 Evert Daniel Romero Garrido
|
aaa2c06c30
|
feat(terraform): Add lifecycle rules and import blocks for existing resources
Lifecycle Rules:
- Add prevent_destroy = true to all 32+ resources
- Add ignore_changes = [tags] to prevent tag drift from causing recreation
- Add ignore_changes = [tags, user_data, ami, iam_instance_profile] for EC2
- Preserve existing create_before_destroy for security groups and ACM
Import Blocks (orphaned resources):
- Lambda: sacc4-stop-instances
- Lambda: sacc4-start-instances
- EventBridge: sacc4-stop-instances-schedule
- EventBridge: sacc4-start-instances-schedule
Data Sources:
- aws_instances.existing_api (detect EC2 duplicates)
- aws_db_instance.existing (detect RDS duplicates)
- aws_nat_gateways.existing (detect NAT GW duplicates)
- aws_cloudfront_distribution.existing (detect CloudFront duplicates)
Variables:
- db_identifier: for RDS duplicate detection
- cloudfront_distribution_id: for CloudFront duplicate detection
Validation Results:
- terraform validate: PASSED
- terraform plan: 0 to add, 1 to change, 0 to destroy
- No resources marked for recreation
Orphan EIP detected:
- eipalloc-0bdf9c47a80885c7a (78.13.177.201) unattached
- Requires manual cleanup or investigation
Refs: AWS Resource Validation - May 2026
|
2026-05-07 11:12:24 -06:00 |
|
|
Evert Daniel Romero Garrido
|
7e0c764f3f
|
feat(terraform): agregar permisos sudo para thoth y mejorar seguridad
- Configurar permisos sudo completos para usuario thoth:
* Editar /etc/sacc4/sacc4.env
* Gestionar servicios api-sacc4-*.service
* Editar archivos systemd
* Control total de /opt/sacc4
- Eliminar acceso SSH abierto (0.0.0.0/0)
- Agregar soporte AWS Systems Manager Session Manager
- Actualizar llave SSH a sacc-prod-key-2026
- Preservar tags de scheduling (AutoStart/AutoStop) en EC2 y RDS
- Agregar variable allowed_ssh_cidrs para acceso de emergencia
BREAKING CHANGE: SSH restringido, usar Session Manager como acceso principal
|
2026-05-07 09:44:44 -06:00 |
|
Evert Daniel Romero Garrido