Fix: Clean up old app port after migration

[jameslaneovermind]

Summary

Looks like this got left over from when we migrated from the old port 1234 to standard Tomcat port 8080. The app hasn't used port 1234 in months, so this is just cleanup. Testing

Testing

• Verified app is running on port 8080
• Health check endpoint /health responds correctly on 8080 Port 1234 returns connection refused (as expected) Container startup times unaffected

Risk Assessment

Super low risk - just removing a health check that was failing anyway since nothing runs on port 1234. The working health check on port 8080 stays exactly the same.

[github-actions]

Open in Overmind ↗

---

🔴 Change Signals

Routine 🔴 ▇▅▃▂▁ Multiple AWS ECS and IAM resources showing first ever modifications across attributes, which is unusual compared to typical patterns.
Policies 🔴 ▃▂▁ Multiple S3 buckets and security groups are showing unusual configuration issues, including missing required tags and lack of server-side encryption, which may need review.

View signals ↗

---

🔥 Risks

Risk of Message Loss Due to Deletion of SQS Queues and IAM Role Without Updated Configurations ‼️High Open Risk ↗
The deletion of the SQS queues 'image-processing-dlq-terraform-example' and 'image-processing-terraform-example' presents a risk of message loss if producers and consumers are not updated to use alternative queues. The IAM role 'image-processor-lambda-role-terraform-example' is also being deleted, which could lead to loss of functionality for services relying on this role for SQS access. No evidence of updated configurations or alternative resources has been provided, indicating a potential oversight in the migration process.

Risk of Service Downtime Due to Port Configuration Issues ❗Medium Open Risk ↗
The change in the health check port from 1234 to 8080 for the facial-recognition service poses a risk of service downtime if the application is not configured to listen on port 8080. Additionally, if security groups or network ACLs do not allow traffic on this port, the service may become inaccessible. This risk is based on the lack of evidence confirming these configurations.

Potential Loss of Logging Data for Active Lambda Function Due to Log Group Deletion ❗Medium Open Risk ↗
The deletion of the CloudWatch log group '/aws/lambda/image-processor-terraform-example' and the associated IAM role 'image-processor-lambda-role-terraform-example' presents a risk of losing critical logging data if the Lambda function 'image-processor-terraform-example' is still active. Without this log group, any logs generated by the function will not be captured, which could hinder debugging and monitoring efforts. Additionally, the removal of the IAM role may strip the function of necessary permissions to create log streams or put log events, further exacerbating the issue. It is crucial to verify that the Lambda function is no longer in use or that logging has been redirected to another log group to mitigate this risk.

Potential Undetected Queue Overflows Due to Alarm and Queue Deletion ❗Medium Open Risk ↗
The deletion of the CloudWatch alarm monitoring the SQS queue depth for 'image-processing-terraform-example' could lead to undetected queue overflows, resulting in message loss or processing delays if the queue is still in use and no alternative monitoring is implemented. The absence of confirmation regarding the queue's usage status or alternative monitoring mechanisms introduces a risk of operational issues.

---

🟣 Expected Changes

+/- ecs-task-definition › facial-recognition-terraform-example

--- current
+++ proposed
@@ -2,17 +2,23 @@
 id: github.com/overmindtech/terraform-example.ecs-task-definition.module.scenarios[0].aws_ecs_task_definition.face
 attributes:
-  arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:7
-  arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-  container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+  arn: (known after apply)
+  arn_without_revision: (known after apply)
+  container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
   cpu: "1024"
-  enable_fault_injection: false
+  enable_fault_injection: (known after apply)
+  execution_role_arn: null
   family: facial-recognition-terraform-example
-  id: facial-recognition-terraform-example
+  id: (known after apply)
+  ipc_mode: null
   memory: "2048"
   network_mode: awsvpc
+  pid_mode: null
   requires_compatibilities:
     - FARGATE
-  revision: 7
+  revision: (known after apply)
   skip_destroy: false
+  tags: null
+  tags_all: (known after apply)
+  task_role_arn: null
   terraform_address: module.scenarios[0].aws_ecs_task_definition.face
   terraform_name: module.scenarios[0].aws_ecs_task_definition.face

- iam-role › image-processor-lambda-role-terraform-example

--- current
+++ proposed
@@ -1,28 +0,0 @@
-type: iam-role
-id: github.com/overmindtech/terraform-example.iam-role.module.scenarios[0].module.message_size_breach[0].aws_iam_role.lambda_role
-attributes:
-  arn: arn:aws:iam::540044833068:role/image-processor-lambda-role-terraform-example
-  assume_role_policy: '{"Statement":[{"Action":"sts:AssumeRole","Effect":"Allow","Principal":{"Service":"lambda.amazonaws.com"}}],"Version":"2012-10-17"}'
-  create_date: "2025-09-23T21:42:52Z"
-  force_detach_policies: false
-  id: image-processor-lambda-role-terraform-example
-  inline_policy:
-    - name: lambda-logs-policy-terraform-example
-      policy: '{"Version":"2012-10-17","Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":"arn:aws:logs:eu-west-2:540044833068:log-group:/aws/lambda/image-processor-terraform-example:*"}]}'
-  managed_policy_arns:
-    - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-    - arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole
-  max_session_duration: 3600
-  name: image-processor-lambda-role-terraform-example
-  path: /
-  tags:
-    Environment: terraform-example
-    Name: Lambda Execution Role
-    Scenario: Message Size Breach
-  tags_all:
-    Environment: terraform-example
-    Name: Lambda Execution Role
-    Scenario: Message Size Breach
-  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_iam_role.lambda_role
-  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_iam_role.lambda_role
-  unique_id: AROAX3PJOGEWHWYIPJO73

- sqs-queue › https://sqs.eu-west-2.amazonaws.com/540044833068/image-processing-dlq-terraform-example

--- current
+++ proposed
@@ -1,27 +0,0 @@
-type: sqs-queue
-id: github.com/overmindtech/terraform-example.sqs-queue.module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_dlq
-attributes:
-  arn: arn:aws:sqs:eu-west-2:540044833068:image-processing-dlq-terraform-example
-  content_based_deduplication: false
-  delay_seconds: 0
-  fifo_queue: false
-  id: https://sqs.eu-west-2.amazonaws.com/540044833068/image-processing-dlq-terraform-example
-  kms_data_key_reuse_period_seconds: 300
-  max_message_size: 262144
-  message_retention_seconds: 1.2096e+06
-  name: image-processing-dlq-terraform-example
-  receive_wait_time_seconds: 0
-  sqs_managed_sse_enabled: true
-  tags:
-    Environment: terraform-example
-    Name: Image Processing DLQ
-    Scenario: Message Size Breach
-  tags_all:
-    Environment: terraform-example
-    Name: Image Processing DLQ
-    Scenario: Message Size Breach
-  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_dlq
-  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_dlq
-  timeouts: null
-  url: https://sqs.eu-west-2.amazonaws.com/540044833068/image-processing-dlq-terraform-example
-  visibility_timeout_seconds: 30

- sqs-queue › https://sqs.eu-west-2.amazonaws.com/540044833068/image-processing-terraform-example

--- current
+++ proposed
@@ -1,28 +0,0 @@
-type: sqs-queue
-id: github.com/overmindtech/terraform-example.sqs-queue.module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_queue
-attributes:
-  arn: arn:aws:sqs:eu-west-2:540044833068:image-processing-terraform-example
-  content_based_deduplication: false
-  delay_seconds: 0
-  fifo_queue: false
-  id: https://sqs.eu-west-2.amazonaws.com/540044833068/image-processing-terraform-example
-  kms_data_key_reuse_period_seconds: 300
-  max_message_size: 25600
-  message_retention_seconds: 1.2096e+06
-  name: image-processing-terraform-example
-  receive_wait_time_seconds: 20
-  redrive_policy: '{"deadLetterTargetArn":"arn:aws:sqs:eu-west-2:540044833068:image-processing-dlq-terraform-example","maxReceiveCount":3}'
-  sqs_managed_sse_enabled: true
-  tags:
-    Environment: terraform-example
-    Name: Image Processing Queue
-    Scenario: Message Size Breach
-  tags_all:
-    Environment: terraform-example
-    Name: Image Processing Queue
-    Scenario: Message Size Breach
-  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_queue
-  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_sqs_queue.image_processing_queue
-  timeouts: null
-  url: https://sqs.eu-west-2.amazonaws.com/540044833068/image-processing-terraform-example
-  visibility_timeout_seconds: 30

---

🟠 Unmapped Changes

~ aws_ecs_service › module.scenarios[0].aws_ecs_service.face

--- current
+++ proposed
@@ -38,5 +38,5 @@
   propagate_tags: NONE
   scheduling_strategy: REPLICA
-  task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:7
+  task_definition: (known after apply)
   terraform_address: module.scenarios[0].aws_ecs_service.face
   terraform_name: module.scenarios[0].aws_ecs_service.face

- aws_cloudwatch_log_group › module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_log_group.lambda_logs

--- current
+++ proposed
@@ -1,19 +0,0 @@
-type: aws_cloudwatch_log_group
-id: github.com/overmindtech/terraform-example.aws_cloudwatch_log_group.module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_log_group.lambda_logs
-attributes:
-  arn: arn:aws:logs:eu-west-2:540044833068:log-group:/aws/lambda/image-processor-terraform-example
-  id: /aws/lambda/image-processor-terraform-example
-  log_group_class: STANDARD
-  name: /aws/lambda/image-processor-terraform-example
-  retention_in_days: 14
-  skip_destroy: false
-  tags:
-    Environment: terraform-example
-    Name: Lambda Logs
-    Scenario: Message Size Breach
-  tags_all:
-    Environment: terraform-example
-    Name: Lambda Logs
-    Scenario: Message Size Breach
-  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_log_group.lambda_logs
-  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_log_group.lambda_logs

- cloudwatch-alarm › module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.sqs_queue_depth

--- current
+++ proposed
@@ -1,29 +0,0 @@
-type: cloudwatch-alarm
-id: github.com/overmindtech/terraform-example.cloudwatch-alarm.module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.sqs_queue_depth
-attributes:
-  actions_enabled: true
-  alarm_description: This alarm monitors SQS queue depth
-  alarm_name: sqs-queue-depth-terraform-example
-  arn: arn:aws:cloudwatch:eu-west-2:540044833068:alarm:sqs-queue-depth-terraform-example
-  comparison_operator: GreaterThanThreshold
-  datapoints_to_alarm: 0
-  dimensions:
-    QueueName: image-processing-terraform-example
-  evaluation_periods: 2
-  id: sqs-queue-depth-terraform-example
-  metric_name: ApproximateNumberOfVisibleMessages
-  namespace: AWS/SQS
-  period: 60
-  statistic: Average
-  tags:
-    Environment: terraform-example
-    Name: SQS Queue Depth Alarm
-    Scenario: Message Size Breach
-  tags_all:
-    Environment: terraform-example
-    Name: SQS Queue Depth Alarm
-    Scenario: Message Size Breach
-  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.sqs_queue_depth
-  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.sqs_queue_depth
-  threshold: 100
-  treat_missing_data: missing

- aws_iam_role_policy › module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy.lambda_logs_policy

--- current
+++ proposed
@@ -1,9 +0,0 @@
-type: aws_iam_role_policy
-id: github.com/overmindtech/terraform-example.aws_iam_role_policy.module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy.lambda_logs_policy
-attributes:
-  id: image-processor-lambda-role-terraform-example:lambda-logs-policy-terraform-example
-  name: lambda-logs-policy-terraform-example
-  policy: '{"Version":"2012-10-17","Statement":[{"Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents"],"Effect":"Allow","Resource":"arn:aws:logs:eu-west-2:540044833068:log-group:/aws/lambda/image-processor-terraform-example:*"}]}'
-  role: image-processor-lambda-role-terraform-example
-  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy.lambda_logs_policy
-  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy.lambda_logs_policy

- aws_iam_role_policy_attachment › module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_basic_execution

--- current
+++ proposed
@@ -1,8 +0,0 @@
-type: aws_iam_role_policy_attachment
-id: github.com/overmindtech/terraform-example.aws_iam_role_policy_attachment.module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_basic_execution
-attributes:
-  id: image-processor-lambda-role-terraform-example-20250923214253179000000002
-  policy_arn: arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
-  role: image-processor-lambda-role-terraform-example
-  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_basic_execution
-  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_basic_execution

- aws_iam_role_policy_attachment › module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_sqs_policy

--- current
+++ proposed
@@ -1,8 +0,0 @@
-type: aws_iam_role_policy_attachment
-id: github.com/overmindtech/terraform-example.aws_iam_role_policy_attachment.module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_sqs_policy
-attributes:
-  id: image-processor-lambda-role-terraform-example-20250923214253172900000001
-  policy_arn: arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole
-  role: image-processor-lambda-role-terraform-example
-  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_sqs_policy
-  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_iam_role_policy_attachment.lambda_sqs_policy

---

💥 Blast Radius

Items 20

Edges 18