Migrate non-compliant c5.large instance to t3 platform standard #415 #418
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update compliance fix
|
🚀 env0 had composed a PR Plan for environment Terraform Example / production : Plan DetailsTerraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
! update in-place
Terraform will perform the following actions:
# module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0] will be created
+ resource "aws_cloudwatch_metric_alarm" "cpu_credits" {
+ actions_enabled = true
+ alarm_actions = [
+ "arn:aws:sns:eu-west-2:540044833068:api-51c748b4-alerts",
]
+ alarm_description = "CPU credit balance is low"
+ alarm_name = "api-51c748b4-cpu-credits-low"
+ arn = (known after apply)
+ comparison_operator = "LessThanThreshold"
+ dimensions = {
+ "InstanceId" = "i-057105c8b13bee63a"
}
+ evaluate_low_sample_count_percentiles = (known after apply)
+ evaluation_periods = 2
+ id = (known after apply)
+ metric_name = "CPUCreditBalance"
+ namespace = "AWS/EC2"
+ ok_actions = [
+ "arn:aws:sns:eu-west-2:540044833068:api-51c748b4-alerts",
]
+ period = 300
+ statistic = "Average"
+ tags = {
+ "CostCenter" = "engineering"
+ "Environment" = "production"
+ "ManagedBy" = "terraform"
+ "Name" = "api-51c748b4-credits-alarm"
+ "Project" = "api-platform"
+ "Workload" = "cpu-intensive"
}
+ tags_all = {
+ "CostCenter" = "engineering"
+ "Environment" = "production"
+ "ManagedBy" = "terraform"
+ "Name" = "api-51c748b4-credits-alarm"
+ "Project" = "api-platform"
+ "Workload" = "cpu-intensive"
}
+ threshold = 50
+ treat_missing_data = "missing"
}
# module.api_server.aws_instance.api_server[0] will be updated in-place
! resource "aws_instance" "api_server" {
id = "i-057105c8b13bee63a"
! instance_type = "c5.large" -> "t3.large"
! public_dns = "ec2-35-178-211-139.eu-west-2.compute.amazonaws.com" -> (known after apply)
! public_ip = "35.178.211.139" -> (known after apply)
tags = {
"CostCenter" = "engineering"
"Environment" = "production"
"ManagedBy" = "terraform"
"Name" = "api-51c748b4-api-server"
"Project" = "api-platform"
"Workload" = "cpu-intensive"
}
! user_data = "acf40314e678f506b36da3c78022132136664591" -> "53cc44b24699094d69344f1f1ffe1416cd20ba52"
# (29 unchanged attributes hidden)
+ credit_specification {
+ cpu_credits = "standard"
}
# (7 unchanged blocks hidden)
}
# module.heritage[0].aws_rds_cluster.face_database will be updated in-place
! resource "aws_rds_cluster" "face_database" {
id = "facial-recognition-terraform-example"
tags = {}
# (46 unchanged attributes hidden)
# (1 unchanged block hidden)
}
Plan: 1 to add, 2 to change, 0 to destroy.
|
|
Open in Overmind ↗
🔴 Change SignalsRoutine 🔴 🔥 RisksSwitching c5.large to t3.large (standard credits) will throttle a CPU‑intensive production API and cause availability degradation Once throttled, the instance will struggle to respond within the ALB health check’s 5‑second timeout on /health, leading to unhealthy targets and potential loss of availability. Meanwhile, the existing >80% CPU alarm may stay quiet because CPUUtilization can sit near the throttled baseline, giving misleading signals while the service degrades. 🟣 Expected Changes~ ec2-instance › i-057105c8b13bee63a--- current
+++ proposed
@@ -13,4 +13,6 @@
threads_per_core: 2
cpu_threads_per_core: 2
+ credit_specification:
+ - cpu_credits: standard
disable_api_stop: false
disable_api_termination: false
@@ -26,5 +28,5 @@
instance_initiated_shutdown_behavior: stop
instance_state: running
- instance_type: c5.large
+ instance_type: t3.large
ipv6_address_count: 0
maintenance_options:
@@ -45,6 +47,6 @@
hostname_type: ip-name
private_ip: 10.0.101.119
- public_dns: ec2-35-178-211-139.eu-west-2.compute.amazonaws.com
- public_ip: 35.178.211.139
+ public_dns: (known after apply)
+ public_ip: (known after apply)
root_block_device:
- delete_on_termination: true
@@ -90,5 +92,5 @@
terraform_name: module.api_server.aws_instance.api_server[0]
timeouts: null
- user_data: acf40314e678f506b36da3c78022132136664591
+ user_data: 53cc44b24699094d69344f1f1ffe1416cd20ba52
user_data_base64: null
user_data_replace_on_change: false
🟠 Unmapped Changes+ cloudwatch-alarm › module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]--- current
+++ proposed
@@ -0,0 +1,44 @@
+type: cloudwatch-alarm
+id: github.com/overmindtech/terraform-example.cloudwatch-alarm.module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]
+attributes:
+ actions_enabled: true
+ alarm_actions:
+ - arn:aws:sns:eu-west-2:540044833068:api-51c748b4-alerts
+ alarm_description: CPU credit balance is low
+ alarm_name: api-51c748b4-cpu-credits-low
+ arn: (known after apply)
+ comparison_operator: LessThanThreshold
+ datapoints_to_alarm: null
+ dimensions:
+ InstanceId: i-057105c8b13bee63a
+ evaluate_low_sample_count_percentiles: (known after apply)
+ evaluation_periods: 2
+ extended_statistic: null
+ id: (known after apply)
+ insufficient_data_actions: null
+ metric_name: CPUCreditBalance
+ namespace: AWS/EC2
+ ok_actions:
+ - arn:aws:sns:eu-west-2:540044833068:api-51c748b4-alerts
+ period: 300
+ statistic: Average
+ tags:
+ CostCenter: engineering
+ Environment: production
+ ManagedBy: terraform
+ Name: api-51c748b4-credits-alarm
+ Project: api-platform
+ Workload: cpu-intensive
+ tags_all:
+ CostCenter: engineering
+ Environment: production
+ ManagedBy: terraform
+ Name: api-51c748b4-credits-alarm
+ Project: api-platform
+ Workload: cpu-intensive
+ terraform_address: module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]
+ terraform_name: module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]
+ threshold: 50
+ threshold_metric_id: null
+ treat_missing_data: missing
+ unit: null
💥 Blast RadiusItems Edges |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Migrate non-compliant c5.large instance to t3 platform standard
Instance Details:
• Instance ID: i-0a1b2c3d4e5f67890
• Name: api-prod-server
• Current Type: c5.large (non-compliant)
• Target Type: t3.large (compliant)
• Environment: Production
• Region: eu-west-2
Justification:
Per platform standard PS-2024-003, all EC2 instances should use t3 instance family to leverage pre-purchased Savings Plans. This instance was flagged during monthly compliance audit.
✓ This is a Standard Change (SC-0042: Instance Family Migration) and does not require CAB approval. Instance specifications (2 vCPU, 4GB RAM) remain unchanged.