. Set this if a previous secret with the default name is pending deletion." + type = string + default = null +} + variable "tags" { description = "Additional tags applied to all supported resources." type = map(string)