diff --git a/documenso/terraform/terraform.tfstate b/documenso/terraform/terraform.tfstate index 62c5c8794..7557d02b5 100644 --- a/documenso/terraform/terraform.tfstate +++ b/documenso/terraform/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.14.3", - "serial": 84, + "serial": 89, "lineage": "2b49a6da-17c7-01da-d62f-9a13def4b683", "outputs": { "application_url": { @@ -1096,7 +1096,7 @@ "instance_class": "db.t4g.micro", "iops": 3000, "kms_key_id": "arn:aws:kms:ca-central-1:714144183158:key/1237b672-91b3-4d23-958d-1877c5d22eb9", - "latest_restorable_time": "2026-04-13T20:19:35Z", + "latest_restorable_time": "2026-04-23T14:54:39Z", "license_model": "postgresql-license", "listener_endpoint": [], "maintenance_window": "tue:03:10-tue:03:40", @@ -1384,7 +1384,7 @@ "Application": "documenso", "ManagedBy": "Terraform" }, - "task_definition": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task:5", + "task_definition": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task:6", "timeouts": null, "triggers": {}, "volume_configuration": [], @@ -1451,9 +1451,9 @@ { "schema_version": 1, "attributes": { - "arn": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task:5", + "arn": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task:6", "arn_without_revision": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task", - "container_definitions": "[{\"environment\":[{\"name\":\"NEXT_PRIVATE_INTERNAL_WEBAPP_URL\",\"value\":\"http://127.0.0.1:3000\"},{\"name\":\"NEXT_PRIVATE_SMTP_HOST\",\"value\":\"email-smtp.ca-central-1.amazonaws.com\"},{\"name\":\"NEXT_PRIVATE_SMTP_PORT\",\"value\":\"587\"},{\"name\":\"NEXT_PRIVATE_SMTP_SECURE\",\"value\":\"false\"},{\"name\":\"NEXT_PRIVATE_SMTP_TRANSPORT\",\"value\":\"smtp-auth\"},{\"name\":\"NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS\",\"value\":\"false\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_BUCKET\",\"value\":\"documenso-714144183158-ca-central-1\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_REGION\",\"value\":\"ca-central-1\"},{\"name\":\"NEXT_PUBLIC_DISABLE_SIGNUP\",\"value\":\"false\"},{\"name\":\"NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT\",\"value\":\"10\"},{\"name\":\"NEXT_PUBLIC_UPLOAD_TRANSPORT\",\"value\":\"s3\"},{\"name\":\"NEXT_PUBLIC_WEBAPP_URL\",\"value\":\"https://sign.imex.online\"},{\"name\":\"PORT\",\"value\":\"3000\"}],\"essential\":true,\"image\":\"documenso/documenso:latest\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"/ecs/documenso\",\"awslogs-region\":\"ca-central-1\",\"awslogs-stream-prefix\":\"documenso\"}},\"mountPoints\":[],\"name\":\"documenso\",\"portMappings\":[{\"containerPort\":3000,\"hostPort\":3000,\"protocol\":\"tcp\"}],\"secrets\":[{\"name\":\"NEXTAUTH_SECRET\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXTAUTH_SECRET::\"},{\"name\":\"NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS::\"},{\"name\":\"NEXT_PRIVATE_DATABASE_URL\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DATABASE_URL::\"},{\"name\":\"NEXT_PRIVATE_DIRECT_DATABASE_URL\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DIRECT_DATABASE_URL::\"},{\"name\":\"NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY::\"},{\"name\":\"NEXT_PRIVATE_ENCRYPTION_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ENCRYPTION_KEY::\"},{\"name\":\"NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY::\"},{\"name\":\"NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS::\"},{\"name\":\"NEXT_PRIVATE_SIGNING_PASSPHRASE\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SIGNING_PASSPHRASE::\"},{\"name\":\"NEXT_PRIVATE_SMTP_FROM_ADDRESS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_FROM_ADDRESS::\"},{\"name\":\"NEXT_PRIVATE_SMTP_FROM_NAME\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_FROM_NAME::\"},{\"name\":\"NEXT_PRIVATE_SMTP_PASSWORD\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_PASSWORD::\"},{\"name\":\"NEXT_PRIVATE_SMTP_USERNAME\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_USERNAME::\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID::\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY::\"}],\"systemControls\":[],\"volumesFrom\":[]}]", + "container_definitions": "[{\"environment\":[{\"name\":\"NEXT_PRIVATE_INTERNAL_WEBAPP_URL\",\"value\":\"http://127.0.0.1:3000\"},{\"name\":\"NEXT_PRIVATE_SMTP_HOST\",\"value\":\"email-smtp.ca-central-1.amazonaws.com\"},{\"name\":\"NEXT_PRIVATE_SMTP_PORT\",\"value\":\"587\"},{\"name\":\"NEXT_PRIVATE_SMTP_SECURE\",\"value\":\"false\"},{\"name\":\"NEXT_PRIVATE_SMTP_TRANSPORT\",\"value\":\"smtp-auth\"},{\"name\":\"NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS\",\"value\":\"false\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_BUCKET\",\"value\":\"documenso-714144183158-ca-central-1\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_REGION\",\"value\":\"ca-central-1\"},{\"name\":\"NEXT_PUBLIC_DISABLE_SIGNUP\",\"value\":\"false\"},{\"name\":\"NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT\",\"value\":\"10\"},{\"name\":\"NEXT_PUBLIC_UPLOAD_TRANSPORT\",\"value\":\"s3\"},{\"name\":\"NEXT_PUBLIC_WEBAPP_URL\",\"value\":\"https://sign.imex.online\"},{\"name\":\"PORT\",\"value\":\"3000\"}],\"essential\":true,\"image\":\"documenso/documenso:2.9.1\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-stream-prefix\":\"documenso\",\"awslogs-group\":\"/ecs/documenso\",\"awslogs-region\":\"ca-central-1\"}},\"mountPoints\":[],\"name\":\"documenso\",\"portMappings\":[{\"containerPort\":3000,\"hostPort\":3000,\"protocol\":\"tcp\"}],\"secrets\":[{\"name\":\"NEXTAUTH_SECRET\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXTAUTH_SECRET::\"},{\"name\":\"NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS::\"},{\"name\":\"NEXT_PRIVATE_DATABASE_URL\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DATABASE_URL::\"},{\"name\":\"NEXT_PRIVATE_DIRECT_DATABASE_URL\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DIRECT_DATABASE_URL::\"},{\"name\":\"NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY::\"},{\"name\":\"NEXT_PRIVATE_ENCRYPTION_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ENCRYPTION_KEY::\"},{\"name\":\"NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY::\"},{\"name\":\"NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS::\"},{\"name\":\"NEXT_PRIVATE_SIGNING_PASSPHRASE\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SIGNING_PASSPHRASE::\"},{\"name\":\"NEXT_PRIVATE_SMTP_FROM_ADDRESS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_FROM_ADDRESS::\"},{\"name\":\"NEXT_PRIVATE_SMTP_FROM_NAME\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_FROM_NAME::\"},{\"name\":\"NEXT_PRIVATE_SMTP_PASSWORD\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_PASSWORD::\"},{\"name\":\"NEXT_PRIVATE_SMTP_USERNAME\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_USERNAME::\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID::\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY::\"}],\"systemControls\":[],\"volumesFrom\":[]}]", "cpu": "512", "enable_fault_injection": false, "ephemeral_storage": [], @@ -1470,7 +1470,7 @@ "requires_compatibilities": [ "FARGATE" ], - "revision": 5, + "revision": 6, "runtime_platform": [], "skip_destroy": false, "tags": { @@ -1498,7 +1498,7 @@ "account_id": "714144183158", "family": "documenso-task", "region": "ca-central-1", - "revision": 5 + "revision": 6 }, "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", "dependencies": [ diff --git a/documenso/terraform/terraform.tfstate.backup b/documenso/terraform/terraform.tfstate.backup index 1cb090236..62c5c8794 100644 --- a/documenso/terraform/terraform.tfstate.backup +++ b/documenso/terraform/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.14.3", - "serial": 53, + "serial": 84, "lineage": "2b49a6da-17c7-01da-d62f-9a13def4b683", "outputs": { "application_url": { @@ -25,7 +25,7 @@ "type": "string" }, "secrets_manager_secret_name": { - "value": "documenso/app", + "value": "documenso/sign-imex-online/app", "type": "string" }, "ses_identity_domain": { @@ -184,7 +184,7 @@ ], "primary_name_server": "ns-351.awsdns-43.com", "private_zone": false, - "resource_record_set_count": 107, + "resource_record_set_count": 109, "tags": {}, "vpc_id": null, "zone_id": "Z007258313LRUYU3SXR5B" @@ -219,8 +219,8 @@ "early_renewal_duration": "", "id": "arn:aws:acm:ca-central-1:714144183158:certificate/26ba951b-6319-4613-b995-31716a18f721", "key_algorithm": "RSA_2048", - "not_after": "", - "not_before": "", + "not_after": "2026-10-09T23:59:59Z", + "not_before": "2026-03-26T00:00:00Z", "options": [ { "certificate_transparency_logging_preference": "ENABLED", @@ -230,9 +230,9 @@ "pending_renewal": false, "private_key": null, "region": "ca-central-1", - "renewal_eligibility": "INELIGIBLE", + "renewal_eligibility": "ELIGIBLE", "renewal_summary": [], - "status": "PENDING_VALIDATION", + "status": "ISSUED", "subject_alternative_names": [ "sign.imex.online" ], @@ -294,6 +294,252 @@ } ] }, + { + "mode": "managed", + "type": "aws_appautoscaling_policy", + "name": "cpu", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "alarm_arns": [ + "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:TargetTracking-service/documenso-cluster/documenso-service-AlarmHigh-bbc1f061-f57c-4131-8199-8a9abd69cbe4", + "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:TargetTracking-service/documenso-cluster/documenso-service-AlarmLow-0707ab53-88f2-4246-a05c-47100eee8514" + ], + "arn": "arn:aws:autoscaling:ca-central-1:714144183158:scalingPolicy:12061d83-fb65-4101-9620-34f02f95938b:resource/ecs/service/documenso-cluster/documenso-service:policyName/documenso-cpu-scaling", + "id": "documenso-cpu-scaling", + "name": "documenso-cpu-scaling", + "policy_type": "TargetTrackingScaling", + "predictive_scaling_policy_configuration": [], + "region": "ca-central-1", + "resource_id": "service/documenso-cluster/documenso-service", + "scalable_dimension": "ecs:service:DesiredCount", + "service_namespace": "ecs", + "step_scaling_policy_configuration": [], + "target_tracking_scaling_policy_configuration": [ + { + "customized_metric_specification": [], + "disable_scale_in": false, + "predefined_metric_specification": [ + { + "predefined_metric_type": "ECSServiceAverageCPUUtilization", + "resource_label": "" + } + ], + "scale_in_cooldown": 120, + "scale_out_cooldown": 60, + "target_value": 65 + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_appautoscaling_target.ecs", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_appautoscaling_policy", + "name": "memory", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "alarm_arns": [ + "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:TargetTracking-service/documenso-cluster/documenso-service-AlarmHigh-b15848da-0122-432d-b624-18cec2a7a92a", + "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:TargetTracking-service/documenso-cluster/documenso-service-AlarmLow-77e80e21-6e9b-42c9-b982-d0e0abfa3921" + ], + "arn": "arn:aws:autoscaling:ca-central-1:714144183158:scalingPolicy:12061d83-fb65-4101-9620-34f02f95938b:resource/ecs/service/documenso-cluster/documenso-service:policyName/documenso-memory-scaling", + "id": "documenso-memory-scaling", + "name": "documenso-memory-scaling", + "policy_type": "TargetTrackingScaling", + "predictive_scaling_policy_configuration": [], + "region": "ca-central-1", + "resource_id": "service/documenso-cluster/documenso-service", + "scalable_dimension": "ecs:service:DesiredCount", + "service_namespace": "ecs", + "step_scaling_policy_configuration": [], + "target_tracking_scaling_policy_configuration": [ + { + "customized_metric_specification": [], + "disable_scale_in": false, + "predefined_metric_specification": [ + { + "predefined_metric_type": "ECSServiceAverageMemoryUtilization", + "resource_label": "" + } + ], + "scale_in_cooldown": 120, + "scale_out_cooldown": 60, + "target_value": 75 + } + ] + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_appautoscaling_target.ecs", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_appautoscaling_target", + "name": "ecs", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:application-autoscaling:ca-central-1:714144183158:scalable-target/0ec512061d83fb654101962034f02f95938b", + "id": "service/documenso-cluster/documenso-service", + "max_capacity": 4, + "min_capacity": 1, + "region": "ca-central-1", + "resource_id": "service/documenso-cluster/documenso-service", + "role_arn": "arn:aws:iam::714144183158:role/aws-service-role/ecs.application-autoscaling.amazonaws.com/AWSServiceRoleForApplicationAutoScaling_ECSService", + "scalable_dimension": "ecs:service:DesiredCount", + "service_namespace": "ecs", + "suspended_state": [ + { + "dynamic_scaling_in_suspended": false, + "dynamic_scaling_out_suspended": false, + "scheduled_scaling_suspended": false + } + ], + "tags": {}, + "tags_all": {} + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, { "mode": "managed", "type": "aws_cloudwatch_log_group", @@ -343,7 +589,7 @@ "schema_version": 1, "attributes": { "actions_enabled": true, - "alarm_actions": null, + "alarm_actions": [], "alarm_description": "ALB is returning elevated 5xx responses", "alarm_name": "documenso-alb-5xx", "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-alb-5xx", @@ -356,11 +602,11 @@ "evaluation_periods": 1, "extended_statistic": "", "id": "documenso-alb-5xx", - "insufficient_data_actions": null, + "insufficient_data_actions": [], "metric_name": "HTTPCode_ELB_5XX_Count", "metric_query": [], "namespace": "AWS/ApplicationELB", - "ok_actions": null, + "ok_actions": [], "period": 300, "region": "ca-central-1", "statistic": "Sum", @@ -405,7 +651,7 @@ "schema_version": 1, "attributes": { "actions_enabled": true, - "alarm_actions": null, + "alarm_actions": [], "alarm_description": "ALB target group has unhealthy hosts", "alarm_name": "documenso-alb-unhealthy-hosts", "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-alb-unhealthy-hosts", @@ -419,11 +665,11 @@ "evaluation_periods": 2, "extended_statistic": "", "id": "documenso-alb-unhealthy-hosts", - "insufficient_data_actions": null, + "insufficient_data_actions": [], "metric_name": "UnHealthyHostCount", "metric_query": [], "namespace": "AWS/ApplicationELB", - "ok_actions": null, + "ok_actions": [], "period": 60, "region": "ca-central-1", "statistic": "Average", @@ -459,6 +705,198 @@ } ] }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "ecs_cpu_high", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": [], + "alarm_description": "Documenso ECS service CPU is consistently high", + "alarm_name": "documenso-ecs-cpu-high", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-ecs-cpu-high", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "ClusterName": "documenso-cluster", + "ServiceName": "documenso-service" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 2, + "extended_statistic": "", + "id": "documenso-ecs-cpu-high", + "insufficient_data_actions": [], + "metric_name": "CPUUtilization", + "metric_query": [], + "namespace": "AWS/ECS", + "ok_actions": [], + "period": 300, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 85, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-ecs-cpu-high", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_cloudwatch_metric_alarm", + "name": "ecs_memory_high", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "actions_enabled": true, + "alarm_actions": [], + "alarm_description": "Documenso ECS service memory is consistently high", + "alarm_name": "documenso-ecs-memory-high", + "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-ecs-memory-high", + "comparison_operator": "GreaterThanOrEqualToThreshold", + "datapoints_to_alarm": 0, + "dimensions": { + "ClusterName": "documenso-cluster", + "ServiceName": "documenso-service" + }, + "evaluate_low_sample_count_percentiles": "", + "evaluation_periods": 2, + "extended_statistic": "", + "id": "documenso-ecs-memory-high", + "insufficient_data_actions": [], + "metric_name": "MemoryUtilization", + "metric_query": [], + "namespace": "AWS/ECS", + "ok_actions": [], + "period": 300, + "region": "ca-central-1", + "statistic": "Average", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "threshold": 85, + "threshold_metric_id": "", + "treat_missing_data": "notBreaching", + "unit": "" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "alarm_name": "documenso-ecs-memory-high", + "region": "ca-central-1" + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_service.documenso", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, { "mode": "managed", "type": "aws_cloudwatch_metric_alarm", @@ -469,7 +907,7 @@ "schema_version": 1, "attributes": { "actions_enabled": true, - "alarm_actions": null, + "alarm_actions": [], "alarm_description": "RDS CPU utilization is high", "alarm_name": "documenso-rds-cpu-high", "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-rds-cpu-high", @@ -482,11 +920,11 @@ "evaluation_periods": 2, "extended_statistic": "", "id": "documenso-rds-cpu-high", - "insufficient_data_actions": null, + "insufficient_data_actions": [], "metric_name": "CPUUtilization", "metric_query": [], "namespace": "AWS/RDS", - "ok_actions": null, + "ok_actions": [], "period": 300, "region": "ca-central-1", "statistic": "Average", @@ -541,7 +979,7 @@ "schema_version": 1, "attributes": { "actions_enabled": true, - "alarm_actions": null, + "alarm_actions": [], "alarm_description": "RDS free storage is running low", "alarm_name": "documenso-rds-free-storage-low", "arn": "arn:aws:cloudwatch:ca-central-1:714144183158:alarm:documenso-rds-free-storage-low", @@ -554,11 +992,11 @@ "evaluation_periods": 1, "extended_statistic": "", "id": "documenso-rds-free-storage-low", - "insufficient_data_actions": null, + "insufficient_data_actions": [], "metric_name": "FreeStorageSpace", "metric_query": [], "namespace": "AWS/RDS", - "ok_actions": null, + "ok_actions": [], "period": 300, "region": "ca-central-1", "statistic": "Average", @@ -636,7 +1074,7 @@ "deletion_protection": true, "domain": "", "domain_auth_secret_arn": "", - "domain_dns_ips": null, + "domain_dns_ips": [], "domain_fqdn": "", "domain_iam_role_name": "", "domain_ou": "", @@ -658,7 +1096,7 @@ "instance_class": "db.t4g.micro", "iops": 3000, "kms_key_id": "arn:aws:kms:ca-central-1:714144183158:key/1237b672-91b3-4d23-958d-1877c5d22eb9", - "latest_restorable_time": "2026-03-26T21:28:38Z", + "latest_restorable_time": "2026-04-13T20:19:35Z", "license_model": "postgresql-license", "listener_endpoint": [], "maintenance_window": "tue:03:10-tue:03:40", @@ -862,6 +1300,239 @@ } ] }, + { + "mode": "managed", + "type": "aws_ecs_service", + "name": "documenso", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "alarms": [], + "arn": "arn:aws:ecs:ca-central-1:714144183158:service/documenso-cluster/documenso-service", + "availability_zone_rebalancing": "ENABLED", + "capacity_provider_strategy": [], + "cluster": "arn:aws:ecs:ca-central-1:714144183158:cluster/documenso-cluster", + "deployment_circuit_breaker": [ + { + "enable": true, + "rollback": true + } + ], + "deployment_configuration": [ + { + "bake_time_in_minutes": "0", + "canary_configuration": [], + "lifecycle_hook": [], + "linear_configuration": [], + "strategy": "ROLLING" + } + ], + "deployment_controller": [ + { + "type": "ECS" + } + ], + "deployment_maximum_percent": 200, + "deployment_minimum_healthy_percent": 100, + "desired_count": 1, + "enable_ecs_managed_tags": false, + "enable_execute_command": true, + "force_delete": null, + "force_new_deployment": null, + "health_check_grace_period_seconds": 60, + "iam_role": "/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS", + "id": "arn:aws:ecs:ca-central-1:714144183158:service/documenso-cluster/documenso-service", + "launch_type": "FARGATE", + "load_balancer": [ + { + "advanced_configuration": [], + "container_name": "documenso", + "container_port": 3000, + "elb_name": "", + "target_group_arn": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351" + } + ], + "name": "documenso-service", + "network_configuration": [ + { + "assign_public_ip": true, + "security_groups": [ + "sg-002258669cf963664" + ], + "subnets": [ + "subnet-04006254d9d3fa803", + "subnet-0b277577fe96b00e6" + ] + } + ], + "ordered_placement_strategy": [], + "placement_constraints": [], + "platform_version": "LATEST", + "propagate_tags": "NONE", + "region": "ca-central-1", + "scheduling_strategy": "REPLICA", + "service_connect_configuration": [], + "service_registries": [], + "sigint_rollback": null, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "task_definition": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task:5", + "timeouts": null, + "triggers": {}, + "volume_configuration": [], + "vpc_lattice_configurations": [], + "wait_for_steady_state": false + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "cluster": "arn:aws:ecs:ca-central-1:714144183158:cluster/documenso-cluster", + "name": "documenso-service", + "region": "ca-central-1" + }, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9", + "dependencies": [ + "aws_acm_certificate.this", + "aws_acm_certificate_validation.this", + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_ecs_cluster.this", + "aws_ecs_task_definition.documenso", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_lb.this", + "aws_lb_listener.https", + "aws_lb_target_group.documenso", + "aws_route53_record.certificate_validation", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_subnet.public", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "data.aws_route53_zone.primary", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, + { + "mode": "managed", + "type": "aws_ecs_task_definition", + "name": "documenso", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 1, + "attributes": { + "arn": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task:5", + "arn_without_revision": "arn:aws:ecs:ca-central-1:714144183158:task-definition/documenso-task", + "container_definitions": "[{\"environment\":[{\"name\":\"NEXT_PRIVATE_INTERNAL_WEBAPP_URL\",\"value\":\"http://127.0.0.1:3000\"},{\"name\":\"NEXT_PRIVATE_SMTP_HOST\",\"value\":\"email-smtp.ca-central-1.amazonaws.com\"},{\"name\":\"NEXT_PRIVATE_SMTP_PORT\",\"value\":\"587\"},{\"name\":\"NEXT_PRIVATE_SMTP_SECURE\",\"value\":\"false\"},{\"name\":\"NEXT_PRIVATE_SMTP_TRANSPORT\",\"value\":\"smtp-auth\"},{\"name\":\"NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS\",\"value\":\"false\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_BUCKET\",\"value\":\"documenso-714144183158-ca-central-1\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_REGION\",\"value\":\"ca-central-1\"},{\"name\":\"NEXT_PUBLIC_DISABLE_SIGNUP\",\"value\":\"false\"},{\"name\":\"NEXT_PUBLIC_DOCUMENT_SIZE_UPLOAD_LIMIT\",\"value\":\"10\"},{\"name\":\"NEXT_PUBLIC_UPLOAD_TRANSPORT\",\"value\":\"s3\"},{\"name\":\"NEXT_PUBLIC_WEBAPP_URL\",\"value\":\"https://sign.imex.online\"},{\"name\":\"PORT\",\"value\":\"3000\"}],\"essential\":true,\"image\":\"documenso/documenso:latest\",\"logConfiguration\":{\"logDriver\":\"awslogs\",\"options\":{\"awslogs-group\":\"/ecs/documenso\",\"awslogs-region\":\"ca-central-1\",\"awslogs-stream-prefix\":\"documenso\"}},\"mountPoints\":[],\"name\":\"documenso\",\"portMappings\":[{\"containerPort\":3000,\"hostPort\":3000,\"protocol\":\"tcp\"}],\"secrets\":[{\"name\":\"NEXTAUTH_SECRET\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXTAUTH_SECRET::\"},{\"name\":\"NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS::\"},{\"name\":\"NEXT_PRIVATE_DATABASE_URL\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DATABASE_URL::\"},{\"name\":\"NEXT_PRIVATE_DIRECT_DATABASE_URL\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DIRECT_DATABASE_URL::\"},{\"name\":\"NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY::\"},{\"name\":\"NEXT_PRIVATE_ENCRYPTION_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ENCRYPTION_KEY::\"},{\"name\":\"NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY::\"},{\"name\":\"NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS::\"},{\"name\":\"NEXT_PRIVATE_SIGNING_PASSPHRASE\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SIGNING_PASSPHRASE::\"},{\"name\":\"NEXT_PRIVATE_SMTP_FROM_ADDRESS\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_FROM_ADDRESS::\"},{\"name\":\"NEXT_PRIVATE_SMTP_FROM_NAME\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_FROM_NAME::\"},{\"name\":\"NEXT_PRIVATE_SMTP_PASSWORD\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_PASSWORD::\"},{\"name\":\"NEXT_PRIVATE_SMTP_USERNAME\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_SMTP_USERNAME::\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID::\"},{\"name\":\"NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY\",\"valueFrom\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE:NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY::\"}],\"systemControls\":[],\"volumesFrom\":[]}]", + "cpu": "512", + "enable_fault_injection": false, + "ephemeral_storage": [], + "execution_role_arn": "arn:aws:iam::714144183158:role/documenso-ecs-execution", + "family": "documenso-task", + "id": "documenso-task", + "ipc_mode": "", + "memory": "1024", + "network_mode": "awsvpc", + "pid_mode": "", + "placement_constraints": [], + "proxy_configuration": [], + "region": "ca-central-1", + "requires_compatibilities": [ + "FARGATE" + ], + "revision": 5, + "runtime_platform": [], + "skip_destroy": false, + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "task_role_arn": "arn:aws:iam::714144183158:role/documenso-ecs-task", + "track_latest": false, + "volume": [] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "container_definitions" + } + ] + ], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "family": "documenso-task", + "region": "ca-central-1", + "revision": 5 + }, + "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==", + "dependencies": [ + "aws_cloudwatch_log_group.documenso", + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_iam_access_key.documenso_upload", + "aws_iam_role.ecs_task", + "aws_iam_role.ecs_task_execution", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_s3_bucket.uploads", + "aws_secretsmanager_secret.app", + "aws_secretsmanager_secret_version.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_caller_identity.current", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, { "mode": "managed", "type": "aws_iam_access_key", @@ -961,8 +1632,15 @@ "description": "", "force_detach_policies": false, "id": "documenso-ecs-execution", - "inline_policy": [], - "managed_policy_arns": [], + "inline_policy": [ + { + "name": "documenso-ecs-secrets", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"secretsmanager:GetSecretValue\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE\"}]}" + } + ], + "managed_policy_arns": [ + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" + ], "max_session_duration": 3600, "name": "documenso-ecs-execution", "name_prefix": "", @@ -988,6 +1666,36 @@ } ] }, + { + "mode": "managed", + "type": "aws_iam_role_policy", + "name": "ecs_task_execution_secrets", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "id": "documenso-ecs-execution:documenso-ecs-secrets", + "name": "documenso-ecs-secrets", + "name_prefix": "", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":[\"secretsmanager:GetSecretValue\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE\"}]}", + "role": "documenso-ecs-execution" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "name": "documenso-ecs-secrets", + "role": "documenso-ecs-execution" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_iam_role.ecs_task_execution", + "aws_secretsmanager_secret.app" + ] + } + ] + }, { "mode": "managed", "type": "aws_iam_role_policy_attachment", @@ -1282,7 +1990,7 @@ "routing_http_response_x_content_type_options_header_value": "", "routing_http_response_x_frame_options_header_value": "", "ssl_policy": "", - "tags": null, + "tags": {}, "tags_all": {}, "tcp_idle_timeout_seconds": null, "timeouts": null @@ -1361,7 +2069,7 @@ "routing_http_response_x_content_type_options_header_value": "", "routing_http_response_x_frame_options_header_value": "", "ssl_policy": "ELBSecurityPolicy-TLS13-1-2-2021-06", - "tags": null, + "tags": {}, "tags_all": {}, "tcp_idle_timeout_seconds": null, "timeouts": null @@ -1416,7 +2124,9 @@ "id": "arn:aws:elasticloadbalancing:ca-central-1:714144183158:targetgroup/documenso-tg/724855a5d3422351", "ip_address_type": "ipv4", "lambda_multi_value_headers_enabled": false, - "load_balancer_arns": [], + "load_balancer_arns": [ + "arn:aws:elasticloadbalancing:ca-central-1:714144183158:loadbalancer/app/documenso-alb/289976c309c39e2b" + ], "load_balancing_algorithm_type": "round_robin", "load_balancing_anomaly_mitigation": "off", "load_balancing_cross_zone_enabled": "use_load_balancer_configuration", @@ -1516,7 +2226,7 @@ "latency_routing_policy": [], "multivalue_answer_routing_policy": false, "name": "sign.imex.online", - "records": null, + "records": [], "set_identifier": "", "timeouts": null, "ttl": 0, @@ -1581,7 +2291,7 @@ "identity_schema_version": 0, "identity": { "account_id": "714144183158", - "name": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online.", + "name": "_5b128616232fd8125b68b556a7b6474d.sign.imex.online", "set_identifier": null, "type": "CNAME", "zone_id": "Z007258313LRUYU3SXR5B" @@ -1594,20 +2304,6 @@ } ] }, - { - "mode": "managed", - "type": "aws_route53_record", - "name": "ses_dkim", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [] - }, - { - "mode": "managed", - "type": "aws_route53_record", - "name": "ses_verification", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [] - }, { "mode": "managed", "type": "aws_route_table", @@ -1789,7 +2485,25 @@ "bucket_prefix": "", "bucket_region": "ca-central-1", "bucket_regional_domain_name": "documenso-714144183158-ca-central-1.s3.ca-central-1.amazonaws.com", - "cors_rule": [], + "cors_rule": [ + { + "allowed_headers": [ + "*" + ], + "allowed_methods": [ + "POST", + "GET", + "PUT" + ], + "allowed_origins": [ + "https://sign.imex.online" + ], + "expose_headers": [ + "ETag" + ], + "max_age_seconds": 3000 + } + ], "force_destroy": false, "grant": [ { @@ -1803,7 +2517,19 @@ ], "hosted_zone_id": "Z1QDHH18159H29", "id": "documenso-714144183158-ca-central-1", - "lifecycle_rule": [], + "lifecycle_rule": [ + { + "abort_incomplete_multipart_upload_days": 7, + "enabled": true, + "expiration": [], + "id": "abort-incomplete-multipart-uploads", + "noncurrent_version_expiration": [], + "noncurrent_version_transition": [], + "prefix": "", + "tags": {}, + "transition": [] + } + ], "logging": [], "object_lock_configuration": [], "object_lock_enabled": false, @@ -1821,7 +2547,7 @@ "sse_algorithm": "AES256" } ], - "bucket_key_enabled": false + "bucket_key_enabled": true } ] } @@ -1839,7 +2565,7 @@ "timeouts": null, "versioning": [ { - "enabled": false, + "enabled": true, "mfa_delete": false } ], @@ -2100,6 +2826,121 @@ } ] }, + { + "mode": "managed", + "type": "aws_secretsmanager_secret", + "name": "app", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "description": "", + "force_overwrite_replica_secret": false, + "id": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "kms_key_id": "", + "name": "documenso/sign-imex-online/app", + "name_prefix": "", + "policy": "", + "recovery_window_in_days": 7, + "region": "ca-central-1", + "replica": [], + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "identity": { + "arn": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE" + }, + "private": "bnVsbA==" + } + ] + }, + { + "mode": "managed", + "type": "aws_secretsmanager_secret_version", + "name": "app", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "arn": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "has_secret_string_wo": null, + "id": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE|terraform-20260413202325454100000001", + "region": "ca-central-1", + "secret_binary": "", + "secret_id": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "secret_string": "{\"NEXTAUTH_SECRET\":\"NFPjonJogt95fVLJCtzCDfwdJng5Ece07rgOjBrVF56a8wlPrbtaiIYjKDttcjbo\",\"NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS\":\"\",\"NEXT_PRIVATE_DATABASE_URL\":\"postgresql://documenso:HsKgbmS6RxH1wAUN3eHvkAfx3iGi35JK@documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com:5432/documenso?schema=public\",\"NEXT_PRIVATE_DIRECT_DATABASE_URL\":\"postgresql://documenso:HsKgbmS6RxH1wAUN3eHvkAfx3iGi35JK@documenso-postgres.cfo5pnykioqq.ca-central-1.rds.amazonaws.com:5432/documenso?schema=public\",\"NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY\":\"DOCUMENSO-B3H3-LJFA-PEMZ-CBCK-THBX\",\"NEXT_PRIVATE_ENCRYPTION_KEY\":\"tCRYLQ9BKjW00d5GSl8pl2whKY6ab4Gf0wa3DaaLbDJ2ihN7WwWOlflxa3NUlnPc\",\"NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY\":\"HoMkHNTYHWOleVAkZJljkY6fHaCWY3bSROQOiK1lKGccMi2PbqBP0AvqfvlKGSoO\",\"NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS\":\"MIIK5wIBAzCCCpUGCSqGSIb3DQEHAaCCCoYEggqCMIIKfjCCBOoGCSqGSIb3DQEHBqCCBNswggTXAgEAMIIE0AYJKoZIhvcNAQcBMF8GCSqGSIb3DQEFDTBSMDEGCSqGSIb3DQEFDDAkBBDPGLKtlkmj6wf0D6roFLGsAgIIADAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQmiqrIJKxMaa52XumQ2nyxoCCBGCcOHBZRmLmTRhh/DFjKKlk4fDaF4geklv4OSs+pRJXOPVU1C3U+2OJyrHYPejCJobA4ZBtfw2Z+BDULr43bK5WS0hHywCCAhKgfIXJy9GEJ+YS6cjFxWNwJUakTRx69tzwjzKtifJ14s9gZIL+dPbbQlCM0bs6CEUZYGZtwfpfGH/DqToA6coV73efUCHTHg1KLcoimT7X8CUogD6QulDAN3Fajd2udaC1jdb2nStHFzrI6AT/v7LWjfvxN+jbPTDGyuoaGX+60NGdZwfsJob5Kr8g+btii5FELhTOU3aI22/nk5bdVMEmjW2WzFp2MmrCe7iTWa0/Tl18HY0XXlxUixnzT0ZMEgafumvNwu8pLlXk0y8Q1/zK0fmdSSPCuljWkFcdwo8gp2cbmZ0YU1zbcqN1Vecop6oPptssy/2y51zFS6pKWV9DSliACphxTHOXkP2GkjS4PdCKQgQbUdrz1IvuI25eEAQnsxEpuPTYt3Q33oMXNrgjUGqQYaO8/CtftTkC8MjEw23hBMdkvWW/MNLzj+9XueRPYpnJMxVsSLmtTp91lZBm9yuYEPxhk4BC66nyo7aFxK3Cdrd9NyntJourbVOj+RFJvIL+KCGrkD+s+e7xA+VdWFoGBQR2ZXImOYaBPVnuRXK+I39tX/geNDKox4ZY7/Jfkw5M/2UTKF9ZE3umvjBeBsIRwtkEJhmduc/DUJpE5642i1AIqF0ZK72qX9CGz6ypKnYmDJZ1JM0EU8TiGfrSpBqizB7QWvLQm/z9a55142UkwUOFVC1VyMVAeNwnOGqwxBCnV59P5QD8BBnNIsYDYWNU3OcKvAS36sZeO0QQLCL4VgUGHFFsQjfupUIKOOFFHrV4Vtd0DuealFxCf/q5ssH+ERTiYRXeZ2U8AFbzGBNmfbmHxjeldSGcKKVne2tFqWb58XAkE9g18MP40nbfxLNJQConf9mKqydAMoUFrK/C2763DPlVD4o/2n/XcJzZbZ0cfjpPyD+qCr/o5gjjZByK3pqJdbzKOnKIXSk/tmzI3AbiUMQXz5CHBFSmeu7XVTFxb55cmPN9YdtkqqMhbMRkaKlaXxlZkgiX2wTT2P+bVDcRMFJWs+VVuvHmHo5djIgFTO12KDOT+13nKoqxPoz/FZ/nmUD/i1kR/PrArTEToMna/aKTowD4sZkgBE/ksqrZAR3LZfXs6n03rT4XHqyKoVyi+2QIEPJgbK0/AXLyVIbe+k2jY3Te6G/3jm7++G8XDQKs/lgGdnnvKBr1BXp7BKLngejvjKEVQTrm8BoJ76eqZDBcZ+u9KJih8+J7F6HWDPhaWGir+Ls7vyjstq7YScmhGfabhsZXBj84mRd8ljfJLzr1tz6dXLhr+Na5SEtRrfHQrl6k02/wKtKJSN6dHhHNoiMxco/TNxc23Tq3ppjcTkVLePMN7oERDPzVetcepFa+B98b3oKmtVN9H1pBBW+gkCwhvr6GrfQyb0EJH4/hZfl9MIIFjAYJKoZIhvcNAQcBoIIFfQSCBXkwggV1MIIFcQYLKoZIhvcNAQwKAQKgggU5MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQgYOXISN7448mJKsqaU/JQwICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEAAMPn748gKY5DhpF6wcXOoEggTQ+xT8WfPAsABdOi2PvpFmTNemCgehn0y19p6fmXgCL3FHoGljZW7j+COUclum7Rkgnwa/WsFppZeIhjrhnahN6+IuLj72vy9wYaScNaBWzzzA5OB3vWee0fw4z1w0JZVOhCNr+wn+lfHRaY8dYelFxKSdNdRH3HWRvPhxUthSrDHxrVAION23Kezzqz3gtEAnNwskLQgCzr3wI0pgjuYOuiXo0Lo5hTuOTQlAqs+thlZaan/y8V2mOXl7tw72zE+2XBaPIkyREteLwv5+ejeNJl6Pf5zDcO/6TT4uIiS4HGG6coKsh5rWmZZcMQFny5TSMH0tXz2GCy9eUz1J1wwnfh76su4765d9R6KVkqhvwNvUxqAR9z1h855JKtP+QlBhOTlQDuI9gDk5q+H+h+0FFjBL3Jr01oItdgiqPsVzRId1fbOyxNmk1MzZnk/Q2d5aS1lv8B2db/srkPNLw8MT5YNnKqpsPkrcoZqLasMxAWl1R9vxazZJUTWhdSmxwvp4ILl0lcilRoXp5c36EFX6vAPLIeEQj0a1bUWDxTx0a7DtIdJcfx610bvbp6zKJH5XBWF361DXwaiBqvFfBCOOM1aypxzfoIjv+soJNasnCKEtiy0QmveHnZHcjG15v3XSgCw6/TCHIUqPtDilUBxQZ/WT4vlWPdo3ytXPkehrWxDXz7ltS8QEzaWkjDTcFmSmWdewDfC+1waJW7yzDjcITBIHfPxKaW0C2FaWj2ATOzO37ih6cwYuaCPh7D1iFOb9DNM364UxUdq4dKaScMgaTVHYotU29lrpUM6GKPAj4KEf/4PEQP/Mgpps81IC93ZXXBV6nSTYXGjI7xI5joDewMZEkfuZkVibiSDgbV0eTWOHydfdvd9E7mF2gr3QUIU5zZ6u/rvZLeWOkNxhzx4BlRjNAj/4ly7dongSQ50Qp0UzcM6mL7XnEBjVJBwwpTh/hlys+ophB+OwoAtjQ/OgQRdaUsezMGh0VnlBGvWegc3ZFera596u4Nz6kIB5Qfn86qurL6Bqcr3gEsNrbWNXr9rH8lzhTVdVidhnALATPkGVIgqDt1EujK3bzY251Zbpe7UYvpdK0/JhUb5HoWYiAQ/+eXobaXBPXQM1BTtTTg76QN+MJUF3eCc0+moH8OXuraQ+Uz55cXQ2rhXE0zCWAFEla9HkyVPZGj4qZ4bXP0Fdvtogh3VieKIbfi+6X3aL8LWNmAeQ84bBemRaLQ4yyDKKmJCL+FYTp8DZVImn+ytG9ucUvbb8t1jAq4H4YVfFw4Tl+pMCncBBMpzJlQRefi/1BOh1nvcTevGElg671S8wNw6ZyJPknLOY3PH/sFlv1zgJHaqn8WHYsFI4SctwT+QoL6MriUlJnEOfgfb+7tK0w7s6XvyNXuD0TEWM7/+txsjMzLXblcSIqQnZaK1F9jcWwU/raO8ZstTpNNTYWBR/zGbtohN+/Lg7ZPqt01ITx8yUalEHXy1ftBbwbvow39kImWf7/APBdwhqoqRn++etiTaCGe2IWJywNpB2uEJtST2OQsXfd9cb2HOhL1AD41eNrOAROXLQ7JiPxVbBGEs2ng7dBdGfpQ99rAseFDL/EFDd/leFnGolQOCwU+WqujGeCxmkgn0fJZbwWYs3q+gxJTAjBgkqhkiG9w0BCRUxFgQUeGwbF0JvtSD0DWedKPyplVIFt5wwSTAxMA0GCWCGSAFlAwQCAQUABCCeIE2+8Drr37ej+RPfASUV47sGTFxNDWk4n7lBQqWqQgQQvUfLXplDNWIv9yFoAbPGnwICCAA=\",\"NEXT_PRIVATE_SIGNING_PASSPHRASE\":\"Wl0d8k@!@!ImEXSystems\",\"NEXT_PRIVATE_SMTP_FROM_ADDRESS\":\"no-reply@imex.online\",\"NEXT_PRIVATE_SMTP_FROM_NAME\":\"ImEX Sign\",\"NEXT_PRIVATE_SMTP_PASSWORD\":\"BJPF9NvYxkDn6BWkrmf6kkvVDFwC8/cB1NvHtC9Fd3j/\",\"NEXT_PRIVATE_SMTP_USERNAME\":\"AKIA2MRSPON3O6PRVUPE\",\"NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID\":\"AKIA2MRSPON3LYGF2HPA\",\"NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY\":\"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\"}", + "secret_string_wo": null, + "secret_string_wo_version": null, + "version_id": "terraform-20260413202325454100000001", + "version_stages": [ + "AWSCURRENT" + ] + }, + "sensitive_attributes": [ + [ + { + "type": "get_attr", + "value": "secret_binary" + } + ], + [ + { + "type": "get_attr", + "value": "secret_string" + } + ], + [ + { + "type": "get_attr", + "value": "secret_string_wo" + } + ] + ], + "identity_schema_version": 0, + "identity": { + "account_id": "714144183158", + "region": "ca-central-1", + "secret_id": "arn:aws:secretsmanager:ca-central-1:714144183158:secret:documenso/sign-imex-online/app-DNl1NE", + "version_id": "terraform-20260413202325454100000001" + }, + "private": "bnVsbA==", + "dependencies": [ + "aws_db_instance.postgres", + "aws_db_parameter_group.postgres", + "aws_db_subnet_group.this", + "aws_iam_access_key.documenso_upload", + "aws_iam_user.documenso_upload", + "aws_internet_gateway.this", + "aws_route_table.public", + "aws_route_table_association.database_public", + "aws_secretsmanager_secret.app", + "aws_security_group.alb", + "aws_security_group.db", + "aws_security_group.ecs", + "aws_subnet.database", + "aws_vpc.this", + "data.aws_availability_zones.available", + "data.aws_rds_engine_version.postgres", + "random_id.final_snapshot", + "random_password.db_password", + "random_password.encryption_key_primary", + "random_password.encryption_key_secondary", + "random_password.nextauth_secret" + ] + } + ] + }, { "mode": "managed", "type": "aws_security_group", @@ -2351,20 +3192,6 @@ } ] }, - { - "mode": "managed", - "type": "aws_ses_domain_dkim", - "name": "this", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [] - }, - { - "mode": "managed", - "type": "aws_ses_domain_identity", - "name": "this", - "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", - "instances": [] - }, { "mode": "managed", "type": "aws_subnet", @@ -2658,6 +3485,43 @@ } ] }, + { + "mode": "managed", + "type": "aws_wafv2_ip_set", + "name": "trusted_ipv4", + "provider": "provider[\"registry.terraform.io/hashicorp/aws\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "addresses": [ + "10.42.0.0/16", + "64.46.30.40/32" + ], + "arn": "arn:aws:wafv2:ca-central-1:714144183158:regional/ipset/documenso-trusted-ipv4/c3731d62-ee0c-4cff-bfc9-199b86cde469", + "description": "IPv4 CIDRs that bypass the Documenso WAF rules", + "id": "c3731d62-ee0c-4cff-bfc9-199b86cde469", + "ip_address_version": "IPV4", + "lock_token": "2bedc1da-5039-443c-a950-9ffac7fd5f9d", + "name": "documenso-trusted-ipv4", + "name_prefix": "", + "region": "ca-central-1", + "scope": "REGIONAL", + "tags": { + "Application": "documenso", + "ManagedBy": "Terraform" + }, + "tags_all": { + "Application": "documenso", + "ManagedBy": "Terraform" + } + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "bnVsbA==" + } + ] + }, { "mode": "managed", "type": "aws_wafv2_web_acl", @@ -2670,7 +3534,7 @@ "application_integration_url": "", "arn": "arn:aws:wafv2:ca-central-1:714144183158:regional/webacl/documenso-web-acl/04577153-2a1a-462c-94b8-b0a1804755bb", "association_config": [], - "capacity": 702, + "capacity": 703, "captcha_config": [], "challenge_config": [], "custom_response_body": [], @@ -2687,11 +3551,64 @@ ], "description": "WAF protection for Documenso", "id": "04577153-2a1a-462c-94b8-b0a1804755bb", - "lock_token": "a64452be-7ff7-4236-b192-0d8941153888", + "lock_token": "e71f2816-492c-4afc-acc2-3700795c2657", "name": "documenso-web-acl", "name_prefix": "", "region": "ca-central-1", "rule": [ + { + "action": [ + { + "allow": [ + { + "custom_request_handling": [] + } + ], + "block": [], + "captcha": [], + "challenge": [], + "count": [] + } + ], + "captcha_config": [], + "challenge_config": [], + "name": "AllowTrustedIpv4", + "override_action": [], + "priority": 0, + "rule_label": [], + "statement": [ + { + "and_statement": [], + "asn_match_statement": [], + "byte_match_statement": [], + "geo_match_statement": [], + "ip_set_reference_statement": [ + { + "arn": "arn:aws:wafv2:ca-central-1:714144183158:regional/ipset/documenso-trusted-ipv4/c3731d62-ee0c-4cff-bfc9-199b86cde469", + "ip_set_forwarded_ip_config": [] + } + ], + "label_match_statement": [], + "managed_rule_group_statement": [], + "not_statement": [], + "or_statement": [], + "rate_based_statement": [], + "regex_match_statement": [], + "regex_pattern_set_reference_statement": [], + "rule_group_reference_statement": [], + "size_constraint_statement": [], + "sqli_match_statement": [], + "xss_match_statement": [] + } + ], + "visibility_config": [ + { + "cloudwatch_metrics_enabled": true, + "metric_name": "AllowTrustedIpv4", + "sampled_requests_enabled": true + } + ] + }, { "action": [ { @@ -2812,7 +3729,7 @@ "Application": "documenso", "ManagedBy": "Terraform" }, - "token_domains": null, + "token_domains": [], "visibility_config": [ { "cloudwatch_metrics_enabled": true, @@ -2823,7 +3740,10 @@ }, "sensitive_attributes": [], "identity_schema_version": 0, - "private": "bnVsbA==" + "private": "bnVsbA==", + "dependencies": [ + "aws_wafv2_ip_set.trusted_ipv4" + ] } ] }, @@ -2850,6 +3770,7 @@ "aws_security_group.alb", "aws_subnet.public", "aws_vpc.this", + "aws_wafv2_ip_set.trusted_ipv4", "aws_wafv2_web_acl.this", "data.aws_availability_zones.available" ] diff --git a/server/esign/esign-new.js b/server/esign/esign-new.js index d75a20828..436ddde18 100644 --- a/server/esign/esign-new.js +++ b/server/esign/esign-new.js @@ -414,5 +414,6 @@ module.exports = { newCustomEsignDocument, distributeDocument, deleteDocument, - viewDocument + viewDocument, + getDocumensoClient } diff --git a/server/esign/webhook.js b/server/esign/webhook.js index 643482688..d0bd6efde 100644 --- a/server/esign/webhook.js +++ b/server/esign/webhook.js @@ -1,14 +1,10 @@ const { Documenso } = require("@documenso/sdk-typescript"); const logger = require("../utils/logger"); -const { QUERY_META_FOR_ESIG_COMPLETION, INSERT_ESIGNATURE_COMPLETED_DOCOUMENT, UPDATE_ESIGNATURE_DOCUMENT, DISTRIBUTE_ESIGNATURE_DOCUMENT } = require("../graphql-client/queries"); +const { QUERY_META_FOR_ESIG_COMPLETION, INSERT_ESIGNATURE_COMPLETED_DOCOUMENT, UPDATE_ESIGNATURE_DOCUMENT, DISTRIBUTE_ESIGNATURE_DOCUMENT, QUERY_DOCUMENSO_KEY, GET_DOCUMENSO_KEY_BY_JOBID } = require("../graphql-client/queries"); const { uploadFileBuffer } = require("../media/imgproxy-media"); const client = require('../graphql-client/graphql-client').client; -const documenso = new Documenso({ - apiKey: "api_io2lssosg9v4p2mb",// Centralize key and pull dynamically. - serverURL: "https://sign.imex.online/api/v2", -}); const webhookTypeEnums = { DOCUMENT_CREATED: "DOCUMENT_CREATED", @@ -32,6 +28,7 @@ async function esignWebhook(req, res) { //TODO: Implement checks to prevent this from going backwards in status? If a request fails, it retries, which could cause a document marked as completed to be marked as rejected if the rejection event is processed after the completion event. switch (message.event) { case webhookTypeEnums.DOCUMENT_OPENED: + //TODO: DR: Add notification for document opened. await client.request(UPDATE_ESIGNATURE_DOCUMENT, { external_document_id: documentId, esig_update: { @@ -51,16 +48,14 @@ async function esignWebhook(req, res) { break; case webhookTypeEnums.DOCUMENT_CREATED: //This is largely a throwaway event we know it was created. - console.log("Document created event received. Document ID:", documentId); // Here you can add any additional processing you want to do when a document is created break; case webhookTypeEnums.DOCUMENT_COMPLETED: - console.log("Document completed event received. Document ID:", documentId); + //TODO: DR: Add notification for document completed. await handleDocumentCompleted(message.payload); // Here you can add any additional processing you want to do when a document is completed break; case webhookTypeEnums.DOCUMENT_SIGNED: - console.log("Document signed event received. Document ID:", documentId); // Here you can add any additional processing you want to do when a document is signed await client.request(UPDATE_ESIGNATURE_DOCUMENT, { external_document_id: documentId, @@ -98,6 +93,17 @@ async function handleDocumentCompleted(payload) { const { jobs_by_pk } = await client.request(QUERY_META_FOR_ESIG_COMPLETION, { jobid }); + + //Have to use globally authed cleint since this a webhook. + const { jobs_by_pk: { bodyshop: { documenso_api_key } } } = await client.request(GET_DOCUMENSO_KEY_BY_JOBID, { + jobid, + + }) + const documenso = new Documenso({ + apiKey: documenso_api_key, + serverURL: "https://sign.imex.online/api/v2", + }); + const document = await documenso.document.documentDownload({ documentId: payload.id, }); diff --git a/server/graphql-client/queries.js b/server/graphql-client/queries.js index 2697998c9..6f70a1d4e 100644 --- a/server/graphql-client/queries.js +++ b/server/graphql-client/queries.js @@ -3345,4 +3345,14 @@ exports.QUERY_DOCUMENSO_KEY = `query QUERY_DOCUMENTS_KEY($bodyshopid: uuid!) { documenso_api_key } } +` + +exports.GET_DOCUMENSO_KEY_BY_JOBID = `query GET_DOCUMENSO_KEY_BY_JOBID($jobid: uuid!) { + jobs_by_pk(id: $jobid) { + id + bodyshop { + documenso_api_key + } + } +} ` \ No newline at end of file