Align API server with t3 platform standards

[jameslaneovermind]

No description provided.

[env0]

🚀  env0 had composed a PR Plan for environment Terraform Example / production :

Plan: 1 to add, 2 to change, 0 to destroy.

Plan Details

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+   create
!   update in-place

Terraform will perform the following actions:


  # module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0] will be created
+   resource "aws_cloudwatch_metric_alarm" "cpu_credits" {
+       actions_enabled                       = true
+       alarm_actions                         = [
+           "arn:aws:sns:eu-west-2:540044833068:api-51c748b4-alerts",
        ]
+       alarm_description                     = "CPU credit balance is low"
+       alarm_name                            = "api-51c748b4-cpu-credits-low"
+       arn                                   = (known after apply)
+       comparison_operator                   = "LessThanThreshold"
+       dimensions                            = {
+           "InstanceId" = "i-0ab8548514d9e361b"
        }
+       evaluate_low_sample_count_percentiles = (known after apply)
+       evaluation_periods                    = 2
+       id                                    = (known after apply)
+       metric_name                           = "CPUCreditBalance"
+       namespace                             = "AWS/EC2"
+       ok_actions                            = [
+           "arn:aws:sns:eu-west-2:540044833068:api-51c748b4-alerts",
        ]
+       period                                = 300
+       statistic                             = "Average"
+       tags                                  = {
+           "CostCenter"  = "engineering"
+           "Environment" = "production"
+           "ManagedBy"   = "terraform"
+           "Name"        = "api-51c748b4-credits-alarm"
+           "Project"     = "api-platform"
+           "Workload"    = "cpu-intensive"
        }
+       tags_all                              = {
+           "CostCenter"  = "engineering"
+           "Environment" = "production"
+           "ManagedBy"   = "terraform"
+           "Name"        = "api-51c748b4-credits-alarm"
+           "Project"     = "api-platform"
+           "Workload"    = "cpu-intensive"
        }
+       threshold                             = 50
+       treat_missing_data                    = "missing"
    }

  # module.api_server.aws_instance.api_server[0] will be updated in-place
!   resource "aws_instance" "api_server" {
        id                                   = "i-0ab8548514d9e361b"
!       instance_type                        = "c5.large" -> "t3.large"
!       public_dns                           = "ec2-18-171-170-192.eu-west-2.compute.amazonaws.com" -> (known after apply)
!       public_ip                            = "18.171.170.192" -> (known after apply)
        tags                                 = {
            "CostCenter"  = "engineering"
            "Environment" = "production"
            "ManagedBy"   = "terraform"
            "Name"        = "api-51c748b4-api-server"
            "Project"     = "api-platform"
            "Workload"    = "cpu-intensive"
        }
!       user_data                            = "1ffd9ca91b1b9ea29b17ccb86b019b0e7cfd294b" -> "c782caf2bd74e9c9832c5fe384df9b4341790cf5"
        # (29 unchanged attributes hidden)

        # (7 unchanged blocks hidden)
    }

  # module.heritage[0].aws_rds_cluster.face_database will be updated in-place
!   resource "aws_rds_cluster" "face_database" {
        id                                    = "facial-recognition-terraform-example"
        tags                                  = {}
        # (46 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 2 to change, 0 to destroy.

Monthly cost change for overmindtech/terraform-example/env0_tf_plan.json
Amount:  -$5 ($376 → $372)
Percent: -1%

Cost Estimation Details

Key: * usage cost, ~ changed, + added, - removed

──────────────────────────────────
Project: overmindtech/terraform-example/env0_tf_plan.json

+ module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]
  +$0.10

+     Standard resolution
      +$0.10

! module.api_server.aws_instance.api_server[0]
  -$5 ($74 → $70)

!     Instance usage (Linux/UNIX, on-demand, c5.large → t3.large)
      -$5 ($74 → $69)

Monthly cost change for overmindtech/terraform-example/env0_tf_plan.json
Amount:  -$5 ($376 → $372)
Percent: -1%

──────────────────────────────────
Key: * usage cost, ~ changed, + added, - removed

*Usage costs can be estimated by updating Infracost Cloud settings, see docs for other options.

138 cloud resources were detected:
∙ 45 were estimated
∙ 91 were free
∙ 2 are not supported yet, see https://infracost.io/requested-resources:
  ∙ 1 x aws_cloudfront_monitoring_subscription
  ∙ 1 x aws_cloudwatch_query_definition

Infracost estimate: Monthly estimate decreased by $5 ↓
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━┳━━━━━━━━━━━━━━┓
┃ Changed project                                    ┃ Baseline cost ┃ Usage cost* ┃ Total change ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━╋━━━━━━━━━━━━━━┫
┃ overmindtech/terraform-example/env0_tf_plan.json   ┃           -$5 ┃           - ┃    -$5 (-1%) ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━┻━━━━━━━━━━━━━━┛

Full PR Plan logs on env0

[github-actions]

Open in Overmind ↗

---

model|risks_v6

🔴 Change Signals

Routine 🔴 ▇▅▃▂▁ Multiple AWS resources showing first ever modifications across various attributes, which is unusual compared to typical patterns.
Policies 🔴 ▃▂▁ Multiple S3 buckets and security groups are showing unusual policy violations, including missing server-side encryption and required tags, and allowing SSH access from anywhere, which may need review.

View signals ↗

---

🔥 Risks

Moving a sustained high-CPU production API to t3.large will throttle after CPU credit exhaustion, degrading API performance and health ‼️High Open Risk ↗
Switching the production API server i-0ab8548514d9e361b from c5.large to the burstable t3.large will subject a cpu-intensive workload that currently sustains around 70% CPU to CPU credit depletion and throttling. Once credits are exhausted, the instance will be limited to burstable baseline performance, which is below the service’s steady-state demand, causing immediate throughput reduction and latency spikes.

Because the api-51c748b4-tg target group has this instance as a single healthy target on port 80, throttling will directly degrade request handling and can lead to failed health checks and loss of healthy capacity behind the ALB. CloudWatch’s high CPU alarm is already configured for this instance, indicating sensitivity to CPU saturation; after the change, the service will operate in a throttled state under normal load, producing user-visible performance regressions and potential intermittent 5xx responses.

Deleting in-use security group sg-0437857de45b640ce will break i-060c5af731ee54cc9 connectivity or fail the deployment ‼️High Open Risk ↗
The change deletes security group sg-0437857de45b640ce while it is the only group attached to ENI eni-06f63df9fa5b5a639 on EC2 instance i-060c5af731ee54cc9. This group currently allows SSH (22), HTTP (80), and all outbound traffic. Removing it without first reassigning an equivalent group will eliminate these rules for the instance.

At apply time, AWS will either block deletion due to the active attachment, causing the deployment to fail, or the ENI will be moved to a different/default group that lacks these allowances, making the instance unreachable for SSH and HTTP and breaking outbound internet access for monitoring/updates. This will disrupt management access and any services or agents on the instance that require egress.

Deleting i-05935b348f7396682 removes the api-server host, its IP endpoints, and destroys the root EBS volume ❗Medium Open Risk ↗
Deleting EC2 instance i-05935b348f7396682 will take the api-server host offline and release its network endpoints. The instance currently exposes public IP 35.179.104.178 and private IP 10.0.101.155 via primary ENI eni-0626bab0a1043f8b0; termination will remove these IPs/DNS names and stop its CloudWatch instance metrics.

Its root volume vol-00c93c2a4a8db3559 is configured with DeleteOnTermination=true, so any state on the instance’s root disk will be irretrievably lost. Any clients, scripts, or integrations that directly reach this host by IP/DNS or reference the instance-id will fail until redirected to a replacement.

---

🟣 Expected Changes

~ ec2-instance › i-0ab8548514d9e361b

--- current
+++ proposed
@@ -26,5 +26,5 @@
   instance_initiated_shutdown_behavior: stop
   instance_state: running
-  instance_type: c5.large
+  instance_type: t3.large
   ipv6_address_count: 0
   maintenance_options:
@@ -45,6 +45,6 @@
       hostname_type: ip-name
   private_ip: 10.0.101.88
-  public_dns: ec2-18-130-122-127.eu-west-2.compute.amazonaws.com
-  public_ip: 18.130.122.127
+  public_dns: (known after apply)
+  public_ip: (known after apply)
   root_block_device:
     - delete_on_termination: true
@@ -90,5 +90,5 @@
   terraform_name: module.api_server.aws_instance.api_server[0]
   timeouts: null
-  user_data: 627f06eeee1e41f87d9e55ae56203ae81058d890
+  user_data: c782caf2bd74e9c9832c5fe384df9b4341790cf5
   user_data_base64: null
   user_data_replace_on_change: false

- ec2-instance › i-05935b348f7396682

--- current
+++ proposed
@@ -1,82 +0,0 @@
-type: ec2-instance
-id: github.com/overmindtech/terraform-example.ec2-instance.module.shared_security_group.aws_instance.api_server[0]
-attributes:
-  ami: ami-02a95139d1d364420
-  arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-05935b348f7396682
-  associate_public_ip_address: true
-  availability_zone: eu-west-2a
-  capacity_reservation_specification:
-    - capacity_reservation_preference: open
-  cpu_core_count: 1
-  cpu_options:
-    - core_count: 1
-      threads_per_core: 2
-  cpu_threads_per_core: 2
-  credit_specification:
-    - cpu_credits: unlimited
-  disable_api_stop: false
-  disable_api_termination: false
-  ebs_optimized: false
-  enable_primary_ipv6: null
-  enclave_options:
-    - enabled: false
-  get_password_data: false
-  hibernation: false
-  host_resource_group_arn: null
-  id: i-05935b348f7396682
-  instance_initiated_shutdown_behavior: stop
-  instance_state: running
-  instance_type: t3.nano
-  ipv6_address_count: 0
-  maintenance_options:
-    - auto_recovery: default
-  metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-  monitoring: false
-  placement_partition_number: 0
-  primary_network_interface_id: eni-0626bab0a1043f8b0
-  private_dns: ip-10-0-101-155.eu-west-2.compute.internal
-  private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-  private_ip: 10.0.101.155
-  public_dns: ec2-35-179-104-178.eu-west-2.compute.amazonaws.com
-  public_ip: 35.179.104.178
-  root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 3000
-      throughput: 125
-      volume_id: vol-00c93c2a4a8db3559
-      volume_size: 8
-      volume_type: gp3
-  source_dest_check: true
-  subnet_id: subnet-0a1b287732e8ad0b7
-  tags:
-    Environment: production
-    ManagedBy: terraform
-    Name: api-server
-    Project: platform-services
-    Team: platform
-  tags_all:
-    Environment: production
-    ManagedBy: terraform
-    Name: api-server
-    Project: platform-services
-    Team: platform
-  tenancy: default
-  terraform_address: module.shared_security_group.aws_instance.api_server[0]
-  terraform_name: module.shared_security_group.aws_instance.api_server[0]
-  timeouts: null
-  user_data: 146523b0a5c60264146991ccc0576cc1b24e25c3
-  user_data_base64: null
-  user_data_replace_on_change: false
-  volume_tags: null
-  vpc_security_group_ids:
-    - sg-0437857de45b640ce

- ec2-security-group › sg-0437857de45b640ce

--- current
+++ proposed
@@ -1,50 +0,0 @@
-type: ec2-security-group
-id: github.com/overmindtech/terraform-example.ec2-security-group.module.shared_security_group.aws_security_group.internet_access[0]
-attributes:
-  arn: arn:aws:ec2:eu-west-2:540044833068:security-group/sg-0437857de45b640ce
-  description: Allow outbound internet access
-  egress:
-    - cidr_blocks:
-        - 0.0.0.0/0
-      description: Allow all outbound traffic
-      from_port: 0
-      protocol: "-1"
-      self: false
-      to_port: 0
-  id: sg-0437857de45b640ce
-  ingress:
-    - cidr_blocks:
-        - 0.0.0.0/0
-      description: HTTP access
-      from_port: 80
-      protocol: tcp
-      self: false
-      to_port: 80
-    - cidr_blocks:
-        - 0.0.0.0/0
-      description: SSH access
-      from_port: 22
-      protocol: tcp
-      self: false
-      to_port: 22
-  name: internet-access
-  owner_id: "540044833068"
-  revoke_rules_on_delete: false
-  tags:
-    Environment: production
-    ManagedBy: terraform
-    Name: internet-access
-    Project: platform-services
-    Purpose: General outbound access
-    Team: platform
-  tags_all:
-    Environment: production
-    ManagedBy: terraform
-    Name: internet-access
-    Project: platform-services
-    Purpose: General outbound access
-    Team: platform
-  terraform_address: module.shared_security_group.aws_security_group.internet_access[0]
-  terraform_name: module.shared_security_group.aws_security_group.internet_access[0]
-  timeouts: null
-  vpc_id: vpc-02901bcbb89561298

- route53-hosted-zone › /hostedzone/Z08636862QG68HT88NNHQ

--- current
+++ proposed
@@ -1,24 +0,0 @@
-type: route53-hosted-zone
-id: github.com/overmindtech/terraform-example.route53-hosted-zone.module.signals_demo[0].aws_route53_zone.demo
-attributes:
-  arn: arn:aws:route53:::hostedzone/Z08636862QG68HT88NNHQ
-  comment: Managed by Terraform
-  force_destroy: false
-  id: Z08636862QG68HT88NNHQ
-  name: signals-demo.overmind.tech
-  name_servers:
-    - ns-1230.awsdns-25.org
-    - ns-1925.awsdns-48.co.uk
-    - ns-52.awsdns-06.com
-    - ns-688.awsdns-22.net
-  primary_name_server: ns-1230.awsdns-25.org
-  tags:
-    Environment: production
-    Purpose: api-endpoint
-  tags_all:
-    Environment: production
-    Purpose: api-endpoint
-  terraform_address: module.signals_demo[0].aws_route53_zone.demo
-  terraform_name: module.signals_demo[0].aws_route53_zone.demo
-  timeouts: null
-  zone_id: Z08636862QG68HT88NNHQ

- ec2-security-group › sg-069d46afe623077e6

--- current
+++ proposed
@@ -1,69 +0,0 @@
-type: ec2-security-group
-id: github.com/overmindtech/terraform-example.ec2-security-group.module.signals_demo[0].aws_security_group.customer_access
-attributes:
-  arn: arn:aws:ec2:eu-west-2:540044833068:security-group/sg-069d46afe623077e6
-  description: Customer IP whitelist for API access - updated frequently
-  egress:
-    - cidr_blocks:
-        - 0.0.0.0/0
-      description: Allow all outbound
-      from_port: 0
-      protocol: "-1"
-      self: false
-      to_port: 0
-  id: sg-069d46afe623077e6
-  ingress:
-    - cidr_blocks:
-        - 100.64.0.0/29
-      description: Cyberdyne Systems
-      from_port: 443
-      protocol: tcp
-      self: false
-      to_port: 443
-    - cidr_blocks:
-        - 192.0.2.50/32
-      description: Initech
-      from_port: 443
-      protocol: tcp
-      self: false
-      to_port: 443
-    - cidr_blocks:
-        - 198.18.100.0/24
-      description: Umbrella Corp
-      from_port: 443
-      protocol: tcp
-      self: false
-      to_port: 443
-    - cidr_blocks:
-        - 198.51.100.0/29
-      description: Globex Industries
-      from_port: 443
-      protocol: tcp
-      self: false
-      to_port: 443
-    - cidr_blocks:
-        - 203.0.113.10/32
-      description: Acme Corp
-      from_port: 443
-      protocol: tcp
-      self: false
-      to_port: 443
-  name: signals-demo-customer-api-access
-  owner_id: "540044833068"
-  revoke_rules_on_delete: false
-  tags:
-    Environment: production
-    Name: customer-api-access
-    Purpose: customer-whitelist
-    Team: platform
-    UpdateFrequency: high
-  tags_all:
-    Environment: production
-    Name: customer-api-access
-    Purpose: customer-whitelist
-    Team: platform
-    UpdateFrequency: high
-  terraform_address: module.signals_demo[0].aws_security_group.customer_access
-  terraform_name: module.signals_demo[0].aws_security_group.customer_access
-  timeouts: null
-  vpc_id: vpc-02901bcbb89561298

- ec2-security-group › sg-0cc4ea27fa6b7c0fd

--- current
+++ proposed
@@ -1,57 +0,0 @@
-type: ec2-security-group
-id: github.com/overmindtech/terraform-example.ec2-security-group.module.signals_demo[0].aws_security_group.internal_services
-attributes:
-  arn: arn:aws:ec2:eu-west-2:540044833068:security-group/sg-0cc4ea27fa6b7c0fd
-  description: Internal service mesh, monitoring, and health check access - rarely modified
-  egress:
-    - cidr_blocks:
-        - 0.0.0.0/0
-      description: Allow all outbound
-      from_port: 0
-      protocol: "-1"
-      self: false
-      to_port: 0
-  id: sg-0cc4ea27fa6b7c0fd
-  ingress:
-    - cidr_blocks:
-        - 10.0.0.0/8
-      description: Health check endpoint
-      from_port: 8080
-      protocol: tcp
-      self: false
-      to_port: 8080
-    - cidr_blocks:
-        - 10.0.0.0/8
-      description: Internal HTTPS - monitoring, service mesh, internal tools
-      from_port: 443
-      protocol: tcp
-      self: false
-      to_port: 443
-    - cidr_blocks:
-        - 10.0.0.0/8
-      description: Prometheus metrics scraping
-      from_port: 9090
-      protocol: tcp
-      self: false
-      to_port: 9090
-  name: signals-demo-internal-services
-  owner_id: "540044833068"
-  revoke_rules_on_delete: false
-  tags:
-    Critical: "true"
-    Environment: production
-    Name: internal-services
-    Purpose: internal-mesh
-    Team: platform
-    UpdateFrequency: low
-  tags_all:
-    Critical: "true"
-    Environment: production
-    Name: internal-services
-    Purpose: internal-mesh
-    Team: platform
-    UpdateFrequency: low
-  terraform_address: module.signals_demo[0].aws_security_group.internal_services
-  terraform_name: module.signals_demo[0].aws_security_group.internal_services
-  timeouts: null
-  vpc_id: vpc-02901bcbb89561298

- sns-topic › arn:aws:sns:eu-west-2:540044833068:signals-demo-production-alerts

--- current
+++ proposed
@@ -1,26 +0,0 @@
-type: sns-topic
-id: github.com/overmindtech/terraform-example.sns-topic.module.signals_demo[0].aws_sns_topic.alerts
-attributes:
-  application_success_feedback_sample_rate: 0
-  arn: arn:aws:sns:eu-west-2:540044833068:signals-demo-production-alerts
-  content_based_deduplication: false
-  fifo_topic: false
-  firehose_success_feedback_sample_rate: 0
-  http_success_feedback_sample_rate: 0
-  id: arn:aws:sns:eu-west-2:540044833068:signals-demo-production-alerts
-  lambda_success_feedback_sample_rate: 0
-  name: signals-demo-production-alerts
-  owner: "540044833068"
-  policy: '{"Id":"__default_policy_ID","Statement":[{"Action":["SNS:GetTopicAttributes","SNS:SetTopicAttributes","SNS:AddPermission","SNS:RemovePermission","SNS:DeleteTopic","SNS:Subscribe","SNS:ListSubscriptionsByTopic","SNS:Publish"],"Condition":{"StringEquals":{"AWS:SourceOwner":"540044833068"}},"Effect":"Allow","Principal":{"AWS":"*"},"Resource":"arn:aws:sns:eu-west-2:540044833068:signals-demo-production-alerts","Sid":"__default_statement_ID"}],"Version":"2008-10-17"}'
-  signature_version: 0
-  sqs_success_feedback_sample_rate: 0
-  tags:
-    Environment: production
-    Purpose: oncall-alerts
-    Severity: critical
-  tags_all:
-    Environment: production
-    Purpose: oncall-alerts
-    Severity: critical
-  terraform_address: module.signals_demo[0].aws_sns_topic.alerts
-  terraform_name: module.signals_demo[0].aws_sns_topic.alerts

- sns-subscription › arn:aws:sns:eu-west-2:540044833068:signals-demo-production-alerts:29a1f6d7-9726-4f51-94d5-d2ec4972bd03

--- current
+++ proposed
@@ -1,16 +0,0 @@
-type: sns-subscription
-id: github.com/overmindtech/terraform-example.sns-subscription.module.signals_demo[0].aws_sns_topic_subscription.oncall_email
-attributes:
-  arn: arn:aws:sns:eu-west-2:540044833068:signals-demo-production-alerts:29a1f6d7-9726-4f51-94d5-d2ec4972bd03
-  confirmation_timeout_in_minutes: 1
-  confirmation_was_authenticated: false
-  endpoint: [email protected]
-  endpoint_auto_confirms: false
-  id: arn:aws:sns:eu-west-2:540044833068:signals-demo-production-alerts:29a1f6d7-9726-4f51-94d5-d2ec4972bd03
-  owner_id: "540044833068"
-  pending_confirmation: true
-  protocol: email
-  raw_message_delivery: false
-  terraform_address: module.signals_demo[0].aws_sns_topic_subscription.oncall_email
-  terraform_name: module.signals_demo[0].aws_sns_topic_subscription.oncall_email
-  topic_arn: arn:aws:sns:eu-west-2:540044833068:signals-demo-production-alerts

---

🟠 Unmapped Changes

+ cloudwatch-alarm › module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]

--- current
+++ proposed
@@ -0,0 +1,44 @@
+type: cloudwatch-alarm
+id: github.com/overmindtech/terraform-example.cloudwatch-alarm.module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]
+attributes:
+  actions_enabled: true
+  alarm_actions:
+    - arn:aws:sns:eu-west-2:540044833068:api-51c748b4-alerts
+  alarm_description: CPU credit balance is low
+  alarm_name: api-51c748b4-cpu-credits-low
+  arn: (known after apply)
+  comparison_operator: LessThanThreshold
+  datapoints_to_alarm: null
+  dimensions:
+    InstanceId: i-0ab8548514d9e361b
+  evaluate_low_sample_count_percentiles: (known after apply)
+  evaluation_periods: 2
+  extended_statistic: null
+  id: (known after apply)
+  insufficient_data_actions: null
+  metric_name: CPUCreditBalance
+  namespace: AWS/EC2
+  ok_actions:
+    - arn:aws:sns:eu-west-2:540044833068:api-51c748b4-alerts
+  period: 300
+  statistic: Average
+  tags:
+    CostCenter: engineering
+    Environment: production
+    ManagedBy: terraform
+    Name: api-51c748b4-credits-alarm
+    Project: api-platform
+    Workload: cpu-intensive
+  tags_all:
+    CostCenter: engineering
+    Environment: production
+    ManagedBy: terraform
+    Name: api-51c748b4-credits-alarm
+    Project: api-platform
+    Workload: cpu-intensive
+  terraform_address: module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]
+  terraform_name: module.api_server.aws_cloudwatch_metric_alarm.cpu_credits[0]
+  threshold: 50
+  threshold_metric_id: null
+  treat_missing_data: missing
+  unit: null

- random_id › module.shared_security_group.random_id.suffix[0]

--- current
+++ proposed
@@ -1,13 +0,0 @@
-type: random_id
-id: github.com/overmindtech/terraform-example.random_id.module.shared_security_group.random_id.suffix[0]
-attributes:
-  b64_std: oof2Cw==
-  b64_url: oof2Cw
-  byte_length: 4
-  dec: "2726819339"
-  hex: a287f60b
-  id: oof2Cw
-  keepers: null
-  prefix: null
-  terraform_address: module.shared_security_group.random_id.suffix[0]
-  terraform_name: module.shared_security_group.random_id.suffix[0]

---

💥 Blast Radius

Items 83

Edges 301

[github-actions]

⛔ Auto-Blocked

---

🔴 Decision

Auto-blocked: Routine score (-5) is below minimum (-1)

---

📊 Signals Summary

Routine 🔴 -5

---

🔥 Risks Summary

High 0 · Medium 0 · Low 0

---

💥 Blast Radius

Items 6 · Edges 18

---

View full analysis in Overmind ↗

[github-actions]

⛔ Auto-Blocked

---

🔴 Decision

Found 2 high risks requiring review

---

📊 Signals Summary

Routine 🔴 -5

Policies 🔴 -3

---

🔥 Risks Summary

High 2 · Medium 1 · Low 0

---

💥 Blast Radius

Items 83 · Edges 301

---

View full analysis in Overmind ↗