{ "sessionId": "630ce049-b5a9-45d9-a5c3-385de197ea93", "projectHash": "cc0b5b68454a59206e0457f5ad30cf64769ce03f6eaf19fb8c5b1adb80414a8d", "startTime": "2026-02-20T17:42:02.216Z", "lastUpdated": "2026-02-20T18:02:13.550Z", "messages": [ { "id": "f1b7bf73-e2fe-4322-b0e2-765204d6fe82", "timestamp": "2026-02-20T17:42:02.217Z", "type": "user", "content": [ { "text": "can we avoid making the sql backup bucket be versioned unless needed by enabling replication. \n # aws_s3_bucket_versioning.sql_backups will be created\n + resource \"aws_s3_bucket_versioning\" \"sql_backups\" {\n + bucket = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup\"\n + id = (known after apply)\n\n + versioning_configuration {\n + mfa_delete = (known after apply)\n + status = \"Suspended\"\n }\n }" } ] }, { "id": "a1dc4b0a-2150-4fb3-a28a-ea6602dc7ed8", "timestamp": "2026-02-20T17:42:06.140Z", "type": "gemini", "content": "I will search for the definition of the `aws_s3_bucket_versioning` resource for `sql_backups` in the `terraform/` directory.", "thoughts": [ { "subject": "Assessing Conditional Creation", "description": "I'm currently focused on how to make the creation of the `aws_s3_bucket_versioning` resource conditional. The goal is to avoid it unless absolutely needed, specifically when replication is turned on. I'm exploring the logic to make this determination, using `replication_configuration` as the trigger.", "timestamp": "2026-02-20T17:42:04.539Z" }, { "subject": "Analyzing Versioning Logic", "description": "I've been digging into the Terraform code, specifically focusing on the `aws_s3_bucket_versioning` resource and how its creation is determined. I've located the resource definition and now need to insert logic to make its creation contingent on whether replication is active. I plan to use the `replication_configuration` to drive this conditional behavior.", "timestamp": "2026-02-20T17:42:06.020Z" } ], "tokens": { "input": 19066, "output": 65, "cached": 3333, "thoughts": 273, "tool": 0, "total": 19404 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "grep_search_1771609326136_0", "name": "grep_search", "args": { "pattern": "resource \"aws_s3_bucket_versioning\" \"sql_backups\"", "include": "terraform/**/*.tf" }, "result": [ { "functionResponse": { "id": "grep_search_1771609326136_0", "name": "grep_search", "response": { "output": "Found 2 matches for pattern \"resource \"aws_s3_bucket_versioning\" \"sql_backups\"\" in path \".\" (filter: \"terraform/**/*.tf\"):\n---\nFile: terraform/infrastructures/rds/sql-backups-s3.tf\nL77: resource \"aws_s3_bucket_versioning\" \"sql_backups\" {\n---\nFile: terraform/infrastructures/aurora/sql-backups-s3.tf\nL77: resource \"aws_s3_bucket_versioning\" \"sql_backups\" {\n---" } } } ], "status": "success", "timestamp": "2026-02-20T17:42:06.231Z", "resultDisplay": "Found 2 matches", "displayName": "SearchText", "description": "Searches for a regular expression pattern within file contents. Max 100 matches.", "renderOutputAsMarkdown": true } ] }, { "id": "8c946fdb-08e3-472d-9078-aa696702b79d", "timestamp": "2026-02-20T17:42:09.986Z", "type": "gemini", "content": "I will read the `sql-backups-s3.tf` files in both the `rds` and `aurora` directories to examine the current versioning logic.", "thoughts": [ { "subject": "Examining the Code", "description": "I'm currently reviewing `terraform/infrastructures/rds/sql-backups -s3.tf` and `terraform/infrastructures/aurora /sql-backups-s3.tf`, paying close attention to the versioning logic. The code around line 77 is my current focus to see how it's handled. I'm looking for clues about existing versioning strategies.", "timestamp": "2026-02-20T17:42:09.729Z" }, { "subject": "Inspecting Versioning Strategy", "description": "I've homed in on the `resource` definitions within those files, primarily scrutinizing the area around line 77, as I mentioned. Now, I'm trying to figure out which approach is adopted for versioning.", "timestamp": "2026-02-20T17:42:09.790Z" } ], "tokens": { "input": 19264, "output": 99, "cached": 3296, "thoughts": 69, "tool": 0, "total": 19432 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "read_file_1771609329940_0", "name": "read_file", "args": { "file_path": "terraform/infrastructures/rds/sql-backups-s3.tf", "limit": 50, "offset": 60 }, "result": [ { "functionResponse": { "id": "read_file_1771609329940_0", "name": "read_file", "response": { "output": "\nIMPORTANT: The file content has been truncated.\nStatus: Showing lines 61-110 of 161 total lines.\nAction: To read more of the file, you can use the 'offset' and 'limit' parameters in a subsequent 'read_file' call. For example, to read the next section of the file, use offset: 110.\n\n--- FILE CONTENT (truncated) ---\n\nresource \"aws_iam_policy\" \"ecs_cluster_sql_backup_s3_policy\" {\n name = \"${terraform.workspace}-ecs-cluster-sql-backups-s3-policy\"\n policy = templatefile(\n \"../../policies/s3-rw-with-versioning.json\",\n {\n bucket_arn = aws_s3_bucket.sql_backups.arn\n }\n )\n}\n\nresource \"aws_iam_role_policy_attachment\" \"ecs_cluster_sql_backup_s3_policy\" {\n role = data.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile.role_name\n policy_arn = aws_iam_policy.ecs_cluster_sql_backup_s3_policy.arn\n}\n\nresource \"aws_s3_bucket_versioning\" \"sql_backups\" {\n bucket = aws_s3_bucket.sql_backups.id\n versioning_configuration {\n status = var.rds.replication_bucket_destination_arn != \"\" ? \"Enabled\" : \"Suspended\"\n }\n}\n\nresource \"aws_iam_role\" \"replication\" {\n count = var.rds.replication_bucket_destination_arn != \"\" ? 1 : 0\n name = \"${var.infrastructure_name}-${local.rds_identifier}-sql-backup-replication\"\n\n assume_role_policy = <`. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "70fe6ac0-98b7-43b8-b672-653fdb325e3f", "timestamp": "2026-02-20T17:44:04.448Z", "type": "gemini", "content": "I will run the project's test script to verify the changes.", "thoughts": [ { "subject": "Evaluating the Results", "description": "I've just confirmed that the Terraform formatting worked as expected, focusing only on the `aurora/sql-backups-s3.tf` file. I'm now running the test script to validate the changes and ensure everything is still functioning correctly. I'll await the results.", "timestamp": "2026-02-20T17:44:04.339Z" } ], "tokens": { "input": 26510, "output": 39, "cached": 24230, "thoughts": 43, "tool": 0, "total": 26592 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771609444447_0", "name": "run_shell_command", "args": { "description": "Run the project's validation tests.", "command": "./scripts/bin/test" }, "result": [ { "functionResponse": { "id": "run_shell_command_1771609444447_0", "name": "run_shell_command", "response": { "error": "[Operation Cancelled] Reason: User denied execution." } } } ], "status": "cancelled", "timestamp": "2026-02-20T17:44:10.321Z", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "e420d2f0-38e9-4192-b6f1-da973196c1b9", "timestamp": "2026-02-20T17:44:10.323Z", "type": "info", "content": "Request cancelled." }, { "id": "fa1a17e5-51ca-4a86-ad8a-24090a60977d", "timestamp": "2026-02-20T17:46:11.105Z", "type": "user", "content": [ { "text": "use `./scripts/bin/test/ -l` for a quick test of code changes. you can also use `./scripts/bin/test -i dxw-pentest -T rds` to see what terraform would plan for a real environmnet" } ] }, { "id": "be5baa52-d336-4ef5-bc45-7e1dcf52b929", "timestamp": "2026-02-20T17:46:18.255Z", "type": "gemini", "content": "I will now run the quick tests and verify the Terraform plan for the `rds` infrastructure in the `dxw-pentest` environment to ensure the `aws_s3_bucket_versioning` resource is no longer created when it's not needed.", "thoughts": [ { "subject": "Defining Conditional Logic", "description": "I'm currently focused on the logic for conditionally creating the `aws_s3_bucket_versioning.sql_backups` resource. My initial thought was to check for replication. I need to make sure I'm capturing the correct state to avoid unnecessary resource creation.", "timestamp": "2026-02-20T17:46:12.978Z" }, { "subject": "Addressing Resource Dependencies", "description": "I've been examining the implications of conditional resource creation, specifically concerning the `aws_s3_bucket_versioning.sql_backups` resource. My focus shifted to potential dependency issues. It seems if the `count` attribute is set to zero, I might need to explicitly reference the resource as an index `[0]` in other resource definitions. I've verified existing dependencies and found the dependencies only use the resource's name.", "timestamp": "2026-02-20T17:46:15.348Z" }, { "subject": "Revising Dependency References", "description": "I've been meticulously reviewing the existing `depends_on` clauses related to the conditional `aws_s3_bucket_versioning.sql_backups` resource. While the initial dependency check was successful, I'm now certain the bare resource name is handled by Terraform. This is because all resources are conditionally created based on the same variable. I'm focusing on the plan to confirm the resource is not created in the negative case, which should provide a final check for safety.", "timestamp": "2026-02-20T17:46:17.077Z" }, { "subject": "Evaluating Linting and Planning", "description": "I'm now prepping to run the tests. I'll start with the linting check using `./scripts/bin/test -l` to ensure the code adheres to style guidelines. Following that, I'll execute the planning test using `./scripts/bin/test -i dxw-pentest -T rds`. This will allow me to verify the conditional resource creation and confirm no unintended changes will be implemented. I will need to examine the plan output closely to ensure the correct behavior. I'll need to check the resources involved and the expected resource creation based on the value of the controlling variable.", "timestamp": "2026-02-20T17:46:18.136Z" } ], "tokens": { "input": 26616, "output": 81, "cached": 17235, "thoughts": 804, "tool": 0, "total": 27501 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771609578253_0", "name": "run_shell_command", "args": { "command": "./scripts/bin/test -l", "description": "Run quick linting and formatting tests." }, "result": [ { "functionResponse": { "id": "run_shell_command_1771609578253_0", "name": "run_shell_command", "response": { "output": "Output: ==> Linting YAML...\n\n==> Linting shell scripts...\n\n==> Checking Terraform for JSON errors...\n- Checking ./terraform/policies/iam-read.json... Passed\n- Checking ./terraform/policies/s3-rw-with-versioning.json... Passed\n- Checking ./terraform/policies/codestar-connection-use.json... Passed\n- Checking ./terraform/policies/iam-create-access-key.json... Passed\n- Checking ./terraform/policies/codebuild.json... Passed\n- Checking ./terraform/policies/kms-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/iam-change-password.json... Passed\n- Checking ./terraform/policies/administrator-access.json... Passed\n- Checking ./terraform/policies/assume_roles/aws-backup.json... Passed\n- Checking ./terraform/policies/assume_roles/autoscaling.json... Passed\n- Checking ./terraform/policies/assume_roles/events.json... Passed\n- Checking ./terraform/policies/assume_roles/ecs.json... Passed\n- Checking ./terraform/policies/assume_roles/codepipeline.json... Passed\n- Checking ./terraform/policies/iam-mfa.json... Passed\n- Checking ./terraform/policies/route53-read.json... Passed\n- Checking ./terraform/policies/s3-full-access.json... Passed\n- Checking ./terraform/policies/parameter-store-read-decrypt.json... Passed\n- Checking ./terraform/policies/s3-read.json... Passed\n- Checking ./terraform/policies/parameter-store-RW-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/all-read-with-billing.json... Passed\n- Checking ./terraform/policies/codebuild-start-build.json... Passed\n- Checking ./terraform/policies/all-read.json... Passed\n\n==> Linting Terraform...\n\n==> Running Ruby tests...\n/Users/bob/.rbenv/versions/2.7.1/bin/ruby -I/Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/lib:/Users/bob/.bundles/ruby/2.7.0/gems/rspec-support-3.12.1/lib /Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/exe/rspec --pattern spec/\\*\\*\\{,/\\*/\\*\\*\\}/\\*_spec.rb\n\ntests local configuration\n use of \"terraform apply\"\n passes the hosted zone config to \"terraform apply\"\n passes the s3 config to \"terraform apply\"\n passes the vpn customer gateway config to \"terraform apply\"\n passes the base config to \"terraform apply\"\n passes the waf config to \"terraform apply\"\n passes the rds config to \"terraform apply\"\n passes the elasticache config to \"terraform apply\"\n passes the opensearch config to \"terraform apply\"\n passes the service config to \"terraform apply\"\n passes the loadbalancer config to \"terraform apply\"\n passes the cluster 2 config to \"terraform apply\"\n passes the cluster 3 config to \"terraform apply\"\n passes the cluster 4 config to \"terraform apply\"\n\ntests remote configuration\n retrieves the remotely held full configuration\n proceeds with deploying the infrastructure as per the cached full configuration\n\ntests local configuration\n invokes \"terraform validate\" with the expected cluster options\n invokes \"terraform validate\" with the expected source options\n use of \"terraform plan\"\n passes the hosted zone config to \"terraform plan\"\n passes the s3 config to \"terraform plan\"\n passes the vpn customer gateway config to \"terraform plan\"\n passes the base config to \"terraform plan\"\n passes the waf config to \"terraform plan\"\n passes the rds config to \"terraform plan\"\n passes the elasticache config to \"terraform plan\"\n passes the opensearch config to \"terraform plan\"\n passes the services config to \"terraform plan\"\n passes the loadbalancer config to \"terraform plan\"\n passes the cluster 2 config to \"terraform plan\"\n passes the cluster 3 config to \"terraform plan\"\n passes the cluster 4 config to \"terraform plan\"\n\nDalmatian::Account\n initialisation\n gathering user input\n asks the user for AWS credentials\n asks the user for the AWS account id to use\n asks the user for an account alias\n #call\n changes to the bootstrapping directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n\nDalmatian::CacheHandlerSelector\n ::new_for(remote_reference)\n when the remote reference is for a git repo\n asks for an instance of GitCacheHandler\n when the remote reference is for an S3 bucket\n asks for an instance of S3CacheHandler\n when the remote reference is for a URL\n asks for an instance of UrlCacheHandler\n when the type is unknown\n raises an error\n\nCacheHandler\n when a subclass class does not implement #cache_remote_configuration\n raises a helpful error\n\nDalmatian::CI\n CI::PATH\n is a constant\n #deploy\n changes to the ci directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n #test\n runs terraform plan with the user-supplied vars\n\nDalmatian::ClusterDeployment\n #call\n changes to the ecs directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n when in _plan_ mode\n invokes Terraform.plan using the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply using the _dalmatian-admin_\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Cluster\n on initialisation\n makes Hosted zones, S3, Sources, Services, Loadbalancers, WAF and Rds\n #target_directory\n is a standard _ecs_ path\n #id\n is the primary key of the cluster definition is used\n #name\n when the cluster has an explicitly provided _name_ property\n that property is used\n when the cluster does not have an explicitly provided _name_ property\n the primary key of the cluster definition is used\n #account_id\n is the aws account key for deployment\n #sources\n represents any links to remote sources\n #environments\n represents the attributes of each environment's cluster section\n #fetch\n when the source is remotely held\n logs the plan to clone the source into the infrastructure pth\n deletes any existing source at the infrastructure location\n clones each source into the infrastructure location\n changes to the infrastructure directory for each source\n runs rake terrafile\n changes back to the APP_ROOT\n when the source is a local file path\n does not re-clone the source\n does not run terrafile\n when the specified local directory exists\n logs the fact that the local source is in place\n when the specificed local directory does not exist\n logs an error that the local source is missing\n #deploy\n deploys source infrastructure for each source and each service in each environment\n when a cluster should be created\n deploys cluster infrastructure for each environment\n when the _plan_ option IS invoked\n creates Cluster Deployments with plan settings\n when the _auto_approve_ option IS invoked\n creates Cluster Deployments with auto_approve settings\n handling of tests\n when the _test_ option is NOT invoked\n does not run cluster tests\n does not run cluster tests\n does not run cluster tests\n does not run source tests\n does not run waf tests\n does not run rds tests\n does not run service tests\n does not run service tests\n when the test option IS invoked\n runs tests\n when a cluster should NOT be created\n does not deploy cluster infrastructure\n when test option is invoked\n tests sources and services for each environment\n\nDalmatian::ClusterTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n\nDalmatian::ConfigurationReader\n when a full configuration is provided in a local file\n #call\n has no need to use a cache handler\n returns the loaded configuration\n when a reference to a remote configuration is provided\n and the reference is provided in a local file\n uses the CacheHandlerSelector to provide the appropriate retrieval mechanism\n calls on the selected cache handler\n returns the configuration returned by the cache_handler\n and the reference is provided using environment variables\n passes the provided remote reference to the CacheHandlerSelector\n and references are provided in both environment variables and config file\n prefers the environment variable references over the config file\n and no references are provided\n raises an error\n and the remote reference is missing its _type_\n raises an error\n #ci\n when a parameter path prefix is given\n overwrites the ci:variables config with those retrieved from the param store\n leaves other ci:variables in place\n when a parameter path prefix is NOT given\n does NOT overwrite any ci:variables from the param store\n\nDalmatian::ElasticacheCluster\n #identifier\n uses elasticache identifier\n #in_use_by\n uses elasticache_cluster in_use_by list\n #node_type\n uses elasticache_cluster node_type\n #node_count\n uses elasticache_cluster node_count\n #engine\n uses elasticache_cluster engine\n #engine_version\n uses the elasticache_cluster engine_version\n #parameters\n uses the elasticache_cluster parameters list\n #port\n uses the elasticache_cluster port\n #maintenance_window\n uses the elasticache_cluster maintenance_window\n #snapshot_window\n uses the elasticache_cluster snapshot_window\n #parameter_store_path_elasticache_cluster_url_name\n uses the elasticache_cluster parameter_store_path_elasticache_cluster_url_name\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ElasticacheClusterTest\n #call\n changes to the elasticache-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::GitCacheHandler\n #call\n deletes any old cache\n uses git clone to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n when no special cache path is given\n uses the default cache path of ./.dalmatian_cache/remote_config\n\nDalmatian::Helper\n ::git_clone(source, destination)\n when source and destination args are not provided\n raises an error with usage info\n when given source and destination args\n passes the request to the git CLI\n ::git_checkout(revision)\n checks out the given revision using run!\n ::get(source, destination)\n when source and destination args are not provided\n raises an error with usage info\n when given source and destination args\n opens the source url\n opens a new file at the destination\n writes the source resource into that file\n reads the information from the fetched resource\n ::run!\n passes given cmd to Kernel.system\n when the call to Kernel.system returns _false_\n raise a helpful error\n ::run_with_output!(cmd)\n passes given cmd to Open3.capture3\n when the system call returns a zero exit status\n returns the systems output to STDOUT\n when the system call returns a non-zero exit status\n also returns STDOUT ignoring the exit code and STDERR\n when the system call raises an ENOENT error\n catches this and raises a helpful Error\n ::change_to(path)\n passes the given path to Dir.chdir\n ::to_bool(str)\n when given nil\n returns false\n when given an empty string\n returns false\n when given lower case string _true_\n returns true\n when given mixed case string _True_\n returns true\n when given the object true\n returns true\n when given the object false\n returns false\n ::tflint\n runs the tflint cmd\n ::terrafile\n runs rake terrafile\n ::ask\n delegates to HighLine#ask\n ::ask_in_confidence\n delegates to HighLine#ask\n passes a block to mask the answer\n\nDalmatian::HostedZoneDeployment\n #call\n changes to hosted-zone infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::HostedZone\n #domain\n uses hosted_zone domain\n #ns_records\n uses hosted_zone ns_records\n #a_records\n uses hosted_zone a_records\n #alias_records\n uses hosted_zone alias_records\n #cname_records\n uses hosted_zone cname_records\n #mx_records\n uses hosted_zone mx_records\n #txt_records\n uses hosted_zone txt_records\n #srv_records\n uses hosted_zone srv_records\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::HostedZoneTest\n #call\n changes to the hosted-zone directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::Infrastructure\n Infrastructure::PATH\n is a constant\n Infrastructure::APP_ROOT\n is a constant\n initialisation\n when configuration is not provided\n builds one using the defaults\n #clusters\n creates one cluster for each cluster description provided\n key operations on clusters\n #fetch\n asks all clusters to #fetch\n #test\n asks all clusters to #deploy with _plan_ and _test_ options\n #deploy\n when no parameters given\n asks all clusters to #deploy with _plan_, _test_ and _auto-approve_ disabled\n when parameters are given\n asks all clusters to #deploy with the given options\n when a particular infrastructure is named for deployment\n asks only the named cluster to #deploy with the given options\n\nDalmatian::Logger\n ::error(msg)\n raises an error with a red message\n ::info(msg)\n puts the given given message in white\n ::success(msg)\n puts the given given message in green\n ::warn(msg)\n puts the given given message in yellow\n\nDalmatian::OpensearchCluster\n #identifier\n uses opensearch identifier\n #in_use_by\n uses opensearch_cluster in_use_by list\n #version\n uses opensearch_cluster version\n #master_enabled\n uses opensearch_cluster master_enabled bool\n #master_count\n uses opensearch_cluster master_count\n #master_type\n uses opensearch_cluster master_type\n #instance_count\n uses opensearch_cluster instance_count\n #instance_type\n uses opensearch_cluster instance_type\n #warm_enabled\n uses opensearch_cluster warm_enabled bool\n #warm_count\n uses opensearch_cluster warm_count\n #warm_type\n uses opensearch_cluster warm_type\n #parameter_store_path_opensearch_cluster_url_name\n uses opensearch_cluster parameter_store_path_opensearch_cluster_url_name\n #volume_size\n uses opensearch_cluster volume_size\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::OpensearchClusterTest\n #call\n changes to the opensearch-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ParameterStore\n ::get_parameter(name: \"\", with_decryption: true)\n when getting a single parameter from Parameter Store\n runs aws ssm get-parameter\n ::get_parameters_by_path(path: \"\", with_decryption: true)\n when getting parameters by path from Parameter Store\n runs aws ssm get-parameter\n\nDalmatian::RdsDeployment\n #call\n changes to rds infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Rds\n #identifier\n uses rds identifier\n #in_use_by\n uses rds in_use_by list\n #clusters_in_use\n uses rds clusters_in_use list\n #instance_class\n uses rds instance_class\n #engine\n uses rds engine\n #engine_version\n uses the rds engine_version\n #allocated_storage\n uses the rds allocated_storage\n #storage_encrypted\n uses the rds storage_encrypted bool\n #storage_type\n uses the rds storage_type gp3\n #db_name\n uses the rds db_name\n #port\n uses the rds port\n #maintenance_window\n uses the rds maintenance_window\n #backup_window\n uses the rds backup_window\n #backup_retention_period\n uses the rds backup_retention_period\n #force_ssl\n uses the rds force_ssl bool\n #parameter_store_path_db_url_name\n uses the rds parameter_store_path_db_url_name\n #sql_backup_scheduled_task_environment_variables\n uses the rds sql_backup_scheduled_task_environment_variables\n #check_sql_backup_scheduled_task_environment_variables\n uses the rds check_sql_backup_scheduled_task_environment_variables\n #sync_sql_backup_to_azure\n will have offsite backups disabled by default\n #replication_bucket_destination_arn\n uses the rds replication_bucket_destination_arn\n #replication_kms_key_id\n uses the rds replication_kms_key_id\n #codebuild_access\n uses the rds codebuild_access\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::RdsTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::RemoteReferenceValues\n when the reference is for a git repo\n returns a git shaped configuration\n if _filename_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for an S3 bucket\n returns an S3 shaped configuration\n if _key_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for a URL\n returns a git shaped configuration\n\nDalmatian::S3CacheHandler\n #call\n deletes any old cache\n uses the AWS S3 cmd to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::S3Deployment\n #call\n changes to s3 infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::S3\n #name\n uses s3 name\n #enable_s3_versioning\n uses enable_s3_versioning bool\n #encrypted\n uses s3 encrypted bool\n #acl\n uses s3 acl\n #policy\n uses s3 policy\n #service_cloudfront_read_access\n uses s3 service_cloudfront_read_access\n #cloudfront\n uses s3 cloudfront\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::S3Test\n #call\n changes to the s3 directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ServiceDeployment\n #call\n changes to ecs-services infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Service\n #name\n uses service name\n #blue_green\n uses the service blue_green map\n #parameter_store_path\n uses service parameter_store_path\n #parameter_store_key\n uses service parameter_store_key\n #daemon\n uses the service daemon bool\n #monitoring\n uses the service monitoring hash\n #cloudfront\n recasts the service config in environment groups\n includes the appropriate \"custom_origins\" values in each environment\n Uses an AWS cloudfront managed cache policy\n Uses an AWS cloudfront managed origin policy\n Uses an AWS cloudfront managed response headers policy\n mirroring of elements into each environment group\n includes the \"create\" value\n includes the \"tls_protocol_version\" value\n includes the \"origin_keepalive_timeout\" value\n includes the \"origin_read_timeout\" value\n includes the \"basic_auth\" value\n includes the \"basic_auth_users_extra\" value\n includes the \"viewer_request_functions\" values\n includes the \"offline_page_http_status\" value\n bypass_protection\n uses the \"bypass_protection\" configuration\n custom_behaviors\n converts list of \"path_patterns\" to a single \"path_pattern\"\n #shared_loadbalancer_name\n returns shared loadbalancer name if the service is in use by a shared loadbalancer\n returns empty string if the service is not in use by a shared loadbalancer\n #s3_policy\n uses the service s3_policy map\n #lb_ip_whitelistt\n uses the service lb_ip_whitelist list\n #lb_idle_timeout\n uses the service lb_idle_timeout\n #global_accelerator\n uses service global_accelerator value\n #health_check_path\n uses the service health_check_path\n #health_check_grace_period\n uses the service health_check_grace_period\n #deregistration_delay\n uses the service deregistration_delay\n #serve_from_subdirectory\n uses the service serve_from_subdirectory\n #domain_names\n groups the domain names from the service domain_list into environments\n #proxy_configuration\n groups the proxy configurations from the service proxy_configuration list into environments\n #home_directory\n uses the service home_directory\n #lb_ssl_certificate\n groups the certificate arns from the service lb_ssl_certificate list into environments\n #lb_ssl_policy\n sets the default ssl policy for each environment\n #cloudfront_ssl_certificate\n groups the certificate arns from the service cloudfront_ssl_certificate list into environments\n #image_source\n uses the service image source\n #launch_on\n uses the service 'launch_on' specification\n #launch_on_cluster\n uses the service 'launch_on_cluster' string\n #cluster_min_servers\n uses the service 'cluster_min_servers' string\n #image_location\n uses the service image location\n #track_revision\n uses the service track_revision string\n #custom_codestar_connection_arn\n uses the service custom_codestar_connection_arn\n #codepipeline_use_github_v1\n uses the service codepipeline_use_github_v1\n #codepipeline_codebuild_run_in_vpc\n uses the service codepipeline_codebuild_run_in_vpc\n #codepipeline_codebuild_use_service_env\n uses the service codepipeline_codebuild_use_service_env\n #buildspec\n uses the service buildspec\n #container_port\n uses the service container port\n #container_command\n uses the service container command\n #container_volumes\n uses the service container volumes\n #container_extra_hosts\n uses the service container extra hosts\n #container_count\n uses the service container_count\n #enable_max_one_container_per_instance\n uses the service enable_max_one_container_per_instance\n #scheduled_tasks\n uses the service scheduled tasks\n #workers\n uses the service workers\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ServiceTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SharedLoadbalancerDeployment\n #call\n changes to shared-loadbalancer infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::SharedLoadbalancer\n #name\n uses shared_loadbalancer name\n #in_use_by\n uses shared_loadbalancer in_use_by list\n #clusters_in_use\n uses shared_loadbalancer clusters_in_use list\n #subnets_name\n uses shared_loadbalancer subnets_name value\n #domain_names\n uses shared_loadbalancer domain_names list provided by Services\n #internal\n uses shared_loadbalancer internal value\n #ip_whitelist\n uses shared_loadbalancer ip_whitelist list\n #idle_timeout\n uses shared_loadbalancer idle_timeout value\n #global_accelerator\n uses shared_loadbalancer global_accelerator value\n #ssl_policy\n has the default ssl policy defined\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::SharedLoadbalancerTest\n #call\n changes to the shared-loadbalancer directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SourceDeployment\n #call\n changes to infrastructure config directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Source\n #name\n uses the cluster name and its own position in the cluster's list of sources\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n\nDalmatian::SourceTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform.validate\n\nDalmatian::Terraform\n ::init(upgrade: false)\n when asked to upgrade\n passes terraform init the upgrade flag\n when not asked to upgrade\n does not pass terraform init the upgrade flag\n ::fmt(args = nil)\n when passed some additional arguments\n passes terraform fmt the upgrade flag\n when passed NO additional arguments\n invokes terraform fmt with no arguments\n ::validate(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::ensure_presence_of_workspace(workspace_name)\n logs our intention to create the workspace\n asks Terraform to create the workspace\n when the workspace already exists (and an error is rescued)\n logs our intention to _select_ rather than _create_ the workspace\n asks Terraform to select the existing workspace\n ::plan(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::apply(tfvars, auto_approve=false)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n when auto-approve is set to true\n passes the _auto-approve_ flag to terraform apply\n ::destroy(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::list_workspaces\n changes to the bootstrapping directory\n runs the terraform cmd to list workspaces\n\nDalmatian::UrlCacheHandler\n #call\n deletes any old cache\n uses the helper to GET a URI\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::VpnCustomerGatewayDeployment\n #call\n changes to vpn-customer-gateway infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::VpnCustomerGateway\n #name\n uses vpn_customer_gateway name\n #bgp_asn\n uses vpn_customer_gateway bgp_asn\n #ip_address\n uses vpn_customer_gateway ip_address\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::VpnCustomerGatewayTest\n #call\n changes to the vpn-customer-gateway directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::WAFDeployment\n #call\n changes to waf infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::WAF\n #name\n uses waf name\n #action\n uses waf action\n #ip_deny_list\n has a list of IP addresses to block\n #aws_managed_rules\n uses waf aws_managed_rules list\n #associations\n uses waf associations list\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::WAFTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nFinished in 3.23 seconds (files took 0.7496 seconds to load)\n478 examples, 0 failures\n\nCoverage report generated for RSpec to /Users/bob/git/dxw/dalmatian/coverage. 4310 / 4389 LOC (98.2%) covered.\n\n==> Linting markdown...\nProcess Group PGID: 64334" } } } ], "status": "success", "timestamp": "2026-02-20T17:46:32.254Z", "resultDisplay": "==> Linting YAML...\n\n==> Linting shell scripts...\n\n==> Checking Terraform for JSON errors...\n- Checking ./terraform/policies/iam-read.json... Passed\n- Checking ./terraform/policies/s3-rw-with-versioning.json... Passed\n- Checking ./terraform/policies/codestar-connection-use.json... Passed\n- Checking ./terraform/policies/iam-create-access-key.json... Passed\n- Checking ./terraform/policies/codebuild.json... Passed\n- Checking ./terraform/policies/kms-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/iam-change-password.json... Passed\n- Checking ./terraform/policies/administrator-access.json... Passed\n- Checking ./terraform/policies/assume_roles/aws-backup.json... Passed\n- Checking ./terraform/policies/assume_roles/autoscaling.json... Passed\n- Checking ./terraform/policies/assume_roles/events.json... Passed\n- Checking ./terraform/policies/assume_roles/ecs.json... Passed\n- Checking ./terraform/policies/assume_roles/codepipeline.json... Passed\n- Checking ./terraform/policies/iam-mfa.json... Passed\n- Checking ./terraform/policies/route53-read.json... Passed\n- Checking ./terraform/policies/s3-full-access.json... Passed\n- Checking ./terraform/policies/parameter-store-read-decrypt.json... Passed\n- Checking ./terraform/policies/s3-read.json... Passed\n- Checking ./terraform/policies/parameter-store-RW-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/all-read-with-billing.json... Passed\n- Checking ./terraform/policies/codebuild-start-build.json... Passed\n- Checking ./terraform/policies/all-read.json... Passed\n\n==> Linting Terraform...\n\n==> Running Ruby tests...\n/Users/bob/.rbenv/versions/2.7.1/bin/ruby -I/Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/lib:/Users/bob/.bundles/ruby/2.7.0/gems/rspec-support-3.12.1/lib /Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/exe/rspec --pattern spec/\\*\\*\\{,/\\*/\\*\\*\\}/\\*_spec.rb\n\ntests local configuration\n use of \"terraform apply\"\n passes the hosted zone config to \"terraform apply\"\n passes the s3 config to \"terraform apply\"\n passes the vpn customer gateway config to \"terraform apply\"\n passes the base config to \"terraform apply\"\n passes the waf config to \"terraform apply\"\n passes the rds config to \"terraform apply\"\n passes the elasticache config to \"terraform apply\"\n passes the opensearch config to \"terraform apply\"\n passes the service config to \"terraform apply\"\n passes the loadbalancer config to \"terraform apply\"\n passes the cluster 2 config to \"terraform apply\"\n passes the cluster 3 config to \"terraform apply\"\n passes the cluster 4 config to \"terraform apply\"\n\ntests remote configuration\n retrieves the remotely held full configuration\n proceeds with deploying the infrastructure as per the cached full configuration\n\ntests local configuration\n invokes \"terraform validate\" with the expected cluster options\n invokes \"terraform validate\" with the expected source options\n use of \"terraform plan\"\n passes the hosted zone config to \"terraform plan\"\n passes the s3 config to \"terraform plan\"\n passes the vpn customer gateway config to \"terraform plan\"\n passes the base config to \"terraform plan\"\n passes the waf config to \"terraform plan\"\n passes the rds config to \"terraform plan\"\n passes the elasticache config to \"terraform plan\"\n passes the opensearch config to \"terraform plan\"\n passes the services config to \"terraform plan\"\n passes the loadbalancer config to \"terraform plan\"\n passes the cluster 2 config to \"terraform plan\"\n passes the cluster 3 config to \"terraform plan\"\n passes the cluster 4 config to \"terraform plan\"\n\nDalmatian::Account\n initialisation\n gathering user input\n asks the user for AWS credentials\n asks the user for the AWS account id to use\n asks the user for an account alias\n #call\n changes to the bootstrapping directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n\nDalmatian::CacheHandlerSelector\n ::new_for(remote_reference)\n when the remote reference is for a git repo\n asks for an instance of GitCacheHandler\n when the remote reference is for an S3 bucket\n asks for an instance of S3CacheHandler\n when the remote reference is for a URL\n asks for an instance of UrlCacheHandler\n when the type is unknown\n raises an error\n\nCacheHandler\n when a subclass class does not implement #cache_remote_configuration\n raises a helpful error\n\nDalmatian::CI\n CI::PATH\n is a constant\n #deploy\n changes to the ci directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n #test\n runs terraform plan with the user-supplied vars\n\nDalmatian::ClusterDeployment\n #call\n changes to the ecs directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n when in _plan_ mode\n invokes Terraform.plan using the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply using the _dalmatian-admin_\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Cluster\n on initialisation\n makes Hosted zones, S3, Sources, Services, Loadbalancers, WAF and Rds\n #target_directory\n is a standard _ecs_ path\n #id\n is the primary key of the cluster definition is used\n #name\n when the cluster has an explicitly provided _name_ property\n that property is used\n when the cluster does not have an explicitly provided _name_ property\n the primary key of the cluster definition is used\n #account_id\n is the aws account key for deployment\n #sources\n represents any links to remote sources\n #environments\n represents the attributes of each environment's cluster section\n #fetch\n when the source is remotely held\n logs the plan to clone the source into the infrastructure pth\n deletes any existing source at the infrastructure location\n clones each source into the infrastructure location\n changes to the infrastructure directory for each source\n runs rake terrafile\n changes back to the APP_ROOT\n when the source is a local file path\n does not re-clone the source\n does not run terrafile\n when the specified local directory exists\n logs the fact that the local source is in place\n when the specificed local directory does not exist\n logs an error that the local source is missing\n #deploy\n deploys source infrastructure for each source and each service in each environment\n when a cluster should be created\n deploys cluster infrastructure for each environment\n when the _plan_ option IS invoked\n creates Cluster Deployments with plan settings\n when the _auto_approve_ option IS invoked\n creates Cluster Deployments with auto_approve settings\n handling of tests\n when the _test_ option is NOT invoked\n does not run cluster tests\n does not run cluster tests\n does not run cluster tests\n does not run source tests\n does not run waf tests\n does not run rds tests\n does not run service tests\n does not run service tests\n when the test option IS invoked\n runs tests\n when a cluster should NOT be created\n does not deploy cluster infrastructure\n when test option is invoked\n tests sources and services for each environment\n\nDalmatian::ClusterTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n\nDalmatian::ConfigurationReader\n when a full configuration is provided in a local file\n #call\n has no need to use a cache handler\n returns the loaded configuration\n when a reference to a remote configuration is provided\n and the reference is provided in a local file\n uses the CacheHandlerSelector to provide the appropriate retrieval mechanism\n calls on the selected cache handler\n returns the configuration returned by the cache_handler\n and the reference is provided using environment variables\n passes the provided remote reference to the CacheHandlerSelector\n and references are provided in both environment variables and config file\n prefers the environment variable references over the config file\n and no references are provided\n raises an error\n and the remote reference is missing its _type_\n raises an error\n #ci\n when a parameter path prefix is given\n overwrites the ci:variables config with those retrieved from the param store\n leaves other ci:variables in place\n when a parameter path prefix is NOT given\n does NOT overwrite any ci:variables from the param store\n\nDalmatian::ElasticacheCluster\n #identifier\n uses elasticache identifier\n #in_use_by\n uses elasticache_cluster in_use_by list\n #node_type\n uses elasticache_cluster node_type\n #node_count\n uses elasticache_cluster node_count\n #engine\n uses elasticache_cluster engine\n #engine_version\n uses the elasticache_cluster engine_version\n #parameters\n uses the elasticache_cluster parameters list\n #port\n uses the elasticache_cluster port\n #maintenance_window\n uses the elasticache_cluster maintenance_window\n #snapshot_window\n uses the elasticache_cluster snapshot_window\n #parameter_store_path_elasticache_cluster_url_name\n uses the elasticache_cluster parameter_store_path_elasticache_cluster_url_name\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ElasticacheClusterTest\n #call\n changes to the elasticache-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::GitCacheHandler\n #call\n deletes any old cache\n uses git clone to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n when no special cache path is given\n uses the default cache path of ./.dalmatian_cache/remote_config\n\nDalmatian::Helper\n ::git_clone(source, destination)\n when source and destination args are not provided\n raises an error with usage info\n when given source and destination args\n passes the request to the git CLI\n ::git_checkout(revision)\n checks out the given revision using run!\n ::get(source, destination)\n when source and destination args are not provided\n raises an error with usage info\n when given source and destination args\n opens the source url\n opens a new file at the destination\n writes the source resource into that file\n reads the information from the fetched resource\n ::run!\n passes given cmd to Kernel.system\n when the call to Kernel.system returns _false_\n raise a helpful error\n ::run_with_output!(cmd)\n passes given cmd to Open3.capture3\n when the system call returns a zero exit status\n returns the systems output to STDOUT\n when the system call returns a non-zero exit status\n also returns STDOUT ignoring the exit code and STDERR\n when the system call raises an ENOENT error\n catches this and raises a helpful Error\n ::change_to(path)\n passes the given path to Dir.chdir\n ::to_bool(str)\n when given nil\n returns false\n when given an empty string\n returns false\n when given lower case string _true_\n returns true\n when given mixed case string _True_\n returns true\n when given the object true\n returns true\n when given the object false\n returns false\n ::tflint\n runs the tflint cmd\n ::terrafile\n runs rake terrafile\n ::ask\n delegates to HighLine#ask\n ::ask_in_confidence\n delegates to HighLine#ask\n passes a block to mask the answer\n\nDalmatian::HostedZoneDeployment\n #call\n changes to hosted-zone infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::HostedZone\n #domain\n uses hosted_zone domain\n #ns_records\n uses hosted_zone ns_records\n #a_records\n uses hosted_zone a_records\n #alias_records\n uses hosted_zone alias_records\n #cname_records\n uses hosted_zone cname_records\n #mx_records\n uses hosted_zone mx_records\n #txt_records\n uses hosted_zone txt_records\n #srv_records\n uses hosted_zone srv_records\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::HostedZoneTest\n #call\n changes to the hosted-zone directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::Infrastructure\n Infrastructure::PATH\n is a constant\n Infrastructure::APP_ROOT\n is a constant\n initialisation\n when configuration is not provided\n builds one using the defaults\n #clusters\n creates one cluster for each cluster description provided\n key operations on clusters\n #fetch\n asks all clusters to #fetch\n #test\n asks all clusters to #deploy with _plan_ and _test_ options\n #deploy\n when no parameters given\n asks all clusters to #deploy with _plan_, _test_ and _auto-approve_ disabled\n when parameters are given\n asks all clusters to #deploy with the given options\n when a particular infrastructure is named for deployment\n asks only the named cluster to #deploy with the given options\n\nDalmatian::Logger\n ::error(msg)\n raises an error with a red message\n ::info(msg)\n puts the given given message in white\n ::success(msg)\n puts the given given message in green\n ::warn(msg)\n puts the given given message in yellow\n\nDalmatian::OpensearchCluster\n #identifier\n uses opensearch identifier\n #in_use_by\n uses opensearch_cluster in_use_by list\n #version\n uses opensearch_cluster version\n #master_enabled\n uses opensearch_cluster master_enabled bool\n #master_count\n uses opensearch_cluster master_count\n #master_type\n uses opensearch_cluster master_type\n #instance_count\n uses opensearch_cluster instance_count\n #instance_type\n uses opensearch_cluster instance_type\n #warm_enabled\n uses opensearch_cluster warm_enabled bool\n #warm_count\n uses opensearch_cluster warm_count\n #warm_type\n uses opensearch_cluster warm_type\n #parameter_store_path_opensearch_cluster_url_name\n uses opensearch_cluster parameter_store_path_opensearch_cluster_url_name\n #volume_size\n uses opensearch_cluster volume_size\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::OpensearchClusterTest\n #call\n changes to the opensearch-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ParameterStore\n ::get_parameter(name: \"\", with_decryption: true)\n when getting a single parameter from Parameter Store\n runs aws ssm get-parameter\n ::get_parameters_by_path(path: \"\", with_decryption: true)\n when getting parameters by path from Parameter Store\n runs aws ssm get-parameter\n\nDalmatian::RdsDeployment\n #call\n changes to rds infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Rds\n #identifier\n uses rds identifier\n #in_use_by\n uses rds in_use_by list\n #clusters_in_use\n uses rds clusters_in_use list\n #instance_class\n uses rds instance_class\n #engine\n uses rds engine\n #engine_version\n uses the rds engine_version\n #allocated_storage\n uses the rds allocated_storage\n #storage_encrypted\n uses the rds storage_encrypted bool\n #storage_type\n uses the rds storage_type gp3\n #db_name\n uses the rds db_name\n #port\n uses the rds port\n #maintenance_window\n uses the rds maintenance_window\n #backup_window\n uses the rds backup_window\n #backup_retention_period\n uses the rds backup_retention_period\n #force_ssl\n uses the rds force_ssl bool\n #parameter_store_path_db_url_name\n uses the rds parameter_store_path_db_url_name\n #sql_backup_scheduled_task_environment_variables\n uses the rds sql_backup_scheduled_task_environment_variables\n #check_sql_backup_scheduled_task_environment_variables\n uses the rds check_sql_backup_scheduled_task_environment_variables\n #sync_sql_backup_to_azure\n will have offsite backups disabled by default\n #replication_bucket_destination_arn\n uses the rds replication_bucket_destination_arn\n #replication_kms_key_id\n uses the rds replication_kms_key_id\n #codebuild_access\n uses the rds codebuild_access\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::RdsTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::RemoteReferenceValues\n when the reference is for a git repo\n returns a git shaped configuration\n if _filename_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for an S3 bucket\n returns an S3 shaped configuration\n if _key_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for a URL\n returns a git shaped configuration\n\nDalmatian::S3CacheHandler\n #call\n deletes any old cache\n uses the AWS S3 cmd to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::S3Deployment\n #call\n changes to s3 infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::S3\n #name\n uses s3 name\n #enable_s3_versioning\n uses enable_s3_versioning bool\n #encrypted\n uses s3 encrypted bool\n #acl\n uses s3 acl\n #policy\n uses s3 policy\n #service_cloudfront_read_access\n uses s3 service_cloudfront_read_access\n #cloudfront\n uses s3 cloudfront\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::S3Test\n #call\n changes to the s3 directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ServiceDeployment\n #call\n changes to ecs-services infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Service\n #name\n uses service name\n #blue_green\n uses the service blue_green map\n #parameter_store_path\n uses service parameter_store_path\n #parameter_store_key\n uses service parameter_store_key\n #daemon\n uses the service daemon bool\n #monitoring\n uses the service monitoring hash\n #cloudfront\n recasts the service config in environment groups\n includes the appropriate \"custom_origins\" values in each environment\n Uses an AWS cloudfront managed cache policy\n Uses an AWS cloudfront managed origin policy\n Uses an AWS cloudfront managed response headers policy\n mirroring of elements into each environment group\n includes the \"create\" value\n includes the \"tls_protocol_version\" value\n includes the \"origin_keepalive_timeout\" value\n includes the \"origin_read_timeout\" value\n includes the \"basic_auth\" value\n includes the \"basic_auth_users_extra\" value\n includes the \"viewer_request_functions\" values\n includes the \"offline_page_http_status\" value\n bypass_protection\n uses the \"bypass_protection\" configuration\n custom_behaviors\n converts list of \"path_patterns\" to a single \"path_pattern\"\n #shared_loadbalancer_name\n returns shared loadbalancer name if the service is in use by a shared loadbalancer\n returns empty string if the service is not in use by a shared loadbalancer\n #s3_policy\n uses the service s3_policy map\n #lb_ip_whitelistt\n uses the service lb_ip_whitelist list\n #lb_idle_timeout\n uses the service lb_idle_timeout\n #global_accelerator\n uses service global_accelerator value\n #health_check_path\n uses the service health_check_path\n #health_check_grace_period\n uses the service health_check_grace_period\n #deregistration_delay\n uses the service deregistration_delay\n #serve_from_subdirectory\n uses the service serve_from_subdirectory\n #domain_names\n groups the domain names from the service domain_list into environments\n #proxy_configuration\n groups the proxy configurations from the service proxy_configuration list into environments\n #home_directory\n uses the service home_directory\n #lb_ssl_certificate\n groups the certificate arns from the service lb_ssl_certificate list into environments\n #lb_ssl_policy\n sets the default ssl policy for each environment\n #cloudfront_ssl_certificate\n groups the certificate arns from the service cloudfront_ssl_certificate list into environments\n #image_source\n uses the service image source\n #launch_on\n uses the service 'launch_on' specification\n #launch_on_cluster\n uses the service 'launch_on_cluster' string\n #cluster_min_servers\n uses the service 'cluster_min_servers' string\n #image_location\n uses the service image location\n #track_revision\n uses the service track_revision string\n #custom_codestar_connection_arn\n uses the service custom_codestar_connection_arn\n #codepipeline_use_github_v1\n uses the service codepipeline_use_github_v1\n #codepipeline_codebuild_run_in_vpc\n uses the service codepipeline_codebuild_run_in_vpc\n #codepipeline_codebuild_use_service_env\n uses the service codepipeline_codebuild_use_service_env\n #buildspec\n uses the service buildspec\n #container_port\n uses the service container port\n #container_command\n uses the service container command\n #container_volumes\n uses the service container volumes\n #container_extra_hosts\n uses the service container extra hosts\n #container_count\n uses the service container_count\n #enable_max_one_container_per_instance\n uses the service enable_max_one_container_per_instance\n #scheduled_tasks\n uses the service scheduled tasks\n #workers\n uses the service workers\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ServiceTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SharedLoadbalancerDeployment\n #call\n changes to shared-loadbalancer infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::SharedLoadbalancer\n #name\n uses shared_loadbalancer name\n #in_use_by\n uses shared_loadbalancer in_use_by list\n #clusters_in_use\n uses shared_loadbalancer clusters_in_use list\n #subnets_name\n uses shared_loadbalancer subnets_name value\n #domain_names\n uses shared_loadbalancer domain_names list provided by Services\n #internal\n uses shared_loadbalancer internal value\n #ip_whitelist\n uses shared_loadbalancer ip_whitelist list\n #idle_timeout\n uses shared_loadbalancer idle_timeout value\n #global_accelerator\n uses shared_loadbalancer global_accelerator value\n #ssl_policy\n has the default ssl policy defined\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::SharedLoadbalancerTest\n #call\n changes to the shared-loadbalancer directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SourceDeployment\n #call\n changes to infrastructure config directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Source\n #name\n uses the cluster name and its own position in the cluster's list of sources\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n\nDalmatian::SourceTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform.validate\n\nDalmatian::Terraform\n ::init(upgrade: false)\n when asked to upgrade\n passes terraform init the upgrade flag\n when not asked to upgrade\n does not pass terraform init the upgrade flag\n ::fmt(args = nil)\n when passed some additional arguments\n passes terraform fmt the upgrade flag\n when passed NO additional arguments\n invokes terraform fmt with no arguments\n ::validate(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::ensure_presence_of_workspace(workspace_name)\n logs our intention to create the workspace\n asks Terraform to create the workspace\n when the workspace already exists (and an error is rescued)\n logs our intention to _select_ rather than _create_ the workspace\n asks Terraform to select the existing workspace\n ::plan(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::apply(tfvars, auto_approve=false)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n when auto-approve is set to true\n passes the _auto-approve_ flag to terraform apply\n ::destroy(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::list_workspaces\n changes to the bootstrapping directory\n runs the terraform cmd to list workspaces\n\nDalmatian::UrlCacheHandler\n #call\n deletes any old cache\n uses the helper to GET a URI\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::VpnCustomerGatewayDeployment\n #call\n changes to vpn-customer-gateway infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::VpnCustomerGateway\n #name\n uses vpn_customer_gateway name\n #bgp_asn\n uses vpn_customer_gateway bgp_asn\n #ip_address\n uses vpn_customer_gateway ip_address\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::VpnCustomerGatewayTest\n #call\n changes to the vpn-customer-gateway directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::WAFDeployment\n #call\n changes to waf infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::WAF\n #name\n uses waf name\n #action\n uses waf action\n #ip_deny_list\n has a list of IP addresses to block\n #aws_managed_rules\n uses waf aws_managed_rules list\n #associations\n uses waf associations list\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::WAFTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nFinished in 3.23 seconds (files took 0.7496 seconds to load)\n478 examples, 0 failures\n\nCoverage report generated for RSpec to /Users/bob/git/dxw/dalmatian/coverage. 4310 / 4389 LOC (98.2%) covered.\n\n==> Linting markdown...", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "96b634b9-4ae9-41cd-a13d-a49ab1bf44c7", "timestamp": "2026-02-20T17:46:34.017Z", "type": "gemini", "content": "I will now run the Terraform plan for the `rds` infrastructure in the `dxw-pentest` environment to confirm that the `aws_s3_bucket_versioning` resource is no longer being created for the SQL backup bucket when replication is disabled.", "thoughts": [], "tokens": { "input": 34938, "output": 96, "cached": 24560, "thoughts": 0, "tool": 0, "total": 35034 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771609594015_0", "name": "run_shell_command", "args": { "command": "./scripts/bin/test -i dxw-pentest -T rds", "description": "Run Terraform plan for the dxw-pentest rds infrastructure." }, "result": [ { "functionResponse": { "id": "run_shell_command_1771609594015_0", "name": "run_shell_command", "response": { "output": "Output too large. Showing first 8,000 and last 32,000 characters. For full output see: /Users/bob/.gemini/tmp/dalmatian/tool-outputs/session-630ce049-b5a9-45d9-a5c3-385de197ea93/run_shell_command_1771609594015_0.txt\nOutput: ==> Installing Ruby and dependencies...\nSuccessfully installed bundler-2.4.22\nParsing documentation for bundler-2.4.22\nDone installing documentation for bundler after 0 seconds\n1 gem installed\nBundle complete! 13 Gemfile dependencies, 53 gems now installed.\nBundled gems are installed into `../../../.bundles`\n\n==> Installing Terraform and dependencies...\nTerraform v1.9.8 is already installed\n[*] Checking out 0.17.0 from git@github.com:cloudposse/terraform-aws-codebuild.git\n[*] Checking out 2.1.0 from git@github.com:dxw/terraform-aws-github-ci.git\n[*] Checking out 3cc589ecb5bf70fbd1188c47c915550235d4714b from git@github.com:dxw/terraform-aws-s3-bucket.git\n[*] Checking out v2.70.0 from git@github.com:terraform-aws-modules/terraform-aws-vpc\n[*] Checking out v5.7.0 from git@github.com:dxw/tf_aws_ecs.git\n[*] Checking out 1.1.0 from git@github.com:dxw/terraform-aws-cloudtrail\n[*] Checking out 0.28.2 from git@github.com:cloudposse/terraform-aws-efs\n[*] Checking out v1.3.0 from git@github.com:claranet/terraform-aws-lambda\n[*] Checking out v5.2.2 from git@github.com:terraform-aws-modules/terraform-aws-rds\n[*] Checking out v8.3.1 from git@github.com:terraform-aws-modules/terraform-aws-rds-aurora.git\n\n==> Checking for a 'dalmatian.yml' in the root...\nFound: /Users/bob/git/dxw/dalmatian-config/dalmatian.yml\n\n==> Linting YAML...\n\n==> Linting shell scripts...\n\n==> Checking Terraform for JSON errors...\n- Checking ./terraform/policies/iam-read.json... Passed\n- Checking ./terraform/policies/s3-rw-with-versioning.json... Passed\n- Checking ./terraform/policies/codestar-connection-use.json... Passed\n- Checking ./terraform/policies/iam-create-access-key.json... Passed\n- Checking ./terraform/policies/codebuild.json... Passed\n- Checking ./terraform/policies/kms-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/iam-change-password.json... Passed\n- Checking ./terraform/policies/administrator-access.json... Passed\n- Checking ./terraform/policies/assume_roles/aws-backup.json... Passed\n- Checking ./terraform/policies/assume_roles/autoscaling.json... Passed\n- Checking ./terraform/policies/assume_roles/events.json... Passed\n- Checking ./terraform/policies/assume_roles/ecs.json... Passed\n- Checking ./terraform/policies/assume_roles/codepipeline.json... Passed\n- Checking ./terraform/policies/iam-mfa.json... Passed\n- Checking ./terraform/policies/route53-read.json... Passed\n- Checking ./terraform/policies/s3-full-access.json... Passed\n- Checking ./terraform/policies/parameter-store-read-decrypt.json... Passed\n- Checking ./terraform/policies/s3-read.json... Passed\n- Checking ./terraform/policies/parameter-store-RW-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/all-read-with-billing.json... Passed\n- Checking ./terraform/policies/codebuild-start-build.json... Passed\n- Checking ./terraform/policies/all-read.json... Passed\n\n==> Linting Terraform...\n\n==> Running Ruby tests...\n/Users/bob/.rbenv/versions/2.7.1/bin/ruby -I/Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/lib:/Users/bob/.bundles/ruby/2.7.0/gems/rspec-support-3.12.1/lib /Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/exe/rspec --pattern spec/\\*\\*\\{,/\\*/\\*\\*\\}/\\*_spec.rb\n\ntests local configuration\n use of \"terraform apply\"\n passes the hosted zone config to \"terraform apply\"\n passes the s3 config to \"terraform apply\"\n passes the vpn customer gateway config to \"terraform apply\"\n passes the base config to \"terraform apply\"\n passes the waf config to \"terraform apply\"\n passes the rds config to \"terraform apply\"\n passes the elasticache config to \"terraform apply\"\n passes the opensearch config to \"terraform apply\"\n passes the service config to \"terraform apply\"\n passes the loadbalancer config to \"terraform apply\"\n passes the cluster 2 config to \"terraform apply\"\n passes the cluster 3 config to \"terraform apply\"\n passes the cluster 4 config to \"terraform apply\"\n\ntests remote configuration\n retrieves the remotely held full configuration\n proceeds with deploying the infrastructure as per the cached full configuration\n\ntests local configuration\n invokes \"terraform validate\" with the expected cluster options\n invokes \"terraform validate\" with the expected source options\n use of \"terraform plan\"\n passes the hosted zone config to \"terraform plan\"\n passes the s3 config to \"terraform plan\"\n passes the vpn customer gateway config to \"terraform plan\"\n passes the base config to \"terraform plan\"\n passes the waf config to \"terraform plan\"\n passes the rds config to \"terraform plan\"\n passes the elasticache config to \"terraform plan\"\n passes the opensearch config to \"terraform plan\"\n passes the services config to \"terraform plan\"\n passes the loadbalancer config to \"terraform plan\"\n passes the cluster 2 config to \"terraform plan\"\n passes the cluster 3 config to \"terraform plan\"\n passes the cluster 4 config to \"terraform plan\"\n\nDalmatian::Account\n initialisation\n gathering user input\n asks the user for AWS credentials\n asks the user for the AWS account id to use\n asks the user for an account alias\n #call\n changes to the bootstrapping directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n\nDalmatian::CacheHandlerSelector\n ::new_for(remote_reference)\n when the remote reference is for a git repo\n asks for an instance of GitCacheHandler\n when the remote reference is for an S3 bucket\n asks for an instance of S3CacheHandler\n when the remote reference is for a URL\n asks for an instance of UrlCacheHandler\n when the type is unknown\n raises an error\n\nCacheHandler\n when a subclass class does not implement #cache_remote_configuration\n raises a helpful error\n\nDalmatian::CI\n CI::PATH\n is a constant\n #deploy\n changes to the ci directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n #test\n runs terraform plan with the user-supplied vars\n\nDalmatian::ClusterDeployment\n #call\n changes to the ecs directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n when in _plan_ mode\n invokes Terraform.plan using the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply using the _dalmatian-admin_\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Cluster\n on initialisation\n makes Hosted zones, S3, Sources, Services, Loadbalancers, WAF and Rds\n #target_directory\n is a standard _ecs_ path\n #id\n is the primary key of the cluster definition is used\n #name\n when the cluster has an explicitly provided _name_ property\n that property is used\n when the cluster does not have an explicitly provided _name_ property\n the primary key of the cluster definition is used\n #account_id\n is the aws account key for deployment\n #sources\n represents any links to remote sources\n #environments\n represents the attributes of each environment's cluster section\n #fetch\n when the source is remotely held\n logs the plan to clone the source into the infrastructure pth\n deletes any existing source at the infrastructure location\n clones each source into the infrastructure location\n changes to the infrastructure directory for each source\n runs rake terrafile\n changes back to the APP_ROOT\n when the source is a local file path\n does not re-clone the source\n does not run terrafile\n when the specified local directory exists\n logs the fact that the local source is in place\n when the specificed local directory does not exist\n logs an error that the local source is\n\n... [5,135 characters omitted] ...\n\n to Kernel.system returns _false_\n raise a helpful error\n ::run_with_output!(cmd)\n passes given cmd to Open3.capture3\n when the system call returns a zero exit status\n returns the systems output to STDOUT\n when the system call returns a non-zero exit status\n also returns STDOUT ignoring the exit code and STDERR\n when the system call raises an ENOENT error\n catches this and raises a helpful Error\n ::change_to(path)\n passes the given path to Dir.chdir\n ::to_bool(str)\n when given nil\n returns false\n when given an empty string\n returns false\n when given lower case string _true_\n returns true\n when given mixed case string _True_\n returns true\n when given the object true\n returns true\n when given the object false\n returns false\n ::tflint\n runs the tflint cmd\n ::terrafile\n runs rake terrafile\n ::ask\n delegates to HighLine#ask\n ::ask_in_confidence\n delegates to HighLine#ask\n passes a block to mask the answer\n\nDalmatian::HostedZoneDeployment\n #call\n changes to hosted-zone infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::HostedZone\n #domain\n uses hosted_zone domain\n #ns_records\n uses hosted_zone ns_records\n #a_records\n uses hosted_zone a_records\n #alias_records\n uses hosted_zone alias_records\n #cname_records\n uses hosted_zone cname_records\n #mx_records\n uses hosted_zone mx_records\n #txt_records\n uses hosted_zone txt_records\n #srv_records\n uses hosted_zone srv_records\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::HostedZoneTest\n #call\n changes to the hosted-zone directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::Infrastructure\n Infrastructure::PATH\n is a constant\n Infrastructure::APP_ROOT\n is a constant\n initialisation\n when configuration is not provided\n builds one using the defaults\n #clusters\n creates one cluster for each cluster description provided\n key operations on clusters\n #fetch\n asks all clusters to #fetch\n #test\n asks all clusters to #deploy with _plan_ and _test_ options\n #deploy\n when no parameters given\n asks all clusters to #deploy with _plan_, _test_ and _auto-approve_ disabled\n when parameters are given\n asks all clusters to #deploy with the given options\n when a particular infrastructure is named for deployment\n asks only the named cluster to #deploy with the given options\n\nDalmatian::Logger\n ::error(msg)\n raises an error with a red message\n ::info(msg)\n puts the given given message in white\n ::success(msg)\n puts the given given message in green\n ::warn(msg)\n puts the given given message in yellow\n\nDalmatian::OpensearchCluster\n #identifier\n uses opensearch identifier\n #in_use_by\n uses opensearch_cluster in_use_by list\n #version\n uses opensearch_cluster version\n #master_enabled\n uses opensearch_cluster master_enabled bool\n #master_count\n uses opensearch_cluster master_count\n #master_type\n uses opensearch_cluster master_type\n #instance_count\n uses opensearch_cluster instance_count\n #instance_type\n uses opensearch_cluster instance_type\n #warm_enabled\n uses opensearch_cluster warm_enabled bool\n #warm_count\n uses opensearch_cluster warm_count\n #warm_type\n uses opensearch_cluster warm_type\n #parameter_store_path_opensearch_cluster_url_name\n uses opensearch_cluster parameter_store_path_opensearch_cluster_url_name\n #volume_size\n uses opensearch_cluster volume_size\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::OpensearchClusterTest\n #call\n changes to the opensearch-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ParameterStore\n ::get_parameter(name: \"\", with_decryption: true)\n when getting a single parameter from Parameter Store\n runs aws ssm get-parameter\n ::get_parameters_by_path(path: \"\", with_decryption: true)\n when getting parameters by path from Parameter Store\n runs aws ssm get-parameter\n\nDalmatian::RdsDeployment\n #call\n changes to rds infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Rds\n #identifier\n uses rds identifier\n #in_use_by\n uses rds in_use_by list\n #clusters_in_use\n uses rds clusters_in_use list\n #instance_class\n uses rds instance_class\n #engine\n uses rds engine\n #engine_version\n uses the rds engine_version\n #allocated_storage\n uses the rds allocated_storage\n #storage_encrypted\n uses the rds storage_encrypted bool\n #storage_type\n uses the rds storage_type gp3\n #db_name\n uses the rds db_name\n #port\n uses the rds port\n #maintenance_window\n uses the rds maintenance_window\n #backup_window\n uses the rds backup_window\n #backup_retention_period\n uses the rds backup_retention_period\n #force_ssl\n uses the rds force_ssl bool\n #parameter_store_path_db_url_name\n uses the rds parameter_store_path_db_url_name\n #sql_backup_scheduled_task_environment_variables\n uses the rds sql_backup_scheduled_task_environment_variables\n #check_sql_backup_scheduled_task_environment_variables\n uses the rds check_sql_backup_scheduled_task_environment_variables\n #sync_sql_backup_to_azure\n will have offsite backups disabled by default\n #replication_bucket_destination_arn\n uses the rds replication_bucket_destination_arn\n #replication_kms_key_id\n uses the rds replication_kms_key_id\n #codebuild_access\n uses the rds codebuild_access\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::RdsTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::RemoteReferenceValues\n when the reference is for a git repo\n returns a git shaped configuration\n if _filename_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for an S3 bucket\n returns an S3 shaped configuration\n if _key_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for a URL\n returns a git shaped configuration\n\nDalmatian::S3CacheHandler\n #call\n deletes any old cache\n uses the AWS S3 cmd to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::S3Deployment\n #call\n changes to s3 infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::S3\n #name\n uses s3 name\n #enable_s3_versioning\n uses enable_s3_versioning bool\n #encrypted\n uses s3 encrypted bool\n #acl\n uses s3 acl\n #policy\n uses s3 policy\n #service_cloudfront_read_access\n uses s3 service_cloudfront_read_access\n #cloudfront\n uses s3 cloudfront\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::S3Test\n #call\n changes to the s3 directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ServiceDeployment\n #call\n changes to ecs-services infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Service\n #name\n uses service name\n #blue_green\n uses the service blue_green map\n #parameter_store_path\n uses service parameter_store_path\n #parameter_store_key\n uses service parameter_store_key\n #daemon\n uses the service daemon bool\n #monitoring\n uses the service monitoring hash\n #cloudfront\n recasts the service config in environment groups\n includes the appropriate \"custom_origins\" values in each environment\n Uses an AWS cloudfront managed cache policy\n Uses an AWS cloudfront managed origin policy\n Uses an AWS cloudfront managed response headers policy\n mirroring of elements into each environment group\n includes the \"create\" value\n includes the \"tls_protocol_version\" value\n includes the \"origin_keepalive_timeout\" value\n includes the \"origin_read_timeout\" value\n includes the \"basic_auth\" value\n includes the \"basic_auth_users_extra\" value\n includes the \"viewer_request_functions\" values\n includes the \"offline_page_http_status\" value\n bypass_protection\n uses the \"bypass_protection\" configuration\n custom_behaviors\n converts list of \"path_patterns\" to a single \"path_pattern\"\n #shared_loadbalancer_name\n returns shared loadbalancer name if the service is in use by a shared loadbalancer\n returns empty string if the service is not in use by a shared loadbalancer\n #s3_policy\n uses the service s3_policy map\n #lb_ip_whitelistt\n uses the service lb_ip_whitelist list\n #lb_idle_timeout\n uses the service lb_idle_timeout\n #global_accelerator\n uses service global_accelerator value\n #health_check_path\n uses the service health_check_path\n #health_check_grace_period\n uses the service health_check_grace_period\n #deregistration_delay\n uses the service deregistration_delay\n #serve_from_subdirectory\n uses the service serve_from_subdirectory\n #domain_names\n groups the domain names from the service domain_list into environments\n #proxy_configuration\n groups the proxy configurations from the service proxy_configuration list into environments\n #home_directory\n uses the service home_directory\n #lb_ssl_certificate\n groups the certificate arns from the service lb_ssl_certificate list into environments\n #lb_ssl_policy\n sets the default ssl policy for each environment\n #cloudfront_ssl_certificate\n groups the certificate arns from the service cloudfront_ssl_certificate list into environments\n #image_source\n uses the service image source\n #launch_on\n uses the service 'launch_on' specification\n #launch_on_cluster\n uses the service 'launch_on_cluster' string\n #cluster_min_servers\n uses the service 'cluster_min_servers' string\n #image_location\n uses the service image location\n #track_revision\n uses the service track_revision string\n #custom_codestar_connection_arn\n uses the service custom_codestar_connection_arn\n #codepipeline_use_github_v1\n uses the service codepipeline_use_github_v1\n #codepipeline_codebuild_run_in_vpc\n uses the service codepipeline_codebuild_run_in_vpc\n #codepipeline_codebuild_use_service_env\n uses the service codepipeline_codebuild_use_service_env\n #buildspec\n uses the service buildspec\n #container_port\n uses the service container port\n #container_command\n uses the service container command\n #container_volumes\n uses the service container volumes\n #container_extra_hosts\n uses the service container extra hosts\n #container_count\n uses the service container_count\n #enable_max_one_container_per_instance\n uses the service enable_max_one_container_per_instance\n #scheduled_tasks\n uses the service scheduled tasks\n #workers\n uses the service workers\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ServiceTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SharedLoadbalancerDeployment\n #call\n changes to shared-loadbalancer infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::SharedLoadbalancer\n #name\n uses shared_loadbalancer name\n #in_use_by\n uses shared_loadbalancer in_use_by list\n #clusters_in_use\n uses shared_loadbalancer clusters_in_use list\n #subnets_name\n uses shared_loadbalancer subnets_name value\n #domain_names\n uses shared_loadbalancer domain_names list provided by Services\n #internal\n uses shared_loadbalancer internal value\n #ip_whitelist\n uses shared_loadbalancer ip_whitelist list\n #idle_timeout\n uses shared_loadbalancer idle_timeout value\n #global_accelerator\n uses shared_loadbalancer global_accelerator value\n #ssl_policy\n has the default ssl policy defined\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::SharedLoadbalancerTest\n #call\n changes to the shared-loadbalancer directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SourceDeployment\n #call\n changes to infrastructure config directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Source\n #name\n uses the cluster name and its own position in the cluster's list of sources\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n\nDalmatian::SourceTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform.validate\n\nDalmatian::Terraform\n ::init(upgrade: false)\n when asked to upgrade\n passes terraform init the upgrade flag\n when not asked to upgrade\n does not pass terraform init the upgrade flag\n ::fmt(args = nil)\n when passed some additional arguments\n passes terraform fmt the upgrade flag\n when passed NO additional arguments\n invokes terraform fmt with no arguments\n ::validate(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::ensure_presence_of_workspace(workspace_name)\n logs our intention to create the workspace\n asks Terraform to create the workspace\n when the workspace already exists (and an error is rescued)\n logs our intention to _select_ rather than _create_ the workspace\n asks Terraform to select the existing workspace\n ::plan(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::apply(tfvars, auto_approve=false)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n when auto-approve is set to true\n passes the _auto-approve_ flag to terraform apply\n ::destroy(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::list_workspaces\n changes to the bootstrapping directory\n runs the terraform cmd to list workspaces\n\nDalmatian::UrlCacheHandler\n #call\n deletes any old cache\n uses the helper to GET a URI\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::VpnCustomerGatewayDeployment\n #call\n changes to vpn-customer-gateway infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::VpnCustomerGateway\n #name\n uses vpn_customer_gateway name\n #bgp_asn\n uses vpn_customer_gateway bgp_asn\n #ip_address\n uses vpn_customer_gateway ip_address\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::VpnCustomerGatewayTest\n #call\n changes to the vpn-customer-gateway directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::WAFDeployment\n #call\n changes to waf infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::WAF\n #name\n uses waf name\n #action\n uses waf action\n #ip_deny_list\n has a list of IP addresses to block\n #aws_managed_rules\n uses waf aws_managed_rules list\n #associations\n uses waf associations list\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::WAFTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nFinished in 3.24 seconds (files took 0.74069 seconds to load)\n478 examples, 0 failures\n\nCoverage report generated for RSpec to /Users/bob/git/dxw/dalmatian/coverage. 4310 / 4389 LOC (98.2%) covered.\n\n==> Linting markdown...\n\n==> Fetching Dalmatian config for 'dxw-pentest'...\n\n==> Testing Dalmatian for 'dxw-pentest'...\n[*] Running terraform init for dxw-pentest-pentestvone-rds-staging\nInitializing the backend...\nUpgrading modules...\n- rds in ../../../vendor/terraform_modules/terraform-aws-rds\n- rds.db_instance in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_instance\n- rds.db_option_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_option_group\n- rds.db_parameter_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_parameter_group\n- rds.db_subnet_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_subnet_group\nInitializing provider plugins...\n- Finding hashicorp/aws versions matching \">= 4.45.0, ~> 4.45\"...\n- Finding hashicorp/random versions matching \">= 3.1.0\"...\n- Using previously-installed hashicorp/random v3.8.1\n- Using previously-installed hashicorp/aws v4.67.0\n\nTerraform has been successfully initialized!\n\nYou may now begin working with Terraform. Try running \"terraform plan\" to see\nany changes that are required for your infrastructure. All Terraform commands\nshould now work.\n\nIf you ever set or change modules or backend configuration for Terraform,\nrerun this command to reinitialize your working directory. If you forget, other\ncommands will detect it and remind you to do so if necessary.\n[*] Creating dxw-pentest-pentestvone-rds-staging workspace\nWorkspace \"dxw-pentest-pentestvone-rds-staging\" already exists\n[*] Selecting dxw-pentest-pentestvone-rds-staging workspace\n[*] Running terraform fmt for dxw-pentest-pentestvone-rds-staging\n[*] Running terraform validate for dxw-pentest-pentestvone-rds-staging\nSuccess! The configuration is valid.\n\n[*] Creating dxw-pentest-pentestvone-rds-staging workspace\nWorkspace \"dxw-pentest-pentestvone-rds-staging\" already exists\n[*] Selecting dxw-pentest-pentestvone-rds-staging workspace\nrandom_password.rds_password: Refreshing state... [id=none]\nmodule.rds.module.db_instance.random_id.snapshot_identifier[0]: Refreshing state... [id=lmwwSA]\ndata.aws_caller_identity.current: Reading...\ndata.aws_caller_identity.current: Read complete after 1s [id=511700466171]\ndata.aws_kms_alias.ssm: Reading...\nmodule.rds.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Reading...\ndata.aws_s3_bucket.transfer: Reading...\naws_iam_role.check_sql_backup_scheduled_task_ecs_execution: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution]\ndata.aws_ecs_cluster.cluster: Reading...\naws_iam_role.sql_backup_scheduled_task_cloudwatch: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-cw]\ndata.aws_launch_template.ecs_launch_template: Reading...\naws_iam_role.check_sql_backup_scheduled_task_cloudwatch: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-cw]\naws_iam_role.check_sql_backup_scheduled_task_ecs: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs]\naws_iam_role.sql_backup_scheduled_task_ecs_execution: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution]\nmodule.rds.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Read complete after 0s [id=1813475199]\nmodule.rds.module.db_instance.data.aws_partition.current: Reading...\nmodule.rds.module.db_instance.data.aws_partition.current: Read complete after 0s [id=aws]\nmodule.rds.module.db_option_group.aws_db_option_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133225312500000002]\ndata.aws_kms_alias.ssm: Read complete after 0s [id=arn:aws:kms:eu-west-2:932446864135:alias/aws/ssm]\naws_cloudwatch_event_rule.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st]\ndata.aws_ecs_cluster.cluster: Read complete after 0s [id=arn:aws:ecs:eu-west-2:932446864135:cluster/dxw-pentest-staging]\nmodule.rds.module.db_parameter_group.aws_db_parameter_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133224710900000001]\ndata.aws_s3_bucket.transfer: Read complete after 0s [id=dxw-pentest-ecs-staging-dalmatian-transfer]\naws_kms_key.rds_ssm: Refreshing state... [id=0aa5dca8-ddcc-4258-bf28-a561b9a8ef87]\ndata.aws_launch_template.ecs_launch_template: Read complete after 0s [id=lt-0fba00b394755128b]\naws_cloudwatch_event_rule.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st]\naws_s3_bucket.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\ndata.aws_security_group.ecs_security_group: Reading...\ndata.aws_vpc.vpc: Reading...\naws_iam_role.sql_backup_scheduled_task_ecs: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs]\ndata.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile: Reading...\ndata.aws_security_group.ecs_security_group: Read complete after 1s [id=sg-09323ac1b18adbf47]\naws_kms_alias.rds_ssm: Refreshing state... [id=alias/dxw-pentest-pentestvone-rds-staging-rds-values-ssm]\naws_ssm_parameter.rds_db_password: Refreshing state... [id=/dxw-pentest/dxwpentestpentestvonestaging-rds/password]\naws_s3_bucket_policy.sql_backups_bucket: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_server_side_encryption_configuration.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\ndata.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile: Read complete after 1s [id=AIPA5SGRKAMD3YWY6PA25]\naws_iam_policy.ecs_cluster_sql_backup_s3_policy: Refreshing state... [id=arn:aws:iam::932446864135:policy/dxw-pentest-pentestvone-rds-staging-ecs-cluster-sql-backups-s3-policy]\naws_s3_bucket_acl.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup,private]\naws_s3_bucket_public_access_block.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_lifecycle_configuration.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\ndata.aws_vpc.vpc: Read complete after 1s [id=vpc-08160529b0069a9a4]\naws_security_group.rds: Refreshing state... [id=sg-03c7b2d71eea98557]\ndata.aws_subnet.extra_public[0]: Reading...\ndata.aws_subnet.extra_public[1]: Reading...\ndata.aws_subnet.extra_public[0]: Read complete after 0s [id=subnet-019286daa18327178]\ndata.aws_subnet.extra_public[2]: Reading...\ndata.aws_subnet.ecs_private[1]: Reading...\ndata.aws_subnet.ecs_private[2]: Reading...\ndata.aws_subnet.ecs_private[0]: Reading...\ndata.aws_subnet.extra_public[1]: Read complete after 0s [id=subnet-0295a7cf928d802eb]\naws_security_group_rule.transition_rds_postgresql_sg_rule[0]: Refreshing state... [id=sgrule-4074910867]\ndata.aws_subnet.extra_public[2]: Read complete after 0s [id=subnet-0e6866a5f131efdeb]\naws_iam_role_policy.check_sql_backup_scheduled_task_ecs_execution_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution-policy]\naws_iam_role_policy_attachment.ecs_cluster_sql_backup_s3_policy: Refreshing state... [id=tf-ECSInRole-dxw-pentest-staging20250630094259383100000001-20250630133227029100000004]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-allow-s3-policy]\naws_iam_role_policy.check_sql_backup_scheduled_task_cloudwatch_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-cw:dxw-pentest-dxwpentestpentestvonestaging-csb-cw-policy]\ndata.aws_subnet.ecs_private[1]: Read complete after 0s [id=subnet-0606eeedab5dea6c7]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_execution_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution-policy]\ndata.aws_subnet.ecs_private[2]: Read complete after 0s [id=subnet-01660d0866e86d9b6]\naws_iam_role_policy.sql_backup_scheduled_task_cloudwatch_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-cw:dxw-pentest-dxwpentestpentestvonestaging-sb-cw-policy]\ndata.aws_subnet.ecs_private[0]: Read complete after 0s [id=subnet-0615109dfd24f74b5]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_execution_role_ssm_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution-ssm-policy]\ndata.aws_route_table.private_subnet_route_table: Reading...\nmodule.rds.module.db_subnet_group.aws_db_subnet_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133225841900000003]\naws_iam_role_policy.check_sql_backup_transfer_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs:dxw-pentest-dxwpentestpentestvonestaging-csbt-ecs-allow-s3-policy]\naws_iam_role_policy.check_sql_backup_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs:dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-allow-s3-policy]\naws_ecs_task_definition.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st]\ndata.aws_route_table.private_subnet_route_table: Read complete after 0s [id=rtb-092cddc21bbb96803]\naws_cloudwatch_event_target.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st-dxw-pentest-dxwpentestpentestvonestaging-csb-st-target]\nmodule.rds.module.db_instance.aws_db_instance.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging]\naws_ssm_document.rds_db_creation: Refreshing state... [id=dxwpentestpentestvonestaging-rds-db-creation]\naws_ecs_task_definition.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st]\naws_ssm_document.rds_sql_dump: Refreshing state... [id=dxwpentestpentestvonestaging-rds-sql-dump]\naws_ssm_document.rds_db_list: Refreshing state... [id=dxwpentestpentestvonestaging-rds-db-list]\naws_ssm_document.rds_sql_import: Refreshing state... [id=dxwpentestpentestvonestaging-rds-sql-import]\naws_ssm_document.rds_shell: Refreshing state... [id=dxwpentestpentestvonestaging-rds-shell]\naws_cloudwatch_event_target.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st-dxw-pentest-dxwpentestpentestvonestaging-sb-st-target]\n\nNo changes. Your infrastructure matches the configuration.\n\nTerraform has compared your real infrastructure against your\nconfiguration and found no differences, so no changes are\nneeded.\nProcess Group PGID: 64512" } } } ], "status": "success", "timestamp": "2026-02-20T17:49:45.482Z", "resultDisplay": "==> Installing Ruby and dependencies...\nSuccessfully installed bundler-2.4.22\nParsing documentation for bundler-2.4.22\nDone installing documentation for bundler after 0 seconds\n1 gem installed\nBundle complete! 13 Gemfile dependencies, 53 gems now installed.\nBundled gems are installed into `../../../.bundles`\n\n==> Installing Terraform and dependencies...\nTerraform v1.9.8 is already installed\n[*] Checking out 0.17.0 from git@github.com:cloudposse/terraform-aws-codebuild.git\n[*] Checking out 2.1.0 from git@github.com:dxw/terraform-aws-github-ci.git\n[*] Checking out 3cc589ecb5bf70fbd1188c47c915550235d4714b from git@github.com:dxw/terraform-aws-s3-bucket.git\n[*] Checking out v2.70.0 from git@github.com:terraform-aws-modules/terraform-aws-vpc\n[*] Checking out v5.7.0 from git@github.com:dxw/tf_aws_ecs.git\n[*] Checking out 1.1.0 from git@github.com:dxw/terraform-aws-cloudtrail\n[*] Checking out 0.28.2 from git@github.com:cloudposse/terraform-aws-efs\n[*] Checking out v1.3.0 from git@github.com:claranet/terraform-aws-lambda\n[*] Checking out v5.2.2 from git@github.com:terraform-aws-modules/terraform-aws-rds\n[*] Checking out v8.3.1 from git@github.com:terraform-aws-modules/terraform-aws-rds-aurora.git\n\n==> Checking for a 'dalmatian.yml' in the root...\nFound: /Users/bob/git/dxw/dalmatian-config/dalmatian.yml\n\n==> Linting YAML...\n\n==> Linting shell scripts...\n\n==> Checking Terraform for JSON errors...\n- Checking ./terraform/policies/iam-read.json... Passed\n- Checking ./terraform/policies/s3-rw-with-versioning.json... Passed\n- Checking ./terraform/policies/codestar-connection-use.json... Passed\n- Checking ./terraform/policies/iam-create-access-key.json... Passed\n- Checking ./terraform/policies/codebuild.json... Passed\n- Checking ./terraform/policies/kms-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/iam-change-password.json... Passed\n- Checking ./terraform/policies/administrator-access.json... Passed\n- Checking ./terraform/policies/assume_roles/aws-backup.json... Passed\n- Checking ./terraform/policies/assume_roles/autoscaling.json... Passed\n- Checking ./terraform/policies/assume_roles/events.json... Passed\n- Checking ./terraform/policies/assume_roles/ecs.json... Passed\n- Checking ./terraform/policies/assume_roles/codepipeline.json... Passed\n- Checking ./terraform/policies/iam-mfa.json... Passed\n- Checking ./terraform/policies/route53-read.json... Passed\n- Checking ./terraform/policies/s3-full-access.json... Passed\n- Checking ./terraform/policies/parameter-store-read-decrypt.json... Passed\n- Checking ./terraform/policies/s3-read.json... Passed\n- Checking ./terraform/policies/parameter-store-RW-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/all-read-with-billing.json... Passed\n- Checking ./terraform/policies/codebuild-start-build.json... Passed\n- Checking ./terraform/policies/all-read.json... Passed\n\n==> Linting Terraform...\n\n==> Running Ruby tests...\n/Users/bob/.rbenv/versions/2.7.1/bin/ruby -I/Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/lib:/Users/bob/.bundles/ruby/2.7.0/gems/rspec-support-3.12.1/lib /Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/exe/rspec --pattern spec/\\*\\*\\{,/\\*/\\*\\*\\}/\\*_spec.rb\n\ntests local configuration\n use of \"terraform apply\"\n passes the hosted zone config to \"terraform apply\"\n passes the s3 config to \"terraform apply\"\n passes the vpn customer gateway config to \"terraform apply\"\n passes the base config to \"terraform apply\"\n passes the waf config to \"terraform apply\"\n passes the rds config to \"terraform apply\"\n passes the elasticache config to \"terraform apply\"\n passes the opensearch config to \"terraform apply\"\n passes the service config to \"terraform apply\"\n passes the loadbalancer config to \"terraform apply\"\n passes the cluster 2 config to \"terraform apply\"\n passes the cluster 3 config to \"terraform apply\"\n passes the cluster 4 config to \"terraform apply\"\n\ntests remote configuration\n retrieves the remotely held full configuration\n proceeds with deploying the infrastructure as per the cached full configuration\n\ntests local configuration\n invokes \"terraform validate\" with the expected cluster options\n invokes \"terraform validate\" with the expected source options\n use of \"terraform plan\"\n passes the hosted zone config to \"terraform plan\"\n passes the s3 config to \"terraform plan\"\n passes the vpn customer gateway config to \"terraform plan\"\n passes the base config to \"terraform plan\"\n passes the waf config to \"terraform plan\"\n passes the rds config to \"terraform plan\"\n passes the elasticache config to \"terraform plan\"\n passes the opensearch config to \"terraform plan\"\n passes the services config to \"terraform plan\"\n passes the loadbalancer config to \"terraform plan\"\n passes the cluster 2 config to \"terraform plan\"\n passes the cluster 3 config to \"terraform plan\"\n passes the cluster 4 config to \"terraform plan\"\n\nDalmatian::Account\n initialisation\n gathering user input\n asks the user for AWS credentials\n asks the user for the AWS account id to use\n asks the user for an account alias\n #call\n changes to the bootstrapping directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n\nDalmatian::CacheHandlerSelector\n ::new_for(remote_reference)\n when the remote reference is for a git repo\n asks for an instance of GitCacheHandler\n when the remote reference is for an S3 bucket\n asks for an instance of S3CacheHandler\n when the remote reference is for a URL\n asks for an instance of UrlCacheHandler\n when the type is unknown\n raises an error\n\nCacheHandler\n when a subclass class does not implement #cache_remote_configuration\n raises a helpful error\n\nDalmatian::CI\n CI::PATH\n is a constant\n #deploy\n changes to the ci directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n #test\n runs terraform plan with the user-supplied vars\n\nDalmatian::ClusterDeployment\n #call\n changes to the ecs directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n when in _plan_ mode\n invokes Terraform.plan using the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply using the _dalmatian-admin_\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Cluster\n on initialisation\n makes Hosted zones, S3, Sources, Services, Loadbalancers, WAF and Rds\n #target_directory\n is a standard _ecs_ path\n #id\n is the primary key of the cluster definition is used\n #name\n when the cluster has an explicitly provided _name_ property\n that property is used\n when the cluster does not have an explicitly provided _name_ property\n the primary key of the cluster definition is used\n #account_id\n is the aws account key for deployment\n #sources\n represents any links to remote sources\n #environments\n represents the attributes of each environment's cluster section\n #fetch\n when the source is remotely held\n logs the plan to clone the source into the infrastructure pth\n deletes any existing source at the infrastructure location\n clones each source into the infrastructure location\n changes to the infrastructure directory for each source\n runs rake terrafile\n changes back to the APP_ROOT\n when the source is a local file path\n does not re-clone the source\n does not run terrafile\n when the specified local directory exists\n logs the fact that the local source is in place\n when the specificed local directory does not exist\n logs an error that the local source is missing\n #deploy\n deploys source infrastructure for each source and each service in each environment\n when a cluster should be created\n deploys cluster infrastructure for each environment\n when the _plan_ option IS invoked\n creates Cluster Deployments with plan settings\n when the _auto_approve_ option IS invoked\n creates Cluster Deployments with auto_approve settings\n handling of tests\n when the _test_ option is NOT invoked\n does not run cluster tests\n does not run cluster tests\n does not run cluster tests\n does not run source tests\n does not run waf tests\n does not run rds tests\n does not run service tests\n does not run service tests\n when the test option IS invoked\n runs tests\n when a cluster should NOT be created\n does not deploy cluster infrastructure\n when test option is invoked\n tests sources and services for each environment\n\nDalmatian::ClusterTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n\nDalmatian::ConfigurationReader\n when a full configuration is provided in a local file\n #call\n has no need to use a cache handler\n returns the loaded configuration\n when a reference to a remote configuration is provided\n and the reference is provided in a local file\n uses the CacheHandlerSelector to provide the appropriate retrieval mechanism\n calls on the selected cache handler\n returns the configuration returned by the cache_handler\n and the reference is provided using environment variables\n passes the provided remote reference to the CacheHandlerSelector\n and references are provided in both environment variables and config file\n prefers the environment variable references over the config file\n and no references are provided\n raises an error\n and the remote reference is missing its _type_\n raises an error\n #ci\n when a parameter path prefix is given\n overwrites the ci:variables config with those retrieved from the param store\n leaves other ci:variables in place\n when a parameter path prefix is NOT given\n does NOT overwrite any ci:variables from the param store\n\nDalmatian::ElasticacheCluster\n #identifier\n uses elasticache identifier\n #in_use_by\n uses elasticache_cluster in_use_by list\n #node_type\n uses elasticache_cluster node_type\n #node_count\n uses elasticache_cluster node_count\n #engine\n uses elasticache_cluster engine\n #engine_version\n uses the elasticache_cluster engine_version\n #parameters\n uses the elasticache_cluster parameters list\n #port\n uses the elasticache_cluster port\n #maintenance_window\n uses the elasticache_cluster maintenance_window\n #snapshot_window\n uses the elasticache_cluster snapshot_window\n #parameter_store_path_elasticache_cluster_url_name\n uses the elasticache_cluster parameter_store_path_elasticache_cluster_url_name\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ElasticacheClusterTest\n #call\n changes to the elasticache-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::GitCacheHandler\n #call\n deletes any old cache\n uses git clone to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n when no special cache path is given\n uses the default cache path of ./.dalmatian_cache/remote_config\n\nDalmatian::Helper\n ::git_clone(source, destination)\n when source and destination args are not provided\n raises an error with usage info\n when given source and destination args\n passes the request to the git CLI\n ::git_checkout(revision)\n checks out the given revision using run!\n ::get(source, destination)\n when source and destination args are not provided\n raises an error with usage info\n when given source and destination args\n opens the source url\n opens a new file at the destination\n writes the source resource into that file\n reads the information from the fetched resource\n ::run!\n passes given cmd to Kernel.system\n when the call to Kernel.system returns _false_\n raise a helpful error\n ::run_with_output!(cmd)\n passes given cmd to Open3.capture3\n when the system call returns a zero exit status\n returns the systems output to STDOUT\n when the system call returns a non-zero exit status\n also returns STDOUT ignoring the exit code and STDERR\n when the system call raises an ENOENT error\n catches this and raises a helpful Error\n ::change_to(path)\n passes the given path to Dir.chdir\n ::to_bool(str)\n when given nil\n returns false\n when given an empty string\n returns false\n when given lower case string _true_\n returns true\n when given mixed case string _True_\n returns true\n when given the object true\n returns true\n when given the object false\n returns false\n ::tflint\n runs the tflint cmd\n ::terrafile\n runs rake terrafile\n ::ask\n delegates to HighLine#ask\n ::ask_in_confidence\n delegates to HighLine#ask\n passes a block to mask the answer\n\nDalmatian::HostedZoneDeployment\n #call\n changes to hosted-zone infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::HostedZone\n #domain\n uses hosted_zone domain\n #ns_records\n uses hosted_zone ns_records\n #a_records\n uses hosted_zone a_records\n #alias_records\n uses hosted_zone alias_records\n #cname_records\n uses hosted_zone cname_records\n #mx_records\n uses hosted_zone mx_records\n #txt_records\n uses hosted_zone txt_records\n #srv_records\n uses hosted_zone srv_records\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::HostedZoneTest\n #call\n changes to the hosted-zone directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::Infrastructure\n Infrastructure::PATH\n is a constant\n Infrastructure::APP_ROOT\n is a constant\n initialisation\n when configuration is not provided\n builds one using the defaults\n #clusters\n creates one cluster for each cluster description provided\n key operations on clusters\n #fetch\n asks all clusters to #fetch\n #test\n asks all clusters to #deploy with _plan_ and _test_ options\n #deploy\n when no parameters given\n asks all clusters to #deploy with _plan_, _test_ and _auto-approve_ disabled\n when parameters are given\n asks all clusters to #deploy with the given options\n when a particular infrastructure is named for deployment\n asks only the named cluster to #deploy with the given options\n\nDalmatian::Logger\n ::error(msg)\n raises an error with a red message\n ::info(msg)\n puts the given given message in white\n ::success(msg)\n puts the given given message in green\n ::warn(msg)\n puts the given given message in yellow\n\nDalmatian::OpensearchCluster\n #identifier\n uses opensearch identifier\n #in_use_by\n uses opensearch_cluster in_use_by list\n #version\n uses opensearch_cluster version\n #master_enabled\n uses opensearch_cluster master_enabled bool\n #master_count\n uses opensearch_cluster master_count\n #master_type\n uses opensearch_cluster master_type\n #instance_count\n uses opensearch_cluster instance_count\n #instance_type\n uses opensearch_cluster instance_type\n #warm_enabled\n uses opensearch_cluster warm_enabled bool\n #warm_count\n uses opensearch_cluster warm_count\n #warm_type\n uses opensearch_cluster warm_type\n #parameter_store_path_opensearch_cluster_url_name\n uses opensearch_cluster parameter_store_path_opensearch_cluster_url_name\n #volume_size\n uses opensearch_cluster volume_size\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::OpensearchClusterTest\n #call\n changes to the opensearch-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ParameterStore\n ::get_parameter(name: \"\", with_decryption: true)\n when getting a single parameter from Parameter Store\n runs aws ssm get-parameter\n ::get_parameters_by_path(path: \"\", with_decryption: true)\n when getting parameters by path from Parameter Store\n runs aws ssm get-parameter\n\nDalmatian::RdsDeployment\n #call\n changes to rds infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Rds\n #identifier\n uses rds identifier\n #in_use_by\n uses rds in_use_by list\n #clusters_in_use\n uses rds clusters_in_use list\n #instance_class\n uses rds instance_class\n #engine\n uses rds engine\n #engine_version\n uses the rds engine_version\n #allocated_storage\n uses the rds allocated_storage\n #storage_encrypted\n uses the rds storage_encrypted bool\n #storage_type\n uses the rds storage_type gp3\n #db_name\n uses the rds db_name\n #port\n uses the rds port\n #maintenance_window\n uses the rds maintenance_window\n #backup_window\n uses the rds backup_window\n #backup_retention_period\n uses the rds backup_retention_period\n #force_ssl\n uses the rds force_ssl bool\n #parameter_store_path_db_url_name\n uses the rds parameter_store_path_db_url_name\n #sql_backup_scheduled_task_environment_variables\n uses the rds sql_backup_scheduled_task_environment_variables\n #check_sql_backup_scheduled_task_environment_variables\n uses the rds check_sql_backup_scheduled_task_environment_variables\n #sync_sql_backup_to_azure\n will have offsite backups disabled by default\n #replication_bucket_destination_arn\n uses the rds replication_bucket_destination_arn\n #replication_kms_key_id\n uses the rds replication_kms_key_id\n #codebuild_access\n uses the rds codebuild_access\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::RdsTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::RemoteReferenceValues\n when the reference is for a git repo\n returns a git shaped configuration\n if _filename_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for an S3 bucket\n returns an S3 shaped configuration\n if _key_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for a URL\n returns a git shaped configuration\n\nDalmatian::S3CacheHandler\n #call\n deletes any old cache\n uses the AWS S3 cmd to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::S3Deployment\n #call\n changes to s3 infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::S3\n #name\n uses s3 name\n #enable_s3_versioning\n uses enable_s3_versioning bool\n #encrypted\n uses s3 encrypted bool\n #acl\n uses s3 acl\n #policy\n uses s3 policy\n #service_cloudfront_read_access\n uses s3 service_cloudfront_read_access\n #cloudfront\n uses s3 cloudfront\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::S3Test\n #call\n changes to the s3 directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ServiceDeployment\n #call\n changes to ecs-services infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Service\n #name\n uses service name\n #blue_green\n uses the service blue_green map\n #parameter_store_path\n uses service parameter_store_path\n #parameter_store_key\n uses service parameter_store_key\n #daemon\n uses the service daemon bool\n #monitoring\n uses the service monitoring hash\n #cloudfront\n recasts the service config in environment groups\n includes the appropriate \"custom_origins\" values in each environment\n Uses an AWS cloudfront managed cache policy\n Uses an AWS cloudfront managed origin policy\n Uses an AWS cloudfront managed response headers policy\n mirroring of elements into each environment group\n includes the \"create\" value\n includes the \"tls_protocol_version\" value\n includes the \"origin_keepalive_timeout\" value\n includes the \"origin_read_timeout\" value\n includes the \"basic_auth\" value\n includes the \"basic_auth_users_extra\" value\n includes the \"viewer_request_functions\" values\n includes the \"offline_page_http_status\" value\n bypass_protection\n uses the \"bypass_protection\" configuration\n custom_behaviors\n converts list of \"path_patterns\" to a single \"path_pattern\"\n #shared_loadbalancer_name\n returns shared loadbalancer name if the service is in use by a shared loadbalancer\n returns empty string if the service is not in use by a shared loadbalancer\n #s3_policy\n uses the service s3_policy map\n #lb_ip_whitelistt\n uses the service lb_ip_whitelist list\n #lb_idle_timeout\n uses the service lb_idle_timeout\n #global_accelerator\n uses service global_accelerator value\n #health_check_path\n uses the service health_check_path\n #health_check_grace_period\n uses the service health_check_grace_period\n #deregistration_delay\n uses the service deregistration_delay\n #serve_from_subdirectory\n uses the service serve_from_subdirectory\n #domain_names\n groups the domain names from the service domain_list into environments\n #proxy_configuration\n groups the proxy configurations from the service proxy_configuration list into environments\n #home_directory\n uses the service home_directory\n #lb_ssl_certificate\n groups the certificate arns from the service lb_ssl_certificate list into environments\n #lb_ssl_policy\n sets the default ssl policy for each environment\n #cloudfront_ssl_certificate\n groups the certificate arns from the service cloudfront_ssl_certificate list into environments\n #image_source\n uses the service image source\n #launch_on\n uses the service 'launch_on' specification\n #launch_on_cluster\n uses the service 'launch_on_cluster' string\n #cluster_min_servers\n uses the service 'cluster_min_servers' string\n #image_location\n uses the service image location\n #track_revision\n uses the service track_revision string\n #custom_codestar_connection_arn\n uses the service custom_codestar_connection_arn\n #codepipeline_use_github_v1\n uses the service codepipeline_use_github_v1\n #codepipeline_codebuild_run_in_vpc\n uses the service codepipeline_codebuild_run_in_vpc\n #codepipeline_codebuild_use_service_env\n uses the service codepipeline_codebuild_use_service_env\n #buildspec\n uses the service buildspec\n #container_port\n uses the service container port\n #container_command\n uses the service container command\n #container_volumes\n uses the service container volumes\n #container_extra_hosts\n uses the service container extra hosts\n #container_count\n uses the service container_count\n #enable_max_one_container_per_instance\n uses the service enable_max_one_container_per_instance\n #scheduled_tasks\n uses the service scheduled tasks\n #workers\n uses the service workers\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ServiceTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SharedLoadbalancerDeployment\n #call\n changes to shared-loadbalancer infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::SharedLoadbalancer\n #name\n uses shared_loadbalancer name\n #in_use_by\n uses shared_loadbalancer in_use_by list\n #clusters_in_use\n uses shared_loadbalancer clusters_in_use list\n #subnets_name\n uses shared_loadbalancer subnets_name value\n #domain_names\n uses shared_loadbalancer domain_names list provided by Services\n #internal\n uses shared_loadbalancer internal value\n #ip_whitelist\n uses shared_loadbalancer ip_whitelist list\n #idle_timeout\n uses shared_loadbalancer idle_timeout value\n #global_accelerator\n uses shared_loadbalancer global_accelerator value\n #ssl_policy\n has the default ssl policy defined\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::SharedLoadbalancerTest\n #call\n changes to the shared-loadbalancer directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SourceDeployment\n #call\n changes to infrastructure config directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Source\n #name\n uses the cluster name and its own position in the cluster's list of sources\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n\nDalmatian::SourceTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform.validate\n\nDalmatian::Terraform\n ::init(upgrade: false)\n when asked to upgrade\n passes terraform init the upgrade flag\n when not asked to upgrade\n does not pass terraform init the upgrade flag\n ::fmt(args = nil)\n when passed some additional arguments\n passes terraform fmt the upgrade flag\n when passed NO additional arguments\n invokes terraform fmt with no arguments\n ::validate(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::ensure_presence_of_workspace(workspace_name)\n logs our intention to create the workspace\n asks Terraform to create the workspace\n when the workspace already exists (and an error is rescued)\n logs our intention to _select_ rather than _create_ the workspace\n asks Terraform to select the existing workspace\n ::plan(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::apply(tfvars, auto_approve=false)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n when auto-approve is set to true\n passes the _auto-approve_ flag to terraform apply\n ::destroy(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::list_workspaces\n changes to the bootstrapping directory\n runs the terraform cmd to list workspaces\n\nDalmatian::UrlCacheHandler\n #call\n deletes any old cache\n uses the helper to GET a URI\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::VpnCustomerGatewayDeployment\n #call\n changes to vpn-customer-gateway infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::VpnCustomerGateway\n #name\n uses vpn_customer_gateway name\n #bgp_asn\n uses vpn_customer_gateway bgp_asn\n #ip_address\n uses vpn_customer_gateway ip_address\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::VpnCustomerGatewayTest\n #call\n changes to the vpn-customer-gateway directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::WAFDeployment\n #call\n changes to waf infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::WAF\n #name\n uses waf name\n #action\n uses waf action\n #ip_deny_list\n has a list of IP addresses to block\n #aws_managed_rules\n uses waf aws_managed_rules list\n #associations\n uses waf associations list\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::WAFTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nFinished in 3.24 seconds (files took 0.74069 seconds to load)\n478 examples, 0 failures\n\nCoverage report generated for RSpec to /Users/bob/git/dxw/dalmatian/coverage. 4310 / 4389 LOC (98.2%) covered.\n\n==> Linting markdown...\n\n==> Fetching Dalmatian config for 'dxw-pentest'...\n\n==> Testing Dalmatian for 'dxw-pentest'...\n[*] Running terraform init for dxw-pentest-pentestvone-rds-staging\nInitializing the backend...\nUpgrading modules...\n- rds in ../../../vendor/terraform_modules/terraform-aws-rds\n- rds.db_instance in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_instance\n- rds.db_option_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_option_group\n- rds.db_parameter_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_parameter_group\n- rds.db_subnet_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_subnet_group\nInitializing provider plugins...\n- Finding hashicorp/aws versions matching \">= 4.45.0, ~> 4.45\"...\n- Finding hashicorp/random versions matching \">= 3.1.0\"...\n- Using previously-installed hashicorp/random v3.8.1\n- Using previously-installed hashicorp/aws v4.67.0\n\nTerraform has been successfully initialized!\n\nYou may now begin working with Terraform. Try running \"terraform plan\" to see\nany changes that are required for your infrastructure. All Terraform commands\nshould now work.\n\nIf you ever set or change modules or backend configuration for Terraform,\nrerun this command to reinitialize your working directory. If you forget, other\ncommands will detect it and remind you to do so if necessary.\n[*] Creating dxw-pentest-pentestvone-rds-staging workspace\nWorkspace \"dxw-pentest-pentestvone-rds-staging\" already exists\n[*] Selecting dxw-pentest-pentestvone-rds-staging workspace\n[*] Running terraform fmt for dxw-pentest-pentestvone-rds-staging\n[*] Running terraform validate for dxw-pentest-pentestvone-rds-staging\nSuccess! The configuration is valid.\n\n[*] Creating dxw-pentest-pentestvone-rds-staging workspace\nWorkspace \"dxw-pentest-pentestvone-rds-staging\" already exists\n[*] Selecting dxw-pentest-pentestvone-rds-staging workspace\nrandom_password.rds_password: Refreshing state... [id=none]\nmodule.rds.module.db_instance.random_id.snapshot_identifier[0]: Refreshing state... [id=lmwwSA]\ndata.aws_caller_identity.current: Reading...\ndata.aws_caller_identity.current: Read complete after 1s [id=511700466171]\ndata.aws_kms_alias.ssm: Reading...\nmodule.rds.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Reading...\ndata.aws_s3_bucket.transfer: Reading...\naws_iam_role.check_sql_backup_scheduled_task_ecs_execution: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution]\ndata.aws_ecs_cluster.cluster: Reading...\naws_iam_role.sql_backup_scheduled_task_cloudwatch: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-cw]\ndata.aws_launch_template.ecs_launch_template: Reading...\naws_iam_role.check_sql_backup_scheduled_task_cloudwatch: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-cw]\naws_iam_role.check_sql_backup_scheduled_task_ecs: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs]\naws_iam_role.sql_backup_scheduled_task_ecs_execution: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution]\nmodule.rds.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Read complete after 0s [id=1813475199]\nmodule.rds.module.db_instance.data.aws_partition.current: Reading...\nmodule.rds.module.db_instance.data.aws_partition.current: Read complete after 0s [id=aws]\nmodule.rds.module.db_option_group.aws_db_option_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133225312500000002]\ndata.aws_kms_alias.ssm: Read complete after 0s [id=arn:aws:kms:eu-west-2:932446864135:alias/aws/ssm]\naws_cloudwatch_event_rule.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st]\ndata.aws_ecs_cluster.cluster: Read complete after 0s [id=arn:aws:ecs:eu-west-2:932446864135:cluster/dxw-pentest-staging]\nmodule.rds.module.db_parameter_group.aws_db_parameter_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133224710900000001]\ndata.aws_s3_bucket.transfer: Read complete after 0s [id=dxw-pentest-ecs-staging-dalmatian-transfer]\naws_kms_key.rds_ssm: Refreshing state... [id=0aa5dca8-ddcc-4258-bf28-a561b9a8ef87]\ndata.aws_launch_template.ecs_launch_template: Read complete after 0s [id=lt-0fba00b394755128b]\naws_cloudwatch_event_rule.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st]\naws_s3_bucket.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\ndata.aws_security_group.ecs_security_group: Reading...\ndata.aws_vpc.vpc: Reading...\naws_iam_role.sql_backup_scheduled_task_ecs: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs]\ndata.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile: Reading...\ndata.aws_security_group.ecs_security_group: Read complete after 1s [id=sg-09323ac1b18adbf47]\naws_kms_alias.rds_ssm: Refreshing state... [id=alias/dxw-pentest-pentestvone-rds-staging-rds-values-ssm]\naws_ssm_parameter.rds_db_password: Refreshing state... [id=/dxw-pentest/dxwpentestpentestvonestaging-rds/password]\naws_s3_bucket_policy.sql_backups_bucket: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_server_side_encryption_configuration.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\ndata.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile: Read complete after 1s [id=AIPA5SGRKAMD3YWY6PA25]\naws_iam_policy.ecs_cluster_sql_backup_s3_policy: Refreshing state... [id=arn:aws:iam::932446864135:policy/dxw-pentest-pentestvone-rds-staging-ecs-cluster-sql-backups-s3-policy]\naws_s3_bucket_acl.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup,private]\naws_s3_bucket_public_access_block.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_lifecycle_configuration.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\ndata.aws_vpc.vpc: Read complete after 1s [id=vpc-08160529b0069a9a4]\naws_security_group.rds: Refreshing state... [id=sg-03c7b2d71eea98557]\ndata.aws_subnet.extra_public[0]: Reading...\ndata.aws_subnet.extra_public[1]: Reading...\ndata.aws_subnet.extra_public[0]: Read complete after 0s [id=subnet-019286daa18327178]\ndata.aws_subnet.extra_public[2]: Reading...\ndata.aws_subnet.ecs_private[1]: Reading...\ndata.aws_subnet.ecs_private[2]: Reading...\ndata.aws_subnet.ecs_private[0]: Reading...\ndata.aws_subnet.extra_public[1]: Read complete after 0s [id=subnet-0295a7cf928d802eb]\naws_security_group_rule.transition_rds_postgresql_sg_rule[0]: Refreshing state... [id=sgrule-4074910867]\ndata.aws_subnet.extra_public[2]: Read complete after 0s [id=subnet-0e6866a5f131efdeb]\naws_iam_role_policy.check_sql_backup_scheduled_task_ecs_execution_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution-policy]\naws_iam_role_policy_attachment.ecs_cluster_sql_backup_s3_policy: Refreshing state... [id=tf-ECSInRole-dxw-pentest-staging20250630094259383100000001-20250630133227029100000004]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-allow-s3-policy]\naws_iam_role_policy.check_sql_backup_scheduled_task_cloudwatch_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-cw:dxw-pentest-dxwpentestpentestvonestaging-csb-cw-policy]\ndata.aws_subnet.ecs_private[1]: Read complete after 0s [id=subnet-0606eeedab5dea6c7]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_execution_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution-policy]\ndata.aws_subnet.ecs_private[2]: Read complete after 0s [id=subnet-01660d0866e86d9b6]\naws_iam_role_policy.sql_backup_scheduled_task_cloudwatch_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-cw:dxw-pentest-dxwpentestpentestvonestaging-sb-cw-policy]\ndata.aws_subnet.ecs_private[0]: Read complete after 0s [id=subnet-0615109dfd24f74b5]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_execution_role_ssm_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution-ssm-policy]\ndata.aws_route_table.private_subnet_route_table: Reading...\nmodule.rds.module.db_subnet_group.aws_db_subnet_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133225841900000003]\naws_iam_role_policy.check_sql_backup_transfer_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs:dxw-pentest-dxwpentestpentestvonestaging-csbt-ecs-allow-s3-policy]\naws_iam_role_policy.check_sql_backup_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs:dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-allow-s3-policy]\naws_ecs_task_definition.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st]\ndata.aws_route_table.private_subnet_route_table: Read complete after 0s [id=rtb-092cddc21bbb96803]\naws_cloudwatch_event_target.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st-dxw-pentest-dxwpentestpentestvonestaging-csb-st-target]\nmodule.rds.module.db_instance.aws_db_instance.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging]\naws_ssm_document.rds_db_creation: Refreshing state... [id=dxwpentestpentestvonestaging-rds-db-creation]\naws_ecs_task_definition.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st]\naws_ssm_document.rds_sql_dump: Refreshing state... [id=dxwpentestpentestvonestaging-rds-sql-dump]\naws_ssm_document.rds_db_list: Refreshing state... [id=dxwpentestpentestvonestaging-rds-db-list]\naws_ssm_document.rds_sql_import: Refreshing state... [id=dxwpentestpentestvonestaging-rds-sql-import]\naws_ssm_document.rds_shell: Refreshing state... [id=dxwpentestpentestvonestaging-rds-shell]\naws_cloudwatch_event_target.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st-dxw-pentest-dxwpentestpentestvonestaging-sb-st-target]\n\nNo changes. Your infrastructure matches the configuration.\n\nTerraform has compared your real infrastructure against your\nconfiguration and found no differences, so no changes are\nneeded.", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "9d8cca69-3ce2-4a20-a86e-8b5c061dad80", "timestamp": "2026-02-20T17:49:49.209Z", "type": "gemini", "content": "The Terraform plan for the `dxw-pentest` RDS infrastructure confirms that no changes are needed, and specifically, the `aws_s3_bucket_versioning.sql_backups` resource is not being created (it wasn't in the plan as \"to be created\" or \"to be modified/deleted\" because it was already missing or suspended in the real environment, and my change now correctly omits it from the configuration when replication is disabled).\n\nI have successfully:\n1. Modified `terraform/infrastructures/rds/sql-backups-s3.tf` to make the `aws_s3_bucket_versioning.sql_backups` resource conditional on `replication_bucket_destination_arn`.\n2. Modified `terraform/infrastructures/aurora/sql-backups-s3.tf` with the same conditional logic.\n3. Verified the changes with `terraform fmt` and the project's internal test suite (`./scripts/bin/test -l`).\n4. Empirically verified the behavior with a Terraform plan against a real environment (`dxw-pentest`), which showed no pending changes and correctly avoided creating the versioning resource.\n\nThe `aws_s3_bucket_versioning.sql_backups` resource is now only created when S3 replication is enabled, which is the only case where it is strictly required by AWS.", "thoughts": [], "tokens": { "input": 46675, "output": 300, "cached": 3637, "thoughts": 0, "tool": 0, "total": 46975 }, "model": "gemini-3-flash-preview" }, { "id": "0512efd2-0bb0-47fe-a699-bde3e6a47ddb", "timestamp": "2026-02-20T17:53:06.980Z", "type": "user", "content": [ { "text": "edit dalmtian.yml to replicate the dxw-pentest sql backup to wai4vub1-mtvh-replication-test in aws account 893439696758" } ] }, { "id": "ff14abac-1570-4f6c-aef5-7ebe3cbc6791", "timestamp": "2026-02-20T17:53:12.857Z", "type": "gemini", "content": "I will search for the `dalmatian.yml` file to identify the correct configuration to update.", "thoughts": [ { "subject": "Analyzing Replication Strategy", "description": "I'm currently focused on the `dalmatian.yml` file, aiming to configure SQL backup replication for the `dxw-pentest` infrastructure. My immediate task involves enabling the transfer to the `wai4vub 1-mtvh-replication-test` bucket within the `893439696758` AWS account. I'm now exploring the optimal replication strategy within the YAML structure.", "timestamp": "2026-02-20T17:53:09.771Z" }, { "subject": "Verifying YAML Location", "description": "I'm now investigating the location of `dalmatian.yml`. Despite the project's suggestion of `./dalmatian.yml`, the script output points to `/Users/bob/git/dxw/dalmatian-config/dalmatian.yml`. I'm verifying the current directory's contents, and the workspace context. It appears `dalmatian-config` might be a separate, linked repository.", "timestamp": "2026-02-20T17:53:11.674Z" }, { "subject": "Identifying Target Configuration", "description": "I'm now focusing on locating the `dalmatian.yml` file within the broader project structure, confirming its absence in the root directory. My next step involves searching for the file to ensure the correct configuration can be edited. Upon finding it, I'll identify the `rds` or `aurora` settings specific to `dxw-pentest`. I aim to configure SQL backup replication to the specified destination bucket and AWS account.", "timestamp": "2026-02-20T17:53:12.740Z" } ], "tokens": { "input": 47019, "output": 53, "cached": 3696, "thoughts": 495, "tool": 0, "total": 47567 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771609992855_0", "name": "run_shell_command", "args": { "command": "find . -name \"dalmatian.yml\"", "description": "Locate the dalmatian.yml file." }, "result": [ { "functionResponse": { "id": "run_shell_command_1771609992855_0", "name": "run_shell_command", "response": { "output": "Output: ./dalmatian.yml\nProcess Group PGID: 66229" } } } ], "status": "success", "timestamp": "2026-02-20T17:53:18.156Z", "resultDisplay": "./dalmatian.yml", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "edcd22b7-bb05-4433-971a-59e70449fc14", "timestamp": "2026-02-20T17:53:19.710Z", "type": "gemini", "content": "I will read the `dalmatian.yml` file to find the `dxw-pentest` configuration.", "thoughts": [], "tokens": { "input": 47094, "output": 39, "cached": 25620, "thoughts": 0, "tool": 0, "total": 47133 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "read_file_1771609999708_0", "name": "read_file", "args": { "file_path": "dalmatian.yml" }, "result": [ { "functionResponse": { "id": "read_file_1771609999708_0", "name": "read_file", "response": { "error": "Path not in workspace: Attempted path \"/Users/bob/git/dxw/dalmatian/dalmatian.yml\" resolves outside the allowed workspace directories: /Users/bob/git/dxw/dalmatian or the project temp directory: /Users/bob/.gemini/tmp/dalmatian" } } } ], "status": "error", "timestamp": "2026-02-20T17:53:19.714Z", "resultDisplay": "Path not in workspace: Attempted path \"/Users/bob/git/dxw/dalmatian/dalmatian.yml\" resolves outside the allowed workspace directories: /Users/bob/git/dxw/dalmatian or the project temp directory: /Users/bob/.gemini/tmp/dalmatian", "displayName": "ReadFile", "description": "Reads and returns the content of a specified file. If the file is large, the content will be truncated. The tool's response will clearly indicate if truncation has occurred and will provide details on how to read more of the file using the 'offset' and 'limit' parameters. Handles text, images (PNG, JPG, GIF, WEBP, SVG, BMP), audio files (MP3, WAV, AIFF, AAC, OGG, FLAC), and PDF files. For text files, it can read specific line ranges.", "renderOutputAsMarkdown": true } ] }, { "id": "e8dd141d-1460-4cdc-8e42-95dc3bbdd201", "timestamp": "2026-02-20T17:53:21.669Z", "type": "gemini", "content": "I will search for any YAML files that might contain the `dxw-pentest` configuration, as I might have misread the path or there might be multiple configuration files.", "thoughts": [], "tokens": { "input": 47200, "output": 65, "cached": 43908, "thoughts": 0, "tool": 0, "total": 47265 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771610001667_0", "name": "run_shell_command", "args": { "description": "List all YAML files to find the correct configuration file.", "command": "ls -R | grep .yml" }, "result": [ { "functionResponse": { "id": "run_shell_command_1771610001667_0", "name": "run_shell_command", "response": { "error": "[Operation Cancelled] Reason: User denied execution." } } } ], "status": "cancelled", "timestamp": "2026-02-20T17:53:45.329Z", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "20b39a12-cf06-4d36-82be-92b7f2624693", "timestamp": "2026-02-20T17:53:45.332Z", "type": "info", "content": "Request cancelled." }, { "id": "c1dc16e9-b3b5-43f9-9929-764515e4a0f2", "timestamp": "2026-02-20T17:54:42.024Z", "type": "info", "content": "Successfully added GEMINI.md files from the following directories if there are:\n- ../dalmatian-config" }, { "id": "4516d011-bed9-49f2-ba24-f12f5415224f", "timestamp": "2026-02-20T17:54:42.069Z", "type": "info", "content": "Successfully added directories:\n- ../dalmatian-config" }, { "id": "400f3b0f-5760-49dc-92ab-d08e0a16647a", "timestamp": "2026-02-20T17:55:03.095Z", "type": "user", "content": [ { "text": "edit dalmtian.yml to replicate the dxw-pentest sql backup to wai4vub1-mtvh-replication-test in aws account 893439696758" } ] }, { "id": "abedebff-5ff5-4836-9a3c-d6c3af9ae476", "timestamp": "2026-02-20T17:55:08.061Z", "type": "gemini", "content": "I will read the `dxw-pentest.yml` configuration file in the `dalmatian-config` directory to locate the RDS configuration.", "thoughts": [ { "subject": "Defining Replication Configuration", "description": "I'm currently focused on configuring S3 replication within `dalmatian.yml`. The goal is to replicate the `dxw-pentest` SQL backup to the destination bucket `wai4vub1-mtvh-replication-test` in the AWS account `893439696758`. I'm starting to understand how the file will need to be changed to incorporate this.", "timestamp": "2026-02-20T17:55:05.914Z" }, { "subject": "Investigating Configuration Locations", "description": "I'm now investigating the `dxw-pentest.yml` file to locate the RDS configuration. I expect to add the replication settings there. The variable `var.rds.replication_bucket_destination_arn` from the Terraform code is relevant, and `dalmatian.yml` probably links everything together. I'm focusing on how the destination ARN and account ID fit into the existing structure.", "timestamp": "2026-02-20T17:55:07.998Z" } ], "tokens": { "input": 52203, "output": 70, "cached": 44717, "thoughts": 335, "tool": 0, "total": 52608 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "read_file_1771610108058_0", "name": "read_file", "args": { "file_path": "/Users/bob/git/dxw/dalmatian-config/config/infrastructures/dxw-pentest.yml" }, "result": [ { "functionResponse": { "id": "read_file_1771610108058_0", "name": "read_file", "response": { "output": "---\naccount_id: '932446864135'\ncluster:\n create: true\nrds:\n- identifier: pentestvone\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: '8.0'\n db_name: saluki\nshared_loadbalancer:\n- name: shared-1\n in_use_by:\n - saluki\nenvironments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs7.papertrailapp.com:34880\n min_servers: 2\n max_servers: 4\n enable_ecs_vpc_flow_logs: true\n" } } } ], "status": "success", "timestamp": "2026-02-20T17:55:08.082Z", "resultDisplay": "", "displayName": "ReadFile", "description": "Reads and returns the content of a specified file. If the file is large, the content will be truncated. The tool's response will clearly indicate if truncation has occurred and will provide details on how to read more of the file using the 'offset' and 'limit' parameters. Handles text, images (PNG, JPG, GIF, WEBP, SVG, BMP), audio files (MP3, WAV, AIFF, AAC, OGG, FLAC), and PDF files. For text files, it can read specific line ranges.", "renderOutputAsMarkdown": true } ] }, { "id": "3886fd4e-8a57-4714-ab63-932a8f090759", "timestamp": "2026-02-20T17:55:13.106Z", "type": "gemini", "content": "I will search for any other YAML files in the `dalmatian-config` directory that already have a `replication_bucket_destination_arn` configured to ensure I'm using the correct format.", "thoughts": [ { "subject": "Defining Replication Parameters", "description": "I'm currently focused on the `rds` section and handling replication for `pentestvone`. I'm integrating the `replication_bucket_destination_arn` parameter, and also considering the inclusion of `replication_kms_key_id`. This aligns with the user's focus on the destination bucket for replication.", "timestamp": "2026-02-20T17:55:10.650Z" }, { "subject": "Integrating Replication Details", "description": "Now I'm deep into the `dxw-pentest.yml` file, focusing on the `rds` configuration. I'm adding the `replication_bucket_destination_arn`, aiming to use the ARN provided by the user: `arn:aws:s3:::wai4vub1-mtvh-replication-test`. I'm also reviewing the codebase for similar examples.", "timestamp": "2026-02-20T17:55:12.994Z" } ], "tokens": { "input": 52472, "output": 85, "cached": 51866, "thoughts": 327, "tool": 0, "total": 52884 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "grep_search_1771610113103_0", "name": "grep_search", "args": { "include": "*.yml", "pattern": "replication_bucket_destination_arn", "dir_path": "/Users/bob/git/dxw/dalmatian-config/config/infrastructures/" }, "result": [ { "functionResponse": { "id": "grep_search_1771610113103_0", "name": "grep_search", "response": { "output": "No matches found for pattern \"replication_bucket_destination_arn\" in path \"/Users/bob/git/dxw/dalmatian-config/config/infrastructures/\" (filter: \"*.yml\")." } } } ], "status": "success", "timestamp": "2026-02-20T17:55:13.173Z", "resultDisplay": "No matches found", "displayName": "SearchText", "description": "Searches for a regular expression pattern within file contents. Max 100 matches.", "renderOutputAsMarkdown": true } ] }, { "id": "6e229b1a-e762-4738-9340-0bb90a3127f6", "timestamp": "2026-02-20T17:55:16.461Z", "type": "gemini", "content": "I will read the `lib/dalmatian/rds.rb` file in the `dalmatian` repository to understand how the RDS configuration in the YAML file is mapped to the Terraform variables.", "thoughts": [ { "subject": "Verifying the Mapping", "description": "I'm now investigating the YAML structure and the `dal_matian.rb` and `rds.rb` files within the `dalmatian` repository to identify how this component is actually represented. Ah, just spotted the `var.rds.replication_bucket_destination_arn` reference in the Terraform code, which seems relevant.", "timestamp": "2026-02-20T17:55:15.611Z" }, { "subject": "Tracing the Connection", "description": "The YAML now seems the most likely place to locate the origin. I'm going to pore through the `dalmatian.yml` file now to check the structure of the `rds` section and correlate the keys. Then I'll check `dalmatian/lib/dalmatian/rds.rb` to confirm the mapping, and see how the ARN is actually constructed.", "timestamp": "2026-02-20T17:55:16.368Z" } ], "tokens": { "input": 52601, "output": 74, "cached": 51554, "thoughts": 137, "tool": 0, "total": 52812 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "read_file_1771610116459_0", "name": "read_file", "args": { "file_path": "/Users/bob/git/dxw/dalmatian/lib/dalmatian/rds.rb" }, "result": [ { "functionResponse": { "id": "read_file_1771610116459_0", "name": "read_file", "response": { "output": "module Dalmatian\n class Rds\n def initialize(cluster:, reference:)\n @cluster = cluster\n @reference = reference\n end\n\n attr_reader :cluster, :reference\n\n def identifier\n reference[\"identifier\"]\n end\n\n def in_use_by\n reference[\"in_use_by\"] || []\n end\n\n def clusters_in_use\n clusters_in_use = {}\n cluster_environments.each do |env_name, _env_config|\n clusters_in_use[env_name] = []\n services.each do |service|\n in_use_by.each do |service_name|\n next if service.name != service_name\n clusters_in_use[env_name] << if service.launch_on_cluster.empty?\n \"default_dalmatian_ecs_cluster\"\n else\n service.launch_on_cluster\n end\n end\n end\n if in_use_by.empty?\n clusters_in_use[env_name] << \"default_dalmatian_ecs_cluster\" ## fails SimpleCov\n end\n clusters_in_use[env_name] = clusters_in_use[env_name].uniq\n end\n clusters_in_use\n end\n\n def instance_class\n instance_class = {}\n reference[\"instance_class\"] = {} if reference[\"instance_class\"].nil?\n cluster_environments.each do |env_name, _env_config|\n instance_class[env_name] = reference[\"instance_class\"][env_name] || \"\"\n end\n instance_class\n end\n\n def engine\n reference[\"engine\"]\n end\n\n def engine_version\n reference[\"engine_version\"]\n end\n\n def allocated_storage\n reference[\"allocated_storage\"] || \"\"\n end\n\n def storage_encrypted\n reference[\"storage_encrypted\"].nil? || reference[\"storage_encrypted\"]\n end\n\n def storage_type\n reference[\"storage_type\"] || \"gp3\"\n end\n\n def db_name\n reference[\"db_name\"]\n end\n\n def port\n reference[\"port\"] || \"\"\n end\n\n def maintenance_window\n reference[\"maintenance_window\"] || \"\"\n end\n\n def backup_window\n reference[\"backup_window\"] || \"\"\n end\n\n def backup_retention_period\n reference[\"backup_retention_period\"] || \"\"\n end\n\n def force_ssl\n reference[\"force_ssl\"] || \"false\"\n end\n\n def parameter_store_path_db_url_name\n reference[\"parameter_store_path_db_url_name\"] || \"\"\n end\n\n def sql_backup_scheduled_task_environment_variables\n reference[\"sql_backup_scheduled_task_environment_variables\"] || []\n end\n\n def check_sql_backup_scheduled_task_environment_variables\n reference[\"check_sql_backup_scheduled_task_environment_variables\"] || []\n end\n\n def sync_sql_backup_to_azure\n reference[\"sync_sql_backup_to_azure\"] || false\n end\n\n def replication_bucket_destination_arn\n reference[\"replication_bucket_destination_arn\"] || \"\"\n end\n\n def replication_kms_key_id\n reference[\"replication_kms_key_id\"] || \"\"\n end\n\n def codebuild_access\n reference[\"codebuild_access\"] || []\n end\n\n def cluster_id\n cluster.id\n end\n\n def cluster_environments\n cluster.environments\n end\n\n def account_id\n cluster.account_id\n end\n\n def services\n cluster.services\n end\n\n def to_params\n {\n \"identifier\" => identifier,\n \"in_use_by\" => in_use_by,\n \"clusters_in_use\" => clusters_in_use,\n \"instance_class\" => instance_class,\n \"engine\" => engine,\n \"engine_version\" => engine_version,\n \"allocated_storage\" => allocated_storage,\n \"storage_encrypted\" => storage_encrypted,\n \"storage_type\" => storage_type,\n \"db_name\" => db_name,\n \"port\" => port,\n \"maintenance_window\" => maintenance_window,\n \"backup_window\" => backup_window,\n \"backup_retention_period\" => backup_retention_period,\n \"force_ssl\" => force_ssl,\n \"parameter_store_path_db_url_name\" => parameter_store_path_db_url_name,\n \"sql_backup_scheduled_task_environment_variables\" => sql_backup_scheduled_task_environment_variables,\n \"check_sql_backup_scheduled_task_environment_variables\" => check_sql_backup_scheduled_task_environment_variables,\n \"sync_sql_backup_to_azure\" => sync_sql_backup_to_azure,\n \"replication_bucket_destination_arn\" => replication_bucket_destination_arn,\n \"replication_kms_key_id\" => replication_kms_key_id,\n \"codebuild_access\" => codebuild_access\n }\n end\n end\nend\n" } } } ], "status": "success", "timestamp": "2026-02-20T17:55:16.481Z", "resultDisplay": "", "displayName": "ReadFile", "description": "Reads and returns the content of a specified file. If the file is large, the content will be truncated. The tool's response will clearly indicate if truncation has occurred and will provide details on how to read more of the file using the 'offset' and 'limit' parameters. Handles text, images (PNG, JPG, GIF, WEBP, SVG, BMP), audio files (MP3, WAV, AIFF, AAC, OGG, FLAC), and PDF files. For text files, it can read specific line ranges.", "renderOutputAsMarkdown": true } ] }, { "id": "1830a88d-9308-48a3-b036-18d5a6fbf227", "timestamp": "2026-02-20T17:55:20.702Z", "type": "gemini", "content": "I will update the `dxw-pentest.yml` file to include the `replication_bucket_destination_arn` for the `pentestvone` RDS instance.", "thoughts": [ { "subject": "Analyzing replication parameters", "description": "I've homed in on the `replication_bucket_destination_arn` key. The user's specification requires its value to be `arn:aws:s3:::wai4vub1-mtvh-replication-test`. I am now modifying the YAML file `/Users/bob/git/dxw` to reflect this.", "timestamp": "2026-02-20T17:55:18.855Z" }, { "subject": "Defining implementation steps", "description": "I've determined the correct YAML key is `replication_bucket_destination_arn`. I'm now applying the specified ARN value to the `dxw-pentest.yml` file, focusing the modification on the `pentestvone` RDS instance configuration. I've also confirmed the ARN format and am preparing to address potential cross-account replication considerations based on the Terraform configuration.", "timestamp": "2026-02-20T17:55:20.565Z" } ], "tokens": { "input": 53910, "output": 185, "cached": 44174, "thoughts": 279, "tool": 0, "total": 54374 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "replace_1771610120700_0", "name": "replace", "args": { "expected_replacements": 1, "old_string": " engine_version: '8.0'\n db_name: saluki\nshared_loadbalancer:", "file_path": "/Users/bob/git/dxw/dalmatian-config/config/infrastructures/dxw-pentest.yml", "instruction": "Add replication_bucket_destination_arn to the pentestvone RDS configuration to enable SQL backup replication.", "new_string": " engine_version: '8.0'\n db_name: saluki\n replication_bucket_destination_arn: arn:aws:s3:::wai4vub1-mtvh-replication-test\nshared_loadbalancer:" }, "result": [ { "functionResponse": { "id": "replace_1771610120700_0", "name": "replace", "response": { "output": "Successfully modified file: /Users/bob/git/dxw/dalmatian-config/config/infrastructures/dxw-pentest.yml (1 replacements)." } } } ], "status": "success", "timestamp": "2026-02-20T17:55:35.253Z", "resultDisplay": { "fileDiff": "Index: dxw-pentest.yml\n===================================================================\n--- dxw-pentest.yml\tCurrent\n+++ dxw-pentest.yml\tProposed\n@@ -10,6 +10,7 @@\n engine: mysql\n engine_version: '8.0'\n db_name: saluki\n+ replication_bucket_destination_arn: arn:aws:s3:::wai4vub1-mtvh-replication-test\n shared_loadbalancer:\n - name: shared-1\n in_use_by:\n", "fileName": "dxw-pentest.yml", "filePath": "/Users/bob/git/dxw/dalmatian-config/config/infrastructures/dxw-pentest.yml", "originalContent": "---\naccount_id: '932446864135'\ncluster:\n create: true\nrds:\n- identifier: pentestvone\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: '8.0'\n db_name: saluki\nshared_loadbalancer:\n- name: shared-1\n in_use_by:\n - saluki\nenvironments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs7.papertrailapp.com:34880\n min_servers: 2\n max_servers: 4\n enable_ecs_vpc_flow_logs: true\n", "newContent": "---\naccount_id: '932446864135'\ncluster:\n create: true\nrds:\n- identifier: pentestvone\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: '8.0'\n db_name: saluki\n replication_bucket_destination_arn: arn:aws:s3:::wai4vub1-mtvh-replication-test\nshared_loadbalancer:\n- name: shared-1\n in_use_by:\n - saluki\nenvironments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs7.papertrailapp.com:34880\n min_servers: 2\n max_servers: 4\n enable_ecs_vpc_flow_logs: true\n", "diffStat": { "model_added_lines": 1, "model_removed_lines": 0, "model_added_chars": 81, "model_removed_chars": 0, "user_added_lines": 1, "user_removed_lines": 23, "user_added_chars": 20, "user_removed_chars": 432 }, "isNewFile": false }, "displayName": "Edit", "description": "Replaces text within a file. By default, replaces a single occurrence, but can replace multiple occurrences when `expected_replacements` is specified. This tool requires providing significant context around the change to ensure precise targeting. Always use the read_file tool to examine the file's current content before attempting a text replacement.\n \n The user has the ability to modify the `new_string` content. If modified, this will be stated in the response.\n \n Expectation for required parameters:\n 1. `old_string` MUST be the exact literal text to replace (including all whitespace, indentation, newlines, and surrounding code etc.).\n 2. `new_string` MUST be the exact literal text to replace `old_string` with (also including all whitespace, indentation, newlines, and surrounding code etc.). Ensure the resulting code is correct and idiomatic and that `old_string` and `new_string` are different.\n 3. `instruction` is the detailed instruction of what needs to be changed. It is important to Make it specific and detailed so developers or large language models can understand what needs to be changed and perform the changes on their own if necessary. \n 4. NEVER escape `old_string` or `new_string`, that would break the exact literal text requirement.\n **Important:** If ANY of the above are not satisfied, the tool will fail. CRITICAL for `old_string`: Must uniquely identify the single instance to change. Include at least 3 lines of context BEFORE and AFTER the target text, matching whitespace and indentation precisely. If this string matches multiple locations, or does not match exactly, the tool will fail.\n 5. Prefer to break down complex and long changes into multiple smaller atomic calls to this tool. Always check the content of the file after changes or not finding a string to match.\n **Multiple replacements:** Set `expected_replacements` to the number of occurrences you want to replace. The tool will replace ALL occurrences that match `old_string` exactly. Ensure the number of replacements matches your expectation.", "renderOutputAsMarkdown": true } ] }, { "id": "e38ff2d0-8810-4b28-b9d4-d46537512ce0", "timestamp": "2026-02-20T17:55:39.547Z", "type": "gemini", "content": "I will read the `dalmatian.yml` file in the `dalmatian` repository to determine where it's currently pointing its configuration.", "thoughts": [ { "subject": "Verifying Terraform Configuration", "description": "I'm currently running `terraform plan` to confirm the `aws_s3_bucket_versioning` resource is slated for creation, as per the recent configuration changes. The execution context is defined by the provided user input, using `./scripts/bin/test -i dxw-pentest -T rds`. I also need to ensure the configuration edits I just made in `dalmatian-config` are reflected.", "timestamp": "2026-02-20T17:55:38.417Z" }, { "subject": "Analyzing Configuration Source", "description": "I've shifted my focus to determine the configuration source within the `dalmatian` repository itself. I'm exploring the test script's interaction with the `dalmatian-config`, hoping to understand how it fetches the configuration. I want to confirm that edits in `dalmatian-config` are correctly reflected when tests are run from the `dalmatian` repository. Further inspection of `dalmatian.yml` seems like the next logical step.", "timestamp": "2026-02-20T17:55:39.434Z" } ], "tokens": { "input": 54130, "output": 60, "cached": 51283, "thoughts": 163, "tool": 0, "total": 54353 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771610139545_0", "name": "run_shell_command", "args": { "command": "cat dalmatian.yml", "description": "Read dalmatian.yml to check the configuration source." }, "result": [ { "functionResponse": { "id": "run_shell_command_1771610139545_0", "name": "run_shell_command", "response": { "output": "Output too large. Showing first 8,000 and last 32,000 characters. For full output see: /Users/bob/.gemini/tmp/dalmatian/tool-outputs/session-630ce049-b5a9-45d9-a5c3-385de197ea93/run_shell_command_1771610139545_0.txt\nOutput: ---\naccount-bootstrap:\n variables:\n region: eu-west-2\n root_domain_zone: dalmatian.dxw.net\n dalmatian_read_users:\n - ed\n - cristina\n - hippers\n - bob-read\n dalmatian_admin_users:\n - chris\n - bob\n - laura-admin\n - ed-admin\n - cristina-admin\n - olivia-admin\n - tomh-admin\n - isratc-admin\n - lorna-admin\n - nick-admin\n - stu-admin\n - rob-admin\n - anthony-admin\n - lee-admin\n - matty-admin\n - calum-admin\n - meyric-admin\n - brent-admin\n - serena-admin\n - dragon-admin\n - suze-admin\n - george-admin\n - matthew-admin\n - sim-admin\n - barryr-admin\n - jamesk-admin\n - ash-admin\n - sarah-admin\n - ynda-admin\n - patrick-admin\n - williamman-admin\nci:\n variables:\n region: eu-west-2\n prci_github_owner: dxw\n prci_github_repository: dalmatian\n prci_codebuild_compute_type: BUILD_GENERAL1_SMALL\n prci_codebuild_image: public.ecr.aws/q8n3y8x7/testing-terraform-docker:latest\n bpsp_source_branch: master\n bpbp_codebuild_compute_type: BUILD_GENERAL1_SMALL\n bpbp_codebuild_image: public.ecr.aws/q8n3y8x7/testing-terraform-docker:latest\ninfrastructure-defaults:\n variables:\n region: eu-west-2\n cidr: 10.0.0.0/16\n root_domain_zone: dalmatian.dxw.net\n internal_domain_zone: dalmatian.internal\n ecs_private_subnets:\n - availability_zone: eu-west-2a\n cidr: 10.0.128.0/24\n - availability_zone: eu-west-2b\n cidr: 10.0.129.0/24\n - availability_zone: eu-west-2c\n cidr: 10.0.130.0/24\n extra_public_subnets:\n - availability_zone: eu-west-2a\n cidr: 10.0.0.0/24\n - availability_zone: eu-west-2b\n cidr: 10.0.1.0/24\n - availability_zone: eu-west-2c\n cidr: 10.0.2.0/24\n instances_key_name: dalmatian-ecs-instances\n instance_type: t3.medium\n min_servers: 2\n max_servers: 4\n associate_public_ip_address: 0\n docker_storage_size: 40\n dockerhub_email: ''\n dockerhub_token: ''\n monitoring_docs_path: https://github.com/dxw/ops-docs/blob/master/dalmatian-monitoring/\n basic_auth_users:\n dxwsupport: '085740adb45fce7e0968c43a26f3acc9fc2c9ac1f38919ed78270f80905dbce07ea010aa8c5e44ee685ed3d8833e6dbbb4a6427af4a10011a8946187a29913e0d59540ba3f0c25f1bb66b6d76a473bd2cf70d9f8b0c79c05ae85864cf8cf779f'\ninfrastructures:\n bas:\n account_id: '419128131613'\n cluster:\n create: true\n opensearch_cluster:\n - identifier: bas\n in_use_by:\n - web\n version: 3.1\n master_enabled: false\n instance_count: 3\n instance_type: t3.small.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n rds:\n - identifier: bas\n instance_class:\n prod: db.t3.medium\n staging: db.t3.small\n engine: mysql\n engine_version: 8.0.42\n db_name: bas\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - web\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 2\n max_servers: 3\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:20014\n syslog_papertrail_endpoint: logs3.papertrailapp.com:20014\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:15689\n syslog_papertrail_endpoint: logs4.papertrailapp.com:15689\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n services:\n - name: web\n enable_max_one_container_per_instance: false\n launch_on:\n - prod\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n - Origin\n - X-WP-Nonce\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetim\n\n... [579,678 characters omitted] ...\n\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-nws-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nws-wip\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/multisite.workinginpartnership.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(2,32 * * * ? *)\n prod: cron(1,21,41 * * * ? *)\n domain_names:\n prod:\n - \"*.workinginpartnership.org.uk\"\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/ff35e592-9e68-472e-9aef-e629b973920a\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/7f2141d6-9f1d-4d44-bf78-9e6188a4f185\n - name: nws\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-nws-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-nws-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nws\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/nuclearwasteservices.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - nuclearwasteservices.uk\n - www.nuclearwasteservices.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/0ae4a9de-638e-4b2b-9b55-d5e067d1e099\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/771a5353-707e-4cb7-ac75-33eee52a7f1a\n - name: wg3\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wg3-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-wg3-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wg3-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wg3-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-wg3-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wg3-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/workinggroup3\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/wg3\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n - name: wip\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/wip\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/workinginpartnership.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - workinginpartnership.org.uk\n - www.workinginpartnership.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/e887f171-62bd-4f86-aaa2-a694b18387e7\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/f788659d-a985-4378-8ead-6aa4b9ad6127\n stgeorges:\n account_id: '149524467025'\n cluster:\n create: true\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:30503\n enable_efs: 'true'\n syslog_papertrail_endpoint: logs4.papertrailapp.com:30503\n aurora:\n - identifier: sqlcluster\n minimum_size:\n staging: 0.5\n prod: 1\n maximum_size:\n staging: 2\n prod: 6\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: sqlcluster\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - stgeorges-1\n shared_loadbalancer:\n - name: stgeorges-1\n global_accelerator:\n prod: true\n in_use_by:\n - web\n - aos\n services:\n - name: aos\n launch_on:\n - prod\n cloudfront:\n create: false\n serve_from_subdirectory: \"/aos\"\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/sghaos\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/stgeorges.nhs.uk.aos\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/stgeorges.nhs.uk.aos\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - www.stgeorges.nhs.uk\n - stgeorges.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:149524467025:certificate/3bbd1e85-b7f8-431d-a1af-c9e552f8f4bb\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:149524467025:certificate/c727a06e-a61a-4541-ba12-eb9777a34155\n - name: web\n launch_on:\n - prod\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: stgeorges-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: stgeorges-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: stgeorges-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/stghpress\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/stgeorges.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/stgeorges.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - www.stgeorges.nhs.uk\n - stgeorges.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:149524467025:certificate/3bbd1e85-b7f8-431d-a1af-c9e552f8f4bb\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:149524467025:certificate/c727a06e-a61a-4541-ba12-eb9777a34155\n test-app:\n account_id: '511700466171'\n cluster:\n create: true\n rds:\n - identifier: bikeshed\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: 5.7.44\n storage_encrypted: false\n db_name: bikeshed\n codebuild_access:\n - test-service\n elasticache_cluster:\n - identifier: testredis\n in_use_by:\n - test-service\n engine: redis\n node_type: cache.t2.micro\n node_count: 1\n engine_version: 6.x\n port: 6379\n maintenance_window: mon:19:00-mon:22:00\n snapshot_window: '09:00-10:00'\n parameter_store_path_elasticache_cluster_url_name: REDIS_URL\n shared_loadbalancer:\n - name: test-shared\n in_use_by:\n - test-service\n s3:\n - name: test-app-bucket-staging\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - test-service-staging\n policy:\n staging:\n rw:\n services:\n - test-service\n environments:\n staging:\n track_revision: master\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs7.papertrailapp.com:34880\n min_servers: 2\n max_servers: 4\n enable_ecs_vpc_flow_logs: true\n services:\n - name: test-service\n blue_green:\n staging:\n enabled: true\n enable_max_one_container_per_instance: false\n monitoring:\n production:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n basic_auth:\n staging: true\n basic_auth_users_extra:\n test-user: 621138553c8384db4fd7b71e22ffe7e0d049230346e99412d29a249f7bf90e2403d26386bf5288a86ee7174ca007723490f0bcf19c6e1375f1edf25345f0611490221256f5edda8df0e8b16db80d33a38602982f5a4c22e4a1a1566162e9bd1a\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n ip_subnet_allow_list:\n - 54.76.254.148/32\n - name: redirects\n true_client_ip_header: true\n redirects:\n - from_hostname_pattern: dalmatian-test-app.dxw.net\n from_path_pattern: \"/dxw-redirect\"\n to_hostname: dxw.com\n to_path: \"/$${path}\"\n associate_with_default_behaviour:\n staging: true\n custom_origins:\n staging:\n - origin: test-media-staging.s3.amazonaws.com\n id: test-media-staging-s3\n - origin: test-app-bucket-staging.s3.amazonaws.com\n id: test-app-bucket-staging\n production:\n - origin: test-media-production.s3.amazonaws.com\n id: test-media-production-s3\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/media/*\"\n target_origin_id: test-media-staging-s3\n min_ttl: 1200\n default_ttl: 3600\n max_ttl: 86400\n associate_viewer_request_function: default\n - path_patterns:\n - \"/test/*\"\n target_origin_id: test-app-bucket-staging\n forwarded_headers:\n - Authorization\n min_ttl: 1200\n default_ttl: 3600\n max_ttl: 86400\n associate_viewer_request_function: default\n serve_from_subdirectory: \"/test-subdir\"\n domain_names:\n staging:\n - dalmatian-test-app.dxw.net\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/dalmatian-test-app\n codepipeline_use_github_v1: true\n codepipeline_codebuild_run_in_vpc: true\n buildspec: buildspec.yml\n container_port: 3100\n container_command:\n - \"/docker-entrypoint.sh\"\n - rails\n - server\n container_volumes:\n - name: test\n host_path: \"/mnt/test\"\n container_path: \"/test\"\n scheduled_tasks:\n - name: test-scheduled-task\n command:\n - echo\n - hello\n schedule_expression:\n staging: cron(0/15 * * * ? *)\n prod: cron(0/15 * * * ? *)\nparameter-store-path-prefix: \"/dalmatian-variables/\"\nProcess Group PGID: 66553" } } } ], "status": "success", "timestamp": "2026-02-20T17:55:47.970Z", "resultDisplay": "---\naccount-bootstrap:\n variables:\n region: eu-west-2\n root_domain_zone: dalmatian.dxw.net\n dalmatian_read_users:\n - ed\n - cristina\n - hippers\n - bob-read\n dalmatian_admin_users:\n - chris\n - bob\n - laura-admin\n - ed-admin\n - cristina-admin\n - olivia-admin\n - tomh-admin\n - isratc-admin\n - lorna-admin\n - nick-admin\n - stu-admin\n - rob-admin\n - anthony-admin\n - lee-admin\n - matty-admin\n - calum-admin\n - meyric-admin\n - brent-admin\n - serena-admin\n - dragon-admin\n - suze-admin\n - george-admin\n - matthew-admin\n - sim-admin\n - barryr-admin\n - jamesk-admin\n - ash-admin\n - sarah-admin\n - ynda-admin\n - patrick-admin\n - williamman-admin\nci:\n variables:\n region: eu-west-2\n prci_github_owner: dxw\n prci_github_repository: dalmatian\n prci_codebuild_compute_type: BUILD_GENERAL1_SMALL\n prci_codebuild_image: public.ecr.aws/q8n3y8x7/testing-terraform-docker:latest\n bpsp_source_branch: master\n bpbp_codebuild_compute_type: BUILD_GENERAL1_SMALL\n bpbp_codebuild_image: public.ecr.aws/q8n3y8x7/testing-terraform-docker:latest\ninfrastructure-defaults:\n variables:\n region: eu-west-2\n cidr: 10.0.0.0/16\n root_domain_zone: dalmatian.dxw.net\n internal_domain_zone: dalmatian.internal\n ecs_private_subnets:\n - availability_zone: eu-west-2a\n cidr: 10.0.128.0/24\n - availability_zone: eu-west-2b\n cidr: 10.0.129.0/24\n - availability_zone: eu-west-2c\n cidr: 10.0.130.0/24\n extra_public_subnets:\n - availability_zone: eu-west-2a\n cidr: 10.0.0.0/24\n - availability_zone: eu-west-2b\n cidr: 10.0.1.0/24\n - availability_zone: eu-west-2c\n cidr: 10.0.2.0/24\n instances_key_name: dalmatian-ecs-instances\n instance_type: t3.medium\n min_servers: 2\n max_servers: 4\n associate_public_ip_address: 0\n docker_storage_size: 40\n dockerhub_email: ''\n dockerhub_token: ''\n monitoring_docs_path: https://github.com/dxw/ops-docs/blob/master/dalmatian-monitoring/\n basic_auth_users:\n dxwsupport: '085740adb45fce7e0968c43a26f3acc9fc2c9ac1f38919ed78270f80905dbce07ea010aa8c5e44ee685ed3d8833e6dbbb4a6427af4a10011a8946187a29913e0d59540ba3f0c25f1bb66b6d76a473bd2cf70d9f8b0c79c05ae85864cf8cf779f'\ninfrastructures:\n bas:\n account_id: '419128131613'\n cluster:\n create: true\n opensearch_cluster:\n - identifier: bas\n in_use_by:\n - web\n version: 3.1\n master_enabled: false\n instance_count: 3\n instance_type: t3.small.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n rds:\n - identifier: bas\n instance_class:\n prod: db.t3.medium\n staging: db.t3.small\n engine: mysql\n engine_version: 8.0.42\n db_name: bas\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - web\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 2\n max_servers: 3\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:20014\n syslog_papertrail_endpoint: logs3.papertrailapp.com:20014\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:15689\n syslog_papertrail_endpoint: logs4.papertrailapp.com:15689\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n services:\n - name: web\n enable_max_one_container_per_instance: false\n launch_on:\n - prod\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n - Origin\n - X-WP-Nonce\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n - Origin\n - X-WP-Nonce\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: bas-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/baspress\n buildspec: dalmatian_core_buildspec_saluki\n container_count: '5'\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/bas.ac.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/bas.ac.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1,31 * * * ? *)\n domain_names:\n prod:\n - bas.ac.uk\n - www.bas.ac.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:419128131613:certificate/cdf6d6b8-1f01-4a3f-9591-0c1e56866121\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:419128131613:certificate/9ce96ba1-565d-477f-8e6b-08edb0a3aeaf\n caselaw-stg:\n account_id: '626206937213'\n cluster:\n create: true\n s3:\n - name: tna-caselaw-assets-staging\n encrypted: false\n acl: public-read\n policy:\n staging:\n rw:\n services:\n - editor\n cloudfront:\n create: true\n domain_names:\n - assets.staging.caselaw.nationalarchives.gov.uk\n certificate: arn:aws:acm:us-east-1:626206937213:certificate/f15f7b26-47f3-477b-a78c-08b328c3ce4f\n - name: tna-caselaw-unpublished-assets-staging\n encrypted: true\n acl: private\n policy:\n staging:\n rw:\n services:\n - editor\n - name: tna-caselaw-marklogic-backup-staging\n encrypted: true\n acl: private\n aurora:\n - identifier: cluster1\n minimum_size:\n staging: 0.5\n maximum_size:\n staging: 1\n engine: aurora-postgresql\n engine_version: '15.4'\n db_name: cluster1\n rds:\n - identifier: shared\n instance_class:\n staging: db.t3.small\n engine: postgres\n engine_version: '11.22'\n db_name: inital_db_name\n allocated_storage: 200\n port: 5432\n waf:\n - name: caselaw\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesSQLiRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n associations:\n service_loadbalancer:\n - editor\n - public\n - priv-api\n environments:\n staging:\n track_revision: main\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:25413\n enable_efs: 'true'\n services:\n - name: editor\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n blue_green:\n staging:\n enabled: true\n enable_max_one_container_per_instance: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-editor-ui\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/check\"\n container_port: 5000\n container_command:\n - \"/entrypoint\"\n - \"/start\"\n domain_names:\n staging:\n - editor.staging.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:626206937213:certificate/32e71258-1bad-4281-9341-29efae63c184\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:626206937213:certificate/556f9be1-aa77-47fe-b2de-7d487bac6597\n scheduled_tasks:\n - name: process-reenrichment-queue\n command:\n - \"./manage.py\"\n - enrich_next_in_reenrichment_queue\n schedule_expression:\n prod: cron(13,43 18-23,0-6 * * ? *)\n - name: pdf-worker\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-pdf-conversion\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n container_port: 0\n container_command:\n - python\n - queue_listener/queue_listener.py\n - name: priv-api\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n blue_green:\n staging:\n enabled: true\n enable_max_one_container_per_instance: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-privileged-api\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/docs\"\n container_port: 8080\n container_command:\n - uvicorn\n - openapi_server.main:app\n - \"--host 0.0.0.0\"\n - \"--port 8080\"\n domain_names:\n staging:\n - api.staging.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:626206937213:certificate/acf4d06f-9cad-46e7-99e7-914844566e24\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:626206937213:certificate/415e2db3-7ecf-4356-a4cb-0fc7c8b44597\n - name: public\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n blue_green:\n staging:\n enabled: true\n enable_max_one_container_per_instance: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-public-ui\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/check\"\n container_port: 5000\n container_command:\n - \"/entrypoint\"\n - \"/start\"\n domain_names:\n staging:\n - staging.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:626206937213:certificate/dd7cc3f5-8ee7-4c26-96d6-99877378effb\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:626206937213:certificate/6249f595-1502-45c7-9652-4a345f5b7c93\n scheduled_tasks:\n - name: recalculate-court-dates\n command:\n - \"./manage.py\"\n - recalculate_court_dates\n - \"--write\"\n schedule_expression:\n staging: cron(56 4 * * ? *)\n caselaw:\n account_id: '276505630421'\n hosted_zones:\n - domain: caselaw.nationalarchives.gov.uk\n cname_records:\n - name: _78fb500e8843610842d4bb647db51570.editor.staging.caselaw.nationalarchives.gov.uk\n value: _1a90eb15805e7609d3c3bd2b6709fe0a.qwknvqrlct.acm-validations.aws.\n - name: _172c6de34b34a80be6af484e2e9b3392.www.editor.staging.caselaw.nationalarchives.gov.uk\n value: _4262efc7cf3b4d5529b9d90b7111cb16.qwknvqrlct.acm-validations.aws.\n - name: _132734cd7034e52fd59627f0489b58ac.staging.caselaw.nationalarchives.gov.uk\n value: _b1b36d22ad1c862f017974c4abc7f59b.qvwhjqbvbg.acm-validations.aws.\n - name: _0c54d6f21da3cf55b6e1a3004b3d3a56.www.staging.caselaw.nationalarchives.gov.uk\n value: _deab10e3dafed06823f3f6f32041f074.qvwhjqbvbg.acm-validations.aws.\n - name: _a356b4b103532cc511f1ffe8245c22fd.editor.caselaw.nationalarchives.gov.uk\n value: _7d11c470025c2f2e931f2a883cbf9601.qwknvqrlct.acm-validations.aws.\n - name: _de1d203a10f66ff17336848e2fb4b0bf.www.editor.caselaw.nationalarchives.gov.uk\n value: _5d14285f44f61a1af473eba13bc40409.qwknvqrlct.acm-validations.aws.\n - name: _e5ca712f11e67119c380b3deae49fd70.caselaw.nationalarchives.gov.uk\n value: _823a867ae62dd74f29bb6fd39971fcb3.qwknvqrlct.acm-validations.aws.\n - name: _fdd770ef0664411464b4f059488f9fbf.www.caselaw.nationalarchives.gov.uk\n value: _e0c09055ca46a0d452aafbe6eb83ddff.qwknvqrlct.acm-validations.aws.\n - name: editor.caselaw.nationalarchives.gov.uk\n value: dgahyt2fa3kuq.cloudfront.net.\n - name: editor.staging.caselaw.nationalarchives.gov.uk\n value: d1iuddf85kusku.cloudfront.net.\n - name: staging.caselaw.nationalarchives.gov.uk\n value: d2y1tp7iel5w9x.cloudfront.net.\n - name: _a1ebe4745c24eac61f7461eabbc168ef.api.staging.caselaw.nationalarchives.gov.uk.\n value: _97f1436f70ac31f294aada08cc8aaf64.fpktwqqglf.acm-validations.aws.\n - name: _e2656715e78ddb204030c56da570f97a.api.caselaw.nationalarchives.gov.uk.\n value: _ddbafbeea46b67d5e5463c687c2c3eb9.fpktwqqglf.acm-validations.aws.\n - name: api.staging.caselaw.nationalarchives.gov.uk\n value: d974tpiyde2op.cloudfront.net.\n - name: api.caselaw.nationalarchives.gov.uk\n value: d2fisfxnfqj9rn.cloudfront.net.\n - name: _376bc62e1236a60e4bdca674076ef63a.assets.caselaw.nationalarchives.gov.uk\n value: _deb34765c09add0aa7c56d60ba669b7f.njdczhxdjc.acm-validations.aws.\n - name: _c806e5a739d7fa82056fb78584f2faac.assets.staging.caselaw.nationalarchives.gov.uk\n value: _7c35da553486feb6dad8ea4c211f2e3a.njdczhxdjc.acm-validations.aws.\n - name: assets.staging.caselaw.nationalarchives.gov.uk\n value: daemohisb35uy.cloudfront.net\n - name: assets.caselaw.nationalarchives.gov.uk\n value: d6s9404qfl4w9.cloudfront.net\n - name: ml.internal.staging.caselaw.nationalarchives.gov.uk\n value: internal-casel-Inter-ZOGJXYO3YO0P-1952744788.eu-west-2.elb.amazonaws.com\n - name: ml.external.staging.caselaw.nationalarchives.gov.uk\n value: caselaw-Alb-AA6AAOM5OAIU-1229666245.eu-west-2.elb.amazonaws.com\n - name: ml.internal.production.caselaw.nationalarchives.gov.uk\n value: internal-casel-Inter-IEYELZU5H4SR-1103909616.eu-west-2.elb.amazonaws.com\n - name: ml.external.production.caselaw.nationalarchives.gov.uk\n value: caselaw-Alb-1IDSCWLVRCK1T-2098249791.eu-west-2.elb.amazonaws.com\n - name: tr7w64hjz4fmlcdf4evgn5ht7w42dgbc._domainkey.staging.caselaw.nationalarchives.gov.uk\n value: tr7w64hjz4fmlcdf4evgn5ht7w42dgbc.dkim.amazonses.com\n - name: 2iwvzyjtnnj4c637hwwhqjwtvc5kzbif._domainkey.staging.caselaw.nationalarchives.gov.uk\n value: 2iwvzyjtnnj4c637hwwhqjwtvc5kzbif.dkim.amazonses.com\n - name: sd4buvcxevejri33mvpeq6bc2gsy5cb3._domainkey.staging.caselaw.nationalarchives.gov.uk\n value: sd4buvcxevejri33mvpeq6bc2gsy5cb3.dkim.amazonses.com\n - name: musnzhdxppv4sqd6u2gl6gundup5wkpx._domainkey.caselaw.nationalarchives.gov.uk\n value: musnzhdxppv4sqd6u2gl6gundup5wkpx.dkim.amazonses.com\n - name: k4mrulrj4eh3lwv7amk4wzccj7nj2lgo._domainkey.caselaw.nationalarchives.gov.uk\n value: k4mrulrj4eh3lwv7amk4wzccj7nj2lgo.dkim.amazonses.com\n - name: tzq5x574nguteezy5vit3tivamrxeov2._domainkey.caselaw.nationalarchives.gov.uk\n value: tzq5x574nguteezy5vit3tivamrxeov2.dkim.amazonses.com\n alias_records:\n - name: caselaw.nationalarchives.gov.uk\n value: d3ps134a3uyfwa.cloudfront.net.\n cluster:\n create: true\n s3:\n - name: tna-caselaw-assets\n encrypted: false\n acl: public-read\n policy:\n prod:\n rw:\n services:\n - editor\n cloudfront:\n create: true\n domain_names:\n - assets.caselaw.nationalarchives.gov.uk\n certificate: arn:aws:acm:us-east-1:276505630421:certificate/fac62dd9-9cfc-4ba0-a478-c43db5bc1db9\n - name: tna-caselaw-unpublished-assets\n encrypted: true\n acl: private\n policy:\n prod:\n rw:\n services:\n - editor\n - name: tna-caselaw-marklogic-backup\n encrypted: true\n acl: private\n - name: tna-caselaw-ingester-deploy\n encrypted: true\n acl: private\n rds:\n - identifier: shared\n instance_class:\n prod: db.t3.small\n engine: postgres\n engine_version: '11.22'\n db_name: inital_db_name\n allocated_storage: 200\n port: 5432\n aurora:\n - identifier: cluster1\n minimum_size:\n prod: 0.5\n maximum_size:\n prod: 3\n engine: aurora-postgresql\n engine_version: '15.4'\n db_name: cluster1\n environments:\n prod:\n track_revision: production\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 5\n max_servers: 8\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:38403\n enable_efs: 'true'\n services:\n - name: editor\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n blue_green:\n prod:\n enabled: true\n enable_max_one_container_per_instance: false\n cloudfront:\n create: true\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-editor-ui\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/check\"\n container_port: 5000\n container_count: '5'\n container_command:\n - \"/entrypoint\"\n - \"/start\"\n domain_names:\n prod:\n - editor.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:276505630421:certificate/23c7f59a-21e2-41f9-92d1-cb314520038e\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:276505630421:certificate/ca233fa5-4f91-4891-b9ae-13c18a1fddf4\n scheduled_tasks:\n - name: process-reenrichment-queue\n command:\n - \"./manage.py\"\n - enrich_next_in_reenrichment_queue\n schedule_expression:\n prod: cron(13,43 18-23,0-6 * * ? *)\n - name: process-reparse-queue\n command:\n - \"./manage.py\"\n - reparse_next_in_reparse_queue\n schedule_expression:\n prod: cron(28,58 18-23,0-6 * * ? *)\n - name: pdf-worker\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-pdf-conversion\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n container_port: 0\n container_command:\n - python\n - queue_listener/queue_listener.py\n - name: priv-api\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n blue_green:\n prod:\n enabled: true\n enable_max_one_container_per_instance: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-privileged-api\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/docs\"\n container_port: 8080\n container_command:\n - uvicorn\n - openapi_server.main:app\n - \"--host 0.0.0.0\"\n - \"--port 8080\"\n domain_names:\n prod:\n - api.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:276505630421:certificate/1ef9680d-cb14-4a3e-9eb8-19e0d726acb8\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:276505630421:certificate/a584725d-f055-48b3-ac5d-ab0a503e9504\n - name: public\n blue_green:\n prod:\n enabled: true\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: true\n cloudfront_5xx:\n enabled: true\n threshold: '5'\n evaluation_periods: '15'\n ghost_inspector:\n enabled: false\n enable_max_one_container_per_instance: false\n cloudfront:\n create: true\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-public-ui\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/check\"\n container_port: 5000\n container_count: '5'\n container_command:\n - \"/entrypoint\"\n - \"/start\"\n domain_names:\n prod:\n - caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:276505630421:certificate/bec03109-db3c-489e-aeca-37ae57061d32\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:276505630421:certificate/2d5cdc02-4bf7-4ecf-84fc-6e8ea328b210\n scheduled_tasks:\n - name: recalculate-court-dates\n command:\n - \"./manage.py\"\n - recalculate_court_dates\n - \"--write\"\n schedule_expression:\n prod: cron(56 4 * * ? *)\n dalmatian-1:\n account_id: '052666621102'\n cluster:\n create: true\n rds:\n - identifier: shared1\n instance_class:\n staging: db.t2.small\n prod: db.t2.small\n engine: postgres\n engine_version: '11.22'\n storage_encrypted: false\n storage_type: gp2\n db_name: initial_db_name\n codebuild_access:\n - sun\n - sun-worker\n shared_loadbalancer:\n - name: shared-1\n in_use_by:\n - sun\n elasticache_cluster:\n - identifier: sun\n node_type: cache.t3.small\n node_count: 2\n engine: redis\n engine_version: 6.x\n in_use_by:\n - sun\n - sun-worker\n environments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:13251\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs:\n - sun-discourse/bitnami\n - sun-discourse/discourse-assets\n - sun/assets\n - sun/uploads\n - sun/plugins\n prod:\n track_revision: master\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:39394\n enable_efs: 'true'\n encrypt_efs: 'false'\n min_servers: 3\n max_servers: 6\n efs_dirs:\n - sun-discourse/bitnami\n - sun-discourse/discourse-assets\n - sun/assets\n - sun/uploads\n - sun/plugins\n services:\n - name: sun-worker\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/sun-discourse-docker\n buildspec: buildspec.yml\n codepipeline_codebuild_run_in_vpc: true\n codepipeline_codebuild_use_service_env: true\n container_port: 0\n container_command:\n - \"/docker-entrypoint.sh\"\n - bundle\n - exec\n - sidekiq\n container_volumes:\n - name: uploads\n host_path: \"/mnt/efs/sun/uploads\"\n container_path: \"/var/www/discourse/public/uploads\"\n home_directory: \"/home/discourse\"\n - name: sun\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/sun-discourse-docker\n codepipeline_codebuild_run_in_vpc: true\n codepipeline_codebuild_use_service_env: true\n buildspec: buildspec.yml\n health_check_grace_period: 1200\n health_check_path: \"/\"\n container_port: 9292\n container_count: 3\n enable_max_one_container_per_instance: false\n container_command:\n - \"/docker-entrypoint.sh\"\n - bundle\n - exec\n - puma\n container_volumes:\n - name: uploads\n host_path: \"/mnt/efs/sun/uploads\"\n container_path: \"/var/www/discourse/public/uploads\"\n home_directory: \"/home/discourse\"\n domain_names:\n prod:\n - www.statsusernet.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:052666621102:certificate/2e725a4f-a60c-4722-82f7-217eceb73e60\n dhsc:\n account_id: '504027283968'\n cluster:\n create: true\n opensearch_cluster:\n - identifier: dhsc\n in_use_by:\n - intranet\n - intra-dev\n version: 3.1\n master_enabled: false\n instance_count: 3\n instance_type: t3.small.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n aurora:\n - identifier: dhscint\n minimum_size:\n staging: 0.5\n prod: 1\n maximum_size:\n staging: 1\n prod: 30\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: dhscint\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - intranet\n - intra-dev\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 5\n max_servers: 6\n logspout_command:\n - syslog+tls://logs6.papertrailapp.com:28623\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/intranet.dhsc.gov.uk\n syslog_papertrail_endpoint: logs6.papertrailapp.com:28623\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:36547\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/intranet.dhsc.gov.uk\n syslog_papertrail_endpoint: logs3.papertrailapp.com:36547\n services:\n - name: intra-dev\n launch_on:\n - staging\n cloudfront:\n create: true\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n - \"/wp-admin/css/*\"\n - \"/wp-admin/js/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dhsc-intra-dev-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dhsc-intra-dev-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n prod:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n - \"/wp-admin/css/*\"\n - \"/wp-admin/js/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dhsc-intra-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dhsc-intra-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/dhsc-intranet\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '2'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/intra-dev.dhsc.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1/2 * * * ? *)\n - name: intranet\n enable_max_one_container_per_instance: false\n global_accelerator:\n prod: false\n staging: false\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: true\n cloudfront_5xx:\n enabled: true\n threshold: '95'\n evaluation_periods: '5'\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n offline_page_http_status:\n 504: \"/error-pages/500.html\"\n 500: \"/error-pages/501.html\"\n 501: \"/error-pages/502.html\"\n 502: \"/error-pages/503.html\"\n 503: \"/error-pages/504.html\"\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dhsc-intranet-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dhsc-intranet-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n staging:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dhsc-intranet-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dhsc-intranet-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/dhsc-intranet\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '4'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/intranet.dhsc.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - intranet.dhsc.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:504027283968:certificate/b2372a2f-9aa3-4aea-9c51-bf0ec90d3027\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:504027283968:certificate/9fcff1ae-444c-46f9-83e2-a56a63be1131\n dxw-govpress:\n account_id: '666653442229'\n hosted_zones:\n - domain: govpress.com\n mx_records:\n - name: govpress.com\n value:\n - 10 mail.dxw.net.\n - name: clients.govpress.com\n value:\n - 10 mail.dxw.net.\n - name: helpful.govpress.com\n value:\n - 10 mail.dxw.net.\n cname_records:\n - name: relay.govpress.com\n value: gingerbread.dxw.net.\n - name: git.govpress.com\n value: gitlab-prod-app.prod.dxw.net.\n - name: www.govpress.com\n value: redirect.dxw.net.\n - name: esht.prod.govpress.com\n value: d15tqudmnm8frj.cloudfront.net\n - name: _d82f73e41cffdbd334e6943ccc710e7a.govpress.com\n value: _3c0f1cf439ba4fcc9c17c55d2130ee56.njdczhxdjc.acm-validations.aws\n - name: _e765e7b484391dc5cc84f98f49a46337.www.govpress.com\n value: _4d3157cb7368a9836e01844246374d77.njdczhxdjc.acm-validations.aws\n - name: magnus._domainkey.govpress.com\n value: magnus._domainkey.dxw.com\n a_records:\n - name: govpress.com\n value: 54.228.199.127\n - name: lambeth.prod.govpress.com\n value: 46.43.2.234\n txt_records:\n - name: govpress.com\n value:\n - v=spf1 include:spf.dxw.net ~all\n - name: _dmarc.govpress.com\n value:\n - v=DMARC1; p=none; rua=mailto:postmaster-dmarc@dxw.com\n - name: clients.govpress.com\n value:\n - v=spf1 a:gingerbread.dxw.net mx include:spf.dxw.net include:amazonses.com ~all\n - name: _dmarc.clients.govpress.com\n value:\n - v=DMARC1; p=none; rua=mailto:dxw-d@dmarc.report-uri.com\n - name: mailtrap-forward.clients.govpress.com\n value:\n - mailtrap-forward=2eb7461a24c4f29b240c4bec462663ea9b57779c562174b6b42ae1de38003091\n ns_records:\n - name: aws.govpress.com\n value:\n - ns-758.awsdns-30.net.\n - ns-1633.awsdns-12.co.uk.\n - ns-1105.awsdns-10.org.\n - ns-325.awsdns-40.com.\n - domain: cass.independent-review.uk\n cname_records:\n - name: _5e91d9e0e2cc7abbe5a1283046c65871.cass.independent-review.uk\n value: _754633b27559c07c4e645fc5f5be3e25.zjfbrrwmzc.acm-validations.aws.\n a_records:\n - name: cass.independent-review.uk\n value: 54.228.199.127\n txt_records:\n - name: _dmarc.cass.independent-review.uk\n value: v=DMARC1; p=reject;\n - name: cass.independent-review.uk\n value: v=spf1 -all\n mx_records:\n - name: cass.independent-review.uk\n value:\n - 0 .\n - domain: dcmsblog.uk\n cname_records:\n - name: _99f38f14bb860d93ce07d0f8b8a3338b.www.dcmsblog.uk\n value: _f9992e4aa0b8e0100c26211119fb69ca.lblqlwmygg.acm-validations.aws.\n - name: _b2a3eb8c50a5a1c8b27a79f86641235c.dcmsblog.uk\n value: _34d57f1463a0cd62e865532e096afcc7.lblqlwmygg.acm-validations.aws.\n - name: www.dcmsblog.uk\n value: d1qws3mk1m4f0z.cloudfront.net.\n mx_records:\n - name: dcmsblog.uk\n value:\n - 10 mail.dxw.net\n txt_records:\n - name: dcmsblog.uk\n value:\n - v=spf1 mx -all\n alias_records:\n - name: dcmsblog.uk\n value: d1qws3mk1m4f0z.cloudfront.net.\n - domain: younghackney.org\n cname_records:\n - name: _99eff7ccd4566c043c0cf97ddd2e583c.www.younghackney.org\n value: _cefe57a5dfb406a0f85653cdaa16266e.fpktwqqglf.acm-validations.aws.\n - name: _eaafe27852697569cf138410f690d139.younghackney.org\n value: _384b84719b73762d510b218ccd7fe015.fpktwqqglf.acm-validations.aws.\n - name: www.younghackney.org\n value: daadrojmc4wm1.cloudfront.net.\n alias_records:\n - name: younghackney.org\n value: daadrojmc4wm1.cloudfront.net.\n - domain: aws.govpress.com\n cname_records:\n - name: bce.aws.govpress.com\n value: d3fd50518r0hft.cloudfront.net.\n - domain: armedforcescovenant.gov.uk\n cname_records:\n - name: www.armedforcescovenant.gov.uk\n value: d12whp7kmexnih.cloudfront.net.\n - name: _cc4b74431798b39640ed4e3b372efc56.armedforcescovenant.gov.uk\n value: _d5fef69b2cbeaf912b935e513ad7bcf4.fpgkgnzppq.acm-validations.aws.\n - name: _f7f0506aba0082a9dede2ac3279025e5.www.armedforcescovenant.gov.uk\n value: _2f172ba3cfcc8466d5ca50f00687ae49.fpgkgnzppq.acm-validations.aws\n txt_records:\n - name: armedforcescovenant.gov.uk\n value:\n - v=spf1 mx -all\n - name: _dmarc.armedforcescovenant.gov.uk\n value:\n - v=DMARC1; p=reject\n alias_records:\n - name: armedforcescovenant.gov.uk\n value: d12whp7kmexnih.cloudfront.net.\n mx_records:\n - name: armedforcescovenant.gov.uk\n value:\n - 10 mail.dxw.net\n cluster:\n create: true\n rds:\n - identifier: med1\n instance_class:\n staging: db.t3.medium\n prod: db.t3.medium\n engine: mysql\n engine_version: 8.0.42\n db_name: initial_db_name\n sync_sql_backup_to_azure: false\n aurora:\n - identifier: cluster1\n minimum_size:\n staging: 0.5\n prod: 0.5\n maximum_size:\n staging: 6\n prod: 8\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: cluster1\n sync_sql_backup_to_azure: false\n - identifier: cluster2\n minimum_size:\n staging: 0.5\n prod: 0.5\n maximum_size:\n staging: 6\n prod: 16\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: cluster2\n sync_sql_backup_to_azure: false\n - identifier: cluster3\n minimum_size:\n staging: 0.5\n prod: 0.5\n maximum_size:\n staging: 6\n prod: 8\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: cluster3\n sync_sql_backup_to_azure: false\n elasticache_cluster:\n - identifier: rdscache\n in_use_by:\n - af-covenant\n - af-day\n - af-grants\n - advisories\n - analysis\n - arctic\n - bas\n - bas-2025\n - bas-ice-arc\n - bat\n - biot\n - bce\n - bikeshed\n - care-city\n - cognus\n - coretest\n - dcmsblog\n - dfe-eah\n - dft-think\n - dsma\n - dxw-web\n - e-and-e\n - essex-blog\n - esht\n - esht-me\n - fcdo-blog\n - fcdo-lanc\n - fcdo-proto\n - fcdo-stor\n - fleming\n - gosc-test\n - hackneyrec\n - healthy-lon\n - icai\n - itf\n - lamb-cs\n - lamb-love\n - lamb-made\n - lamb-tog\n - ons-careers\n - osdi\n - osteo-cpd\n - osteo-std\n - natcen-scot\n - natcen-uk\n - nhs-england\n - nhs-ltp\n - ons-cop\n - ons-osr\n - ons-uksa\n - ons-www\n - psaa\n - psc\n - refugee\n - saluki-sub\n - saluki-test\n - settle\n - stg\n - stg-aos\n - tke\n - uadta\n - ukaea\n - unialliance\n - unimyths\n - v2c-llanw\n - v-to-c\n - younghack\n node_type: cache.t3.medium\n node_count: 2\n engine: redis\n engine_version: 7.x\n parameters:\n - name: maxmemory-policy\n value: allkeys-lru\n shared_loadbalancer:\n - name: shared-1\n global_accelerator:\n prod: true\n in_use_by:\n - advisories\n - arctic\n - bas\n - bas-2025\n - bce\n - bikeshed\n - care-city\n - cognus\n - dcmsblog\n - dfe-eah\n - dsma\n - dxw-web\n - e-and-e\n - esht\n - esht-me\n - gosc-test\n - hackneyrec\n - healthy-lon\n - icai\n - itf\n - ons-careers\n - osdi\n - osteo-cpd\n - osteo-std\n - psaa\n - psc\n - refugee\n - saluki-sub\n - saluki-test\n - settle\n - stg\n - stg-aos\n - tke\n - uadta\n - ukaea\n - unialliance\n - unimyths\n - v2c-llanw\n - v-to-c\n - younghack\n - name: shared-2\n global_accelerator:\n prod: true\n in_use_by:\n - af-covenant\n - af-day\n - af-grants\n - analysis\n - bas-ice-arc\n - bat\n - biot\n - dft-think\n - essex-blog\n - fcdo-blog\n - fcdo-lanc\n - fcdo-proto\n - fcdo-stor\n - fleming\n - lamb-cs\n - lamb-love\n - lamb-made\n - lamb-tog\n - natcen-scot\n - natcen-uk\n - nhs-england\n - nhs-ltp\n - ons-cop\n - ons-osr\n - ons-uksa\n - ons-www\n - coretest\n waf:\n - name: wordpress-1\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/admin-ajax.php\"\n - \"/wp-admin/async-upload.php\"\n - \"/wp-admin/post.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - shared-1\n - shared-2\n s3:\n - name: analysis-dashboard-staging\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - analysis-staging\n policy:\n staging:\n rw:\n services:\n - analysis\n - name: analysis-dashboard-prod\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - analysis-prod\n policy:\n prod:\n rw:\n services:\n - analysis\n - name: settle-reports-staging\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - settle-staging\n policy:\n staging:\n rw:\n services:\n - settle\n - name: settle-reports-prod\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - settle-prod\n policy:\n prod:\n rw:\n services:\n - settle\n environments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n min_servers: 11\n max_servers: 16\n docker_storage_size: 80\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:15689\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n syslog_papertrail_endpoint: logs4.papertrailapp.com:15689\n prod:\n track_revision: main\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 14\n max_servers: 20\n docker_storage_size: 80\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:20014\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n syslog_papertrail_endpoint: logs3.papertrailapp.com:20014\n services:\n - name: advisories\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-advisories-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-advisories-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/advisories\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/advisories.dxw.com\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(3 * * * ? *)\n prod: cron(3 * * * ? *)\n domain_names:\n prod:\n - advisories.dxw.com\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/cdc50525-238e-4898-9795-c23491d59fd0\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/d419dd64-522f-4ad0-8f93-d6e66e1e7154\n - name: af-covenant\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-covenant-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-af-covenant-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-covenant-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-covenant-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-af-covenant-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-covenant-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/afc\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/armedforcescovenant.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/armedforcescovenant.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(4 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(4 * * * ? *)\n prod: cron(4 * * * ? *)\n domain_names:\n prod:\n - armedforcescovenant.gov.uk\n - www.armedforcescovenant.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/2a3d4fe0-5b43-4770-ac37-730947cae3e8\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/15cb0373-983a-49ee-a898-98a73984bbbc\n - name: af-day\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-day-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-af-day-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-day-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n - gmw_autolocate\n forward_query_strings: true\n associate_viewer_request_function: default\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-day-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-af-day-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-day-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n - gmw_autolocate\n forward_query_strings: true\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/afd\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/armedforcesday.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/armedforcesday.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(5 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(5 * * * ? *)\n prod: cron(5 * * * ? *)\n domain_names:\n prod:\n - armedforcesday.org.uk\n - www.armedforcesday.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/91353c6d-9c86-440e-8f6e-087c190f3b7a\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/a62bbbd4-57d5-43f1-bf0e-f9ab66965dc9\n - name: af-grants\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/afdgrants\n buildspec: dalmatian_core_buildspec_saluki\n serve_from_subdirectory: \"/grants\"\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/armedforcesday.org.uk-grants\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/armedforcesday.org.uk-grants\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(6 * * * ? *)\n prod: cron(6 * * * ? *)\n domain_names:\n prod:\n - armedforcesday.org.uk\n - www.armedforcesday.org.uk\n staging:\n - af-day.staging.dxw-govpress.dalmatian.dxw.net\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/91353c6d-9c86-440e-8f6e-087c190f3b7a\n staging: arn:aws:acm:eu-west-2:666653442229:certificate/ac236a44-96ec-4224-8881-67f1d16d3252\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/a62bbbd4-57d5-43f1-bf0e-f9ab66965dc9\n staging: arn:aws:acm:us-east-1:666653442229:certificate/6ff33ae4-899a-4aa4-9ccf-60fbf42b502a\n - name: analysis\n cloudfront:\n create: true\n custom_origins:\n staging:\n - origin: analysis-dashboard-staging.s3.amazonaws.com\n id: analysis-dashboard-staging\n prod:\n - origin: analysis-dashboard-prod.s3.amazonaws.com\n id: analysis-dashboard-prod\n viewer_request_functions:\n - name: other\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: false\n prod: false\n - name: default\n redirects:\n - from_hostname_pattern: gss.civilservice.gov.uk\n from_path_pattern: \"/*\"\n to_hostname: analysisfunction.civilservice.gov.uk\n to_path: \"/$${path}\"\n associate_with_default_behaviour:\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/dashboard/*\"\n target_origin_id: analysis-dashboard-staging\n min_ttl: 1200\n default_ttl: 3600\n max_ttl: 86400\n associate_viewer_request_function: default\n forwarded_headers:\n - Origin\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-analysis-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: other\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-analysis-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-analysis-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/dashboard/*\"\n target_origin_id: analysis-dashboard-prod\n min_ttl: 1200\n default_ttl: 3600\n max_ttl: 86400\n associate_viewer_request_function: default\n forwarded_headers:\n - Origin\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-analysis-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: other\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-analysis-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-analysis-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/analysis_function\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/analysisfunction.civilservice.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(7 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(7 * * * ? *)\n prod: cron(7 * * * ? *)\n domain_names:\n prod:\n - analysisfunction.civilservice.gov.uk\n - gss.civilservice.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/40a04bd0-e71c-47ee-a5bd-24fa97a1446f\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/fcdbb581-15ab-46c6-a5e5-bff512f45c66\n - name: arctic\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-arctic-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-arctic-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-arctic-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-arctic-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-arctic-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-arctic-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/arcticoffice\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/arctic.ac.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/arctic.ac.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(8 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(8 * * * ? *)\n prod: cron(8 * * * ? *)\n domain_names:\n prod:\n - arctic.ac.uk\n - www.arctic.ac.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/9f7827e8-c484-4fae-b6e9-5d933feaef49\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/a37820f7-f2dd-4ab6-bd01-c9998220f97b\n - name: bas-2025\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bas-2025-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/baspress\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/bas-2025.staging.dxw-govpress.dalmatian.dxw.net\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/bas-2025.staging.dxw-govpress.dalmatian.dxw.net\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1/2 * * * ? *)\n - name: bas-ice-arc\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bas-ice-arc-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bas-ice-arc-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/bas-ice-arc\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/ice-arc.eu\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/ice-arc.eu\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(9 * * * ? *)\n prod: cron(9 * * * ? *)\n domain_names:\n prod:\n - ice-arc.eu\n - www.ice-arc.eu\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/0809ff77-1d1b-43e2-8078-725180d53ffd\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/45cd5307-2f70-457e-b5b8-2a0ea3d2d5cc\n - name: bas\n launch_on:\n - staging\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bas-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-bas-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bas-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bas-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-bas-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bas-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/baspress\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '5'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/bas.ac.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/bas.ac.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(10 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(10 * * * ? *)\n prod: cron(10 * * * ? *)\n - name: bat\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bat-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-bat-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bat-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bat-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-bat-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bat-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/bat2018\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/britishantarcticterritory.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/britishantarcticterritory.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(11 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(11 * * * ? *)\n prod: cron(11 * * * ? *)\n domain_names:\n prod:\n - britishantarcticterritory.org.uk\n - www.britishantarcticterritory.org.uk\n - britishantarcticterritory.uk\n - www.britishantarcticterritory.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/4f692397-bf19-4239-9c6e-8760ace1a953\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/cc513da8-7456-416e-bd53-cfce6681aa80\n - name: bce\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: false\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bce-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-bce-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bce-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bce-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-bce-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bce-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/boundary-commission-for-england\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '6'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/boundarycommissionforengland.independent.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(12 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(12 * * * ? *)\n prod: cron(12 * * * ? *)\n domain_names:\n prod:\n - boundarycommissionforengland.independent.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/fd73c019-4f7c-4e58-9916-1b09b45c9c5e\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/fb26f4de-bc06-47e9-93ab-0451ed9f4776\n - name: bikeshed\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bikeshed-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-bikeshed-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/bikeshed\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/bikeshed.dxw.net\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(14 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(14 * * * ? *)\n prod: cron(14 * * * ? *)\n domain_names:\n prod:\n - bikeshed.dxw.com\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/b36ff779-e7a2-42a6-8936-e9a38e84585f\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/2739ff58-7de0-4d14-b4fe-a8d32cc338fb\n - name: biot\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-biot-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-biot-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-biot-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-biot-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-biot-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-biot-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/biotpress\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/biot.gov.io\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/biot.gov.io\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(15 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(15 * * * ? *)\n prod: cron(15 * * * ? *)\n domain_names:\n prod:\n - biot.gov.io\n - www.biot.gov.io\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/cf7b3d86-cbd1-44b4-aa39-f72b206f70c7\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/8d4abb80-1162-4188-a0a8-cad85636000e\n - name: care-city\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-care-city-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-care-city-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-care-city-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-care-city-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-care-city-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-care-city-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/care-city\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/carecity.london\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/carecity.london\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(16 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(16 * * * ? *)\n prod: cron(16 * * * ? *)\n domain_names:\n prod:\n - carecity.org\n - www.carecity.org\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/a4ae7186-2c35-4901-9548-824c7ac93318\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/7fdbb0fa-7cba-45c2-90be-86178b91453d\n - name: cognus\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-cognus-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-cognus-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-cognus-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-cognus-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-cognus-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-cognus-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/cognus\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/cognus.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/cognus.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(24 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(24 * * * ? *)\n prod: cron(24 * * * ? *)\n domain_names:\n prod:\n - cognus.org.uk\n - www.cognus.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/68834538-23a9-4e24-aae9-d836e4e4b988\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/15b02b02-dcbd-4585-98ab-16d34c6fa94b\n - name: coretest\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-coretest-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-coretest-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-coretest-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_coretest_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-coretest-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-coretest-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-coretest-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_coretest_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/wordpress-core-test-site\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '1'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/coretest\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/coretest\"\n container_path: \"/var/www/html/wp-content/cache\"\n - name: dcmsblog\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-comments-post.php\"\n true_client_ip_header: true\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dcmsblog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dcmsblog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dcmsblog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-comments-post.php\"\n true_client_ip_header: true\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dcmsblog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dcmsblog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dcmsblog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/dcmsblog\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/dcmsblog.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/dcmsblog.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(26 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(26 * * * ? *)\n prod: cron(26 * * * ? *)\n domain_names:\n prod:\n - dcmsblog.uk\n - www.dcmsblog.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/d6644e5b-bfba-456b-9d08-5911839bb984\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/84868056-4cb1-408b-b60c-5d5e599f630b\n - name: dfe-eah\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dfe-eah-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-dfe-eah-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dfe-eah-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dfe-eah-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-dfe-eah-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dfe-eah-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/dfe-educateagainsthate\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/educateagainsthate.com\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/educateagainsthate.com\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(27 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(27 * * * ? *)\n prod: cron(27 * * * ? *)\n domain_names:\n prod:\n - www.educateagainsthate.com\n - educateagainsthate.com\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/c5737697-c9f5-41a6-8ad5-0b579945df34\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/7416b369-5ec5-4712-9b25-94c4edce7afc\n - name: dft-think\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dft-think-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-dft-think-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dft-think-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dft-think-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-dft-think-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dft-think-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/ht-think-main\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/think.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/think.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(28 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(28 * * * ? *)\n prod: cron(28 * * * ? *)\n domain_names:\n prod:\n - think.gov.uk\n - www.think.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/84635090-6fc2-43b3-b3a3-85583ce3cf95\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/3bc86bc0-218a-4f44-8a8a-78344086f056\n - name: dsma\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dsma-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-dsma-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dsma-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dsma-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-dsma-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dsma-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/DSMA2018\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/dsma.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/dsma.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(29 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(29 * * * ? *)\n prod: cron(29 * * * ? *)\n domain_names:\n prod:\n - dsma.uk\n - www.dsma.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/aaf36e3f-4a15-4251-ab3c-8fbde86c9306\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/879f6617-6d18-49a4-adcc-70d3bdab1c18\n - name: dxw-web\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dxw-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-dxw-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dxw-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dxw-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-dxw-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-dxw-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/website\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/dxw.com\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(30 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(30 * * * ? *)\n prod: cron(30 * * * ? *)\n domain_names:\n prod:\n - dxw.com\n - www.dxw.com\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/c1536ffc-067d-4512-b115-12247b34b50e\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/613eeb29-c72a-4e39-882c-05ad4108394b\n - name: e-and-e\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-e-and-e-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-e-and-e-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-e-and-e-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-e-and-e-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-e-and-e-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-e-and-e-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/educationandemployers\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/educationandemployers.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/educationandemployers.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(32 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(32 * * * ? *)\n prod: cron(32 * * * ? *)\n domain_names:\n prod:\n - educationandemployers.org\n - www.educationandemployers.org\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/3ca8eb41-043b-4312-96be-b0652c889296\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/57e4c238-4e79-4319-8bdd-edb1ef6bc2c3\n - name: esht-me\n launch_on:\n - staging\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: false\n serve_from_subdirectory: \"/medical-education\"\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/esht-meded\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/esht.nhs.uk-medical-education\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/esht.nhs.uk-medical-education\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(33 * * * ? *)\n prod: cron(33 * * * ? *)\n domain_names:\n staging:\n - esht.staging.dxw-govpress.dalmatian.dxw.net\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:666653442229:certificate/ad2506ab-c825-44d9-a939-b2468fd40d31\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:666653442229:certificate/b91fee58-eec7-45cc-b0e5-deca273c059d\n - name: esht\n launch_on:\n - staging\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-esht-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-esht-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-esht-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-esht-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/esht\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/esht.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/esht.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(34 * * * ? *)\n prod: cron(34 * * * ? *)\n - name: essex-blog\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-essex-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-essex-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-essex-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-essex-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-essex-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-essex-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/essex-blogs\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/blog.essex.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/blog.essex.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(35 * * * ? *)\n prod: cron(35 * * * ? *)\n workers:\n - name: dxw-digest\n container_command:\n - \"/usr/local/bin/run-wp-worker.sh\"\n - \"/var/www/html/wp-content/plugins/dxw-digest/bin/cmd.php\"\n - \"/var/www/html/wp-load.php\"\n container_count: '1'\n domain_names:\n prod:\n - blog.essex.gov.uk\n - \"*.blog.essex.gov.uk\"\n staging:\n - essex-blog.staging.dxw-govpress.dalmatian.dxw.net\n - \"*.essex-blog.staging.dxw-govpress.dalmatian.dxw.net\"\n - name: fcdo-blog\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fcdo-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fcdo-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fcdo-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fcdo-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fcoblogs\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/blogs.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/blogs.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(35 * * * ? *)\n prod: cron(35 * * * ? *)\n - name: fcdo-lanc\n launch_on:\n - staging\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fco-lancasterhouse\n serve_from_subdirectory: \"/lancasterhouse\"\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/lancaster.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/lancaster.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(36 * * * ? *)\n prod: cron(36 * * * ? *)\n domain_names:\n staging:\n - fcdo-blog.staging.dxw-govpress.dalmatian.dxw.net\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:666653442229:certificate/ebbf3e54-f90a-4d24-bcc6-9741cd75e60b\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:666653442229:certificate/230739ef-12f2-4dcf-92d4-b7306b801226\n - name: fcdo-proto\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fcdo-proto-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fcdo-proto-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fcdo-proto-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fcdo-proto-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fcodigital\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/protocol.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/protocol.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(37 * * * ? *)\n prod: cron(37 * * * ? *)\n - name: fcdo-stor\n launch_on:\n - staging\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fcolf2018\n serve_from_subdirectory: \"/stories\"\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/stories.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/stories.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(38 * * * ? *)\n prod: cron(38 * * * ? *)\n domain_names:\n staging:\n - fcdo-blog.staging.dxw-govpress.dalmatian.dxw.net\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:666653442229:certificate/ebbf3e54-f90a-4d24-bcc6-9741cd75e60b\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:666653442229:certificate/230739ef-12f2-4dcf-92d4-b7306b801226\n - name: fleming\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fleming-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-fleming-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fleming-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n - low-bandwidth\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fleming-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-fleming-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-fleming-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n - low-bandwidth\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fleming-fund\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/flemingfund.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/flemingfund.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1,31 * * * ? *)\n domain_names:\n prod:\n - flemingfund.org\n - www.flemingfund.org\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/e8e37a57-3c38-48c9-a9c3-dbad3195d094\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/1a260c2d-5a8c-4fc4-93b6-69de1d2f2ab6\n - name: gosc-test\n launch_on: staging\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-gosc-test-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n - Origin\n - X-WP-Nonce\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-gosc-test-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-gosc-test-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-gosc-test-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-gosc-test-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n - Origin\n - X-WP-Nonce\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-gosc-test-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-gosc-test-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-gosc-test-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/gosc-test\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/gosc-test\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/gosc-test\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1,31 * * * ? *)\n - name: hackneyrec\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-hackneyrec-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-hackneyrec-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-hackneyrec-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-hackneyrec-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-hackneyrec-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-hackneyrec-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fyihackney\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/recruitment.hackney.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/recruitment.hackney.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(40 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(40 * * * ? *)\n prod: cron(40 * * * ? *)\n domain_names:\n prod:\n - recruitment.hackney.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/6af9c927-cfe1-4050-84e4-a2c969b85170\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/3c356254-51bf-464d-89c0-67e73ec99f88\n - name: healthy-lon\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-healthy-lon-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-healthy-lon-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-healthy-lon-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-healthy-lon-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-healthy-lon-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-healthy-lon-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/healthylondon\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/healthylondon.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/healthylondon.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(42 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(42 * * * ? *)\n prod: cron(42 * * * ? *)\n domain_names:\n prod:\n - www.transformationpartners.nhs.uk\n - transformationpartners.nhs.uk\n - www.transformationpartnersinhealthandcare.nhs.uk\n - transformationpartnersinhealthandcare.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/dadda147-6c12-4771-8ecb-b171bfaff0ec\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/985898a7-6704-467d-a91b-10416a126b5d\n - name: icai\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-icai-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-icai-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-icai-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-icai-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-icai-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-icai-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/icai\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/icai.independent.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/icai.independent.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(43 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(43 * * * ? *)\n prod: cron(43 * * * ? *)\n domain_names:\n prod:\n - icai.independent.gov.uk\n - www.icai.independent.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/ebc74569-334b-4c61-98dc-9211fd83f370\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/7dddc1be-34ca-45ca-bd0b-89cfd5c542ec\n - name: itf\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-itf-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-itf-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-itf-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-itf-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-itf-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-itf-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/inspiringthefuture\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/inspiringthefuture.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/inspiringthefuture.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(47 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(47 * * * ? *)\n prod: cron(47 * * * ? *)\n domain_names:\n prod:\n - inspiringthefuture.org\n - www.inspiringthefuture.org\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/2488d218-cc1d-4d11-8616-188f9ac32aba\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/fe941217-034d-41f5-b78e-c4982aa84bc2\n - name: lamb-cs\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-cs-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-lamb-cs-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-cs-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-cs-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-lamb-cs-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-cs-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/countryshow18\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/lambethcountryshow.co.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/lambethcountryshow.co.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(48 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(48 * * * ? *)\n prod: cron(48 * * * ? *)\n domain_names:\n prod:\n - lambethcountryshow.co.uk\n - www.lambethcountryshow.co.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/8526d34a-9b1f-4988-8c67-1db9c567fb90\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/256d5196-b659-4ef5-8000-f21ffdef510a\n - name: lamb-love\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-love-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-lamb-love-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-love-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-love-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-lamb-love-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-love-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/lovelambethaugust2018\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/love.lambeth.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/love.lambeth.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(49 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(49 * * * ? *)\n prod: cron(49 * * * ? *)\n domain_names:\n prod:\n - love.lambeth.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/3005d03f-6fc1-4f22-9d7a-3764b82dfff8\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/f19b919d-e2d2-4e52-bd5b-97fb905e8b76\n - name: lamb-made\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-made-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-lamb-made-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-made-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-made-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-lamb-made-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-made-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/lambethmade\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/lambethmade.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/lambethmade.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(50 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(50 * * * ? *)\n prod: cron(50 * * * ? *)\n domain_names:\n prod:\n - lambethmade.org.uk\n - www.lambethmade.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/f5721e2d-a7eb-4dc4-8927-0b2c5eaaae4f\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/ad525abe-6ee7-4ba3-80f7-897a1483e0a1\n - name: lamb-tog\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-tog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-lamb-tog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-tog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-tog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-lamb-tog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-lamb-tog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/lambethtogether\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/lambethtogether.net\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/lambethtogether.net\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(51 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(51 * * * ? *)\n prod: cron(51 * * * ? *)\n domain_names:\n prod:\n - lambethtogether.net\n - www.lambethtogether.net\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/b79c3749-356c-4e19-935c-25e9e5276711\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/77dc3f3a-7ab4-4484-9e5f-a55e4313d385\n - name: natcen-scot\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-natcen-scot-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-natcen-scot-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-natcen-scot-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-natcen-scot-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/whatscotlandthinks\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/whatscotlandthinks.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/whatscotlandthinks.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(56 * * * ? *)\n prod: cron(56 * * * ? *)\n - name: natcen-uk\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-natcen-uk-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-natcen-uk-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-natcen-uk-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-natcen-uk-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/natcen\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/whatukthinks.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/whatukthinks.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(57 * * * ? *)\n prod: cron(57 * * * ? *)\n - name: nhs-england\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-admin/*\"\n - \"*/wp-login.php\"\n - \"*/wp-activate.php\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-nhs-england-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-content/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-nhs-england-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-nhs-england-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-admin/*\"\n - \"*/wp-login.php\"\n - \"*/wp-activate.php\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-nhs-england-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-content/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-nhs-england-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-nhs-england-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nhs-england\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/england.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/england.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(37 * * * ? *)\n prod: cron(37 * * * ? *)\n - name: nhs-ltp\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-nhs-ltp-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-nhs-ltp-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-nhs-ltp-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-nhs-ltp-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-nhs-ltp-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-nhs-ltp-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nhs-longtermplan\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/longtermplan.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/longtermplan.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(36 * * * ? *)\n prod: cron(36 * * * ? *)\n - name: ons-careers\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-careers-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-careers-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-careers-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-careers-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/ons-careers\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/careers.ons.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/careers.ons.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(58 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(58 * * * ? *)\n prod: cron(58 * * * ? *)\n domain_names:\n prod:\n - careers.ons.gov.uk\n - www.careers.ons.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/7453ab83-b47a-41e9-9b81-dc7390661c2a\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/04bbacba-9486-4c0b-bda4-7c73f581e792\n - name: ons-cop\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-cop-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ons-cop-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-cop-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-cop-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ons-cop-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-cop-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/ons-cop\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/code.statisticsauthority.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/code.statisticsauthority.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(59 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(59 * * * ? *)\n prod: cron(59 * * * ? *)\n domain_names:\n prod:\n - code.statisticsauthority.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/97b4a517-70f9-4ebc-be84-b238416994ab\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/504cb279-18c9-41af-992a-1f924d0b7431\n - name: ons-osr\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-osr-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ons-osr-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-osr-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-osr-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ons-osr-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-osr-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/ons-osr\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/osr.statisticsauthority.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/osr.statisticsauthority.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(2 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(2 * * * ? *)\n prod: cron(2 * * * ? *)\n domain_names:\n prod:\n - osr.statisticsauthority.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/97b4a517-70f9-4ebc-be84-b238416994ab\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/504cb279-18c9-41af-992a-1f924d0b7431\n - name: ons-uksa\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-uksa-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ons-uksa-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-uksa-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-uksa-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ons-uksa-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-uksa-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/ons-uksa\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/uksa.statisticsauthority.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/uksa.statisticsauthority.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(3 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(3 * * * ? *)\n prod: cron(3 * * * ? *)\n domain_names:\n prod:\n - uksa.statisticsauthority.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/97b4a517-70f9-4ebc-be84-b238416994ab\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/504cb279-18c9-41af-992a-1f924d0b7431\n - name: ons-www\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-www-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ons-www-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-www-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-www-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ons-www-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ons-www-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/ons-www\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/statisticsauthority.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/statisticsauthority.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(4 * * * ? *)\n prod: cron(4 * * * ? *)\n domain_names:\n prod:\n - statisticsauthority.gov.uk\n - www.statisticsauthority.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/97b4a517-70f9-4ebc-be84-b238416994ab\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/504cb279-18c9-41af-992a-1f924d0b7431\n - name: osdi\n cloudfront:\n create: false\n offline_page_http_status:\n 403: \"/index.html\"\n 404: \"/index.html\"\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/OSDI\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/\"\n container_port: 4000\n container_command:\n - \"./docker-entrypoint.sh\"\n - node\n - server.js\n domain_names:\n prod:\n - osdi.safetytechnetwork.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/a3a29e3c-d1ae-4fff-a86f-ca62a0e3ae9c\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/807a90ff-c7f0-47a4-b084-4770e037ed51\n - name: osteo-cpd\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-osteo-cpd-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-osteo-cpd-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-osteo-cpd-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-osteo-cpd-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-osteo-cpd-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-osteo-cpd-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/theme-goc-cpd\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/cpd.osteopathy.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/cpd.osteopathy.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(5 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(5 * * * ? *)\n prod: cron(5 * * * ? *)\n domain_names:\n prod:\n - cpd.osteopathy.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/dea9afb1-2a69-4c48-a4ae-9619d13e8c2b\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/789dd48f-da24-45c2-80f0-58736723d9b1\n - name: osteo-std\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-osteo-std-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-osteo-std-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-osteo-std-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-osteo-std-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/theme-goc\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/standards.osteopathy.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/standards.osteopathy.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(6 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(6 * * * ? *)\n prod: cron(6 * * * ? *)\n domain_names:\n prod:\n - standards.osteopathy.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/bad5841d-14b2-410d-bf27-ac82aadc03f8\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/d1540f6a-1fc5-4c0f-ac4a-4b28b84fc4a2\n - name: psaa\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-psaa-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-psaa-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-psaa-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-psaa-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-psaa-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-psaa-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/psaa\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/psaa.co.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/psaa.co.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(7 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(7 * * * ? *)\n prod: cron(7 * * * ? *)\n domain_names:\n prod:\n - psaa.co.uk\n - www.psaa.co.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/43a0c057-32e3-4c02-a207-3ba6343a9421\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/fcf67e02-aed9-4c84-b141-ae3156b7344a\n - name: psc\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-psc-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-psc-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-psc-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-psc-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-psc-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-psc-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/patientsafety\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/patientsafetycommissioner.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/patientsafetycommissioner.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1,31 * * * ? *)\n domain_names:\n prod:\n - patientsafetycommissioner.org.uk\n - www.patientsafetycommissioner.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/17a26551-f435-49ae-9148-bf27f2b8faa7\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/2f0efec8-f05f-4d05-8e8a-614b087146e9\n - name: refugee\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n bypass_protection:\n staging:\n enabled: true\n prod:\n enabled: true\n exclude_domains:\n - refugeecouncil.org.uk\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n - \"/intranet/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-refugee-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-refugee-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-refugee-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n - \"/intranet/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-refugee-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-refugee-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-refugee-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/refugeecouncil\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/refugeecouncil.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/refugeecouncil.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(8 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(8 * * * ? *)\n prod: cron(8 * * * ? *)\n - name: saluki-sub\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: false\n serve_from_subdirectory: \"/saluki-subdir-test\"\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/saluki-test-site\n buildspec: buildspec.yml\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/saluki-sub\"\n container_path: \"/var/www/html/wp-content/saluki-subdir-test/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(9 * * * ? *)\n prod: cron(9 * * * ? *)\n domain_names:\n prod:\n - saluki-test.prod.dxw-govpress.dalmatian.dxw.net\n staging:\n - saluki-test.staging.dxw-govpress.dalmatian.dxw.net\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/e1f69c83-61c8-4563-a586-946eb2383e57\n staging: arn:aws:acm:eu-west-2:666653442229:certificate/c6a8d832-9bfb-4e6c-a762-815f76e2a42c\n - name: saluki-test\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n blue_green:\n prod:\n enabled: true\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-saluki-test-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-saluki-test-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-saluki-test-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-saluki-test-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/saluki-test-site\n buildspec: buildspec.yml\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/saluki-test\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/saluki-test\"\n container_path: \"/var/www/html/wp-content/cache\"\n - name: clamav-lib\n host_path: \"/mnt/efs/clamav/lib\"\n container_path: \"/var/lib/clamav\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(10 * * * ? *)\n prod: cron(10 * * * ? *)\n - name: settle\n cloudfront:\n create: true\n custom_origins:\n staging:\n - origin: settle-reports-staging.s3.amazonaws.com\n id: settle-reports-staging\n prod:\n - origin: settle-reports-prod.s3.amazonaws.com\n id: settle-reports-prod\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/reports/*\"\n target_origin_id: settle-reports-staging\n min_ttl: 1200\n default_ttl: 3600\n max_ttl: 86400\n forwarded_headers:\n - Origin\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-settle-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-settle-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-settle-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/reports/*\"\n target_origin_id: settle-reports-prod\n min_ttl: 1200\n default_ttl: 3600\n max_ttl: 86400\n forwarded_headers:\n - Origin\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-settle-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-settle-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-settle-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/settle\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/settlegroup.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(11 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(11 * * * ? *)\n prod: cron(11 * * * ? *)\n domain_names:\n prod:\n - settlegroup.org.uk\n - www.settlegroup.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/69f6a461-4ba1-4d0b-97db-400ef88d58b7\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/988bc491-9d56-410b-9633-ae1c8b2489b9\n - name: stg-aos\n launch_on:\n - staging\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/sghaos\n buildspec: dalmatian_core_buildspec_saluki\n serve_from_subdirectory: \"/aos\"\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/stgeorges.nhs.uk-aos\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/stgeorges.nhs.uk-aos\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(12 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(12 * * * ? *)\n prod: cron(12 * * * ? *)\n domain_names:\n staging:\n - stg.staging.dxw-govpress.dalmatian.dxw.net\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:666653442229:certificate/f354f2bc-3a32-46d0-8d28-e3294efe8f2e\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:666653442229:certificate/2fb9861d-56e3-4b7f-86aa-1821052ba3f9\n - name: stg\n launch_on:\n - staging\n cloudfront:\n create: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-stg-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-stg-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-stg-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-stg-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/stghpress\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/stgeorges.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/stgeorges.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(13 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(13 * * * ? *)\n prod: cron(13 * * * ? *)\n - name: tke\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-tke-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-tke-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-tke-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-tke-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-tke-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-tke-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/trade-knowledge\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/trade-knowledge.net\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/trade-knowledge.net\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(15 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(15 * * * ? *)\n prod: cron(15 * * * ? *)\n domain_names:\n prod:\n - trade-knowledge.net\n - www.trade-knowledge.net\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/87bd0353-503b-4f8a-90e0-85e6463cc850\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/3e5d23ed-2268-4cb5-9a01-642df5bed64d\n - name: ukaea\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ukaea-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ukaea-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ukaea-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ukaea-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-ukaea-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-ukaea-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/ukaea\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/ukaea.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/ukaea.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1,31 * * * ? *)\n domain_names:\n prod:\n - www.ukaea.org\n - ukaea.org\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/394776bf-e26a-45ea-8338-44ddcbd13126\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/4522e14a-be54-41b2-ad61-c0da44d1b0d1\n - name: unialliance\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_origins:\n prod:\n - origin: dta.unialliance.ac.uk\n id: external-dta-endpoint\n origin_read_timeout: '60'\n origin_keepalive_timeout: '60'\n staging:\n - origin: dta.unialliance.ac.uk\n id: external-dta-endpoint\n origin_read_timeout: '60'\n origin_keepalive_timeout: '60'\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/dta/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: external-dta-endpoint\n min_ttl: 0\n default_ttl: 0\n max_ttl: 0\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-admin/*\"\n - \"*/wp-login.php\"\n - \"*/wp-activate.php\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-unialliance-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-content/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-unialliance-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-unialliance-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/dta/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: external-dta-endpoint\n min_ttl: 0\n default_ttl: 0\n max_ttl: 0\n managed_cache_policy: CachingDisabled\n managed_origin_policy: AllViewerExceptHostHeader\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-admin/*\"\n - \"*/wp-login.php\"\n - \"*/wp-activate.php\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-unialliance-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-content/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-unialliance-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-unialliance-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/uatheme\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/unialliance.ac.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/unialliance.ac.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(18 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(18 * * * ? *)\n prod: cron(18 * * * ? *)\n domain_names:\n prod:\n - unialliance.ac.uk\n - www.unialliance.ac.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/a3f4d488-fc56-49f6-8cc4-728abc5355c8\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/614c473f-00fa-44bb-9fe1-cc3e5c25455a\n - name: unimyths\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-unimyths-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-unimyths-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-unimyths-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-unimyths-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-unimyths-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-unimyths-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/uatheme\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/unimythsbusted.co.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/unimythsbusted.co.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1,31 * * * ? *)\n domain_names:\n prod:\n - unimythsbusted.co.uk\n - unimythsbusted.com\n - www.unimythsbusted.co.uk\n - www.unimythsbusted.com\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/9f777f92-86db-44d6-9a89-a4336a779e6e\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/eae06d0f-cea0-4493-9922-a6a9231e8e9b\n - name: v-to-c\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-v-to-c-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-v-to-c-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-v-to-c-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-v-to-c-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-v-to-c-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-v-to-c-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/valleys-to-coast\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/v2c.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(19 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(19 * * * ? *)\n prod: cron(19 * * * ? *)\n domain_names:\n prod:\n - valleystocoast.wales\n - www.valleystocoast.wales\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/ab2582ed-9b8d-4ace-96c0-3db48ba6d2ec\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/144d0ea2-2972-4db2-a4ad-28d72ba7a7b4\n - name: v2c-llanw\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-v2c-llanw-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-v2c-llanw-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-v2c-llanw-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-v2c-llanw-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-v2c-llanw-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-v2c-llanw-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/v2c-llanw-wales\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/llanw.wales\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/llanw.wales\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(20 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(20 * * * ? *)\n prod: cron(20 * * * ? *)\n domain_names:\n prod:\n - llanw.wales\n - www.llanw.wales\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/06ee2831-6f01-4e46-8900-1bebc6ea2409\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/42ea778c-ccea-4df7-9c12-7548ed6bf482\n - name: younghack\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-younghack-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-younghack-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-younghack-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-younghack-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-younghack-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-younghack-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/younghackney\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/younghackney.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/younghackney.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(21 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(21 * * * ? *)\n prod: cron(21 * * * ? *)\n domain_names:\n prod:\n - www.younghackney.org\n - younghackney.org\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/bd646a43-c842-4f14-8da0-4d2f42264358\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/27e496aa-1a07-43d1-b8bd-536cc0b704b8\n dxw-pentest:\n account_id: '932446864135'\n cluster:\n create: true\n rds:\n - identifier: pentestvone\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: '8.0'\n db_name: saluki\n shared_loadbalancer:\n - name: shared-1\n in_use_by:\n - saluki\n environments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs7.papertrailapp.com:34880\n min_servers: 2\n max_servers: 4\n enable_ecs_vpc_flow_logs: true\n services:\n - name: saluki\n monitoring:\n staging:\n opsgenie_alerts:\n enabled: false\n blue_green:\n staging:\n enabled: true\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-pentest-saluki-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-pentest-saluki-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/saluki-test-site\n buildspec: buildspec.yml\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/saluki\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/saluki\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(10 * * * ? *)\n esht:\n account_id: '975049938928'\n cluster:\n create: true\n environments:\n prod:\n track_revision: main\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:53372\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n syslog_papertrail_endpoint: logs3.papertrailapp.com:53372\n aurora:\n - identifier: sqlcluster\n minimum_size:\n prod: 1\n maximum_size:\n prod: 4\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: sqlcluster\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - esht-1\n shared_loadbalancer:\n - name: esht-1\n global_accelerator:\n prod: true\n in_use_by:\n - web\n - me\n services:\n - name: me\n launch_on:\n - prod\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: false\n serve_from_subdirectory: \"/medical-education\"\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/esht-meded\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/esht.nhs.uk-medical-education\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/esht.nhs.uk-medical-education\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - esht.nhs.uk\n - www.esht.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:975049938928:certificate/b7080462-1309-4dee-acde-6a7f81fee747\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:975049938928:certificate/3e152cda-0aa2-4043-9c4c-b57892ea4dfb\n - name: web\n launch_on:\n - prod\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: esht-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: esht-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: esht-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/esht\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/esht.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/esht.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - www.esht.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:975049938928:certificate/b7080462-1309-4dee-acde-6a7f81fee747\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:975049938928:certificate/3e152cda-0aa2-4043-9c4c-b57892ea4dfb\n essex:\n account_id: '891376962999'\n hosted_zones:\n - domain: blog.essex.gov.uk\n alias_records:\n - name: blog.essex.gov.uk\n value: d16gq7a9298jsj.cloudfront.net.\n cname_records:\n - name: \"*.blog.essex.gov.uk\"\n value: d16gq7a9298jsj.cloudfront.net.\n - name: _3aa03a52a3f52f6af532577306622f9f.blog.essex.gov.uk\n value: _17efa8c2971fb5d6e23282a56346be29.sdgjtdhdhz.acm-validations.aws.\n - name: _82a9e6aa4d5a9993072e29b62b716e99.blog.essex.gov.uk\n value: _dbe414267cdbe380ba4ef1c0801ff718.acm-validations.aws.\n rds:\n - identifier: essex\n instance_class:\n prod: db.t3.medium\n engine: mysql\n engine_version: 8.0.42\n db_name: essex\n cluster:\n create: true\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - essex-1\n shared_loadbalancer:\n - name: essex-1\n global_accelerator:\n prod: true\n in_use_by:\n - blog\n environments:\n prod:\n track_revision: main\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:18460\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 3\n max_servers: 6\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/blog.essex.gov.uk\n syslog_papertrail_endpoint: logs3.papertrailapp.com:18460\n services:\n - name: blog\n launch_on:\n - prod\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n - \"/subscribe/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: essex-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: essex-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: essex-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/essex-blogs\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/blog.essex.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/blog.essex.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n prod: cron(35 * * * ? *)\n workers:\n - name: dxw-digest\n container_command:\n - \"/usr/local/bin/run-wp-worker.sh\"\n - \"/var/www/html/wp-content/plugins/dxw-digest/bin/cmd.php\"\n - \"/var/www/html/wp-load.php\"\n container_count: '1'\n domain_names:\n prod:\n - blog.essex.gov.uk\n - \"*.blog.essex.gov.uk\"\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:891376962999:certificate/47c96c5b-af17-471e-89fc-bc403a7fbc32\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:891376962999:certificate/d41dd9ff-7041-4c85-8130-02278ccee769\n fcdo:\n account_id: '799898416595'\n cluster:\n create: true\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 4\n max_servers: 4\n logspout_command:\n - syslog+tls://logs2.papertrailapp.com:48502\n enable_efs: 'true'\n syslog_papertrail_endpoint: logs2.papertrailapp.com:48502\n aurora:\n - identifier: sqlcluster\n minimum_size:\n staging: 0.5\n prod: 2\n maximum_size:\n staging: 2\n prod: 4\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: sqlcluster\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - \"/wp-admin/admin-ajax.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - fcdo-1\n shared_loadbalancer:\n - name: fcdo-1\n global_accelerator:\n prod: true\n in_use_by:\n - blogs\n - lancaster\n - stories\n - protocol\n services:\n - name: blogs\n launch_on:\n - prod\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n redirects:\n - from_hostname_pattern: www.blogs.fcdo.gov.uk\n from_path_pattern: \"/*\"\n to_hostname: blogs.fcdo.gov.uk\n to_path: \"/$${path}\"\n - from_hostname_pattern: www.blogs.fco.gov.uk\n from_path_pattern: \"/*\"\n to_hostname: blogs.fcdo.gov.uk\n to_path: \"/$${path}\"\n - from_hostname_pattern: blogs.fco.gov.uk\n from_path_pattern: \"/*\"\n to_hostname: blogs.fcdo.gov.uk\n to_path: \"/$${path}\"\n associate_with_default_behaviour:\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: fcdo-blogs-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-content/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: fcdo-blogs-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fcoblogs\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/blogs.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/blogs.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - blogs.fcdo.gov.uk\n - blogs.fco.gov.uk\n - www.blogs.fco.gov.uk\n - www.blogs.fcdo.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:799898416595:certificate/e3b63a18-032f-4fca-8128-cf3b5ea9fd9e\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:799898416595:certificate/738d15d8-1856-451b-afb8-9c21f6271af1\n - name: lancaster\n launch_on:\n - prod\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fco-lancasterhouse\n serve_from_subdirectory: \"/lancasterhouse\"\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/lancaster.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/lancaster.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - blogs.fcdo.gov.uk\n - blogs.fco.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:799898416595:certificate/e3b63a18-032f-4fca-8128-cf3b5ea9fd9e\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:799898416595:certificate/738d15d8-1856-451b-afb8-9c21f6271af1\n - name: protocol\n launch_on:\n - prod\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: fcdo-protocol-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fcodigital\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/protocol.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/protocol.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - protocol.fcdo.gov.uk\n - protocol.fco.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:799898416595:certificate/f7d91ae9-3296-4ee3-9b3a-4f5054b3c6b8\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:799898416595:certificate/e1f6ae8b-0d2b-4869-a097-ee72cbb3030e\n - name: stories\n launch_on:\n - prod\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/fcolf2018\n serve_from_subdirectory: \"/stories\"\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/stories.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/stories.fcdo.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - blogs.fcdo.gov.uk\n - blogs.fco.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:799898416595:certificate/e3b63a18-032f-4fca-8128-cf3b5ea9fd9e\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:799898416595:certificate/738d15d8-1856-451b-afb8-9c21f6271af1\n gds:\n account_id: '841480728064'\n cluster:\n create: true\n aurora:\n - identifier: cluster1\n minimum_size:\n staging: 0.5\n prod: 2\n maximum_size:\n staging: 2\n prod: 45\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: cluster1\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - gds-1\n shared_loadbalancer:\n - name: gds-1\n global_accelerator:\n prod: true\n in_use_by:\n - blog\n - campaign\n - blogdev\n environments:\n prod:\n track_revision: main\n logspout_command:\n - syslog+tls://logs6.papertrailapp.com:18341\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 6\n max_servers: 12\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/blog.gov.uk\n - wp-cache/blog.gov.uk\n - wp-uploads/campaign.gov.uk\n - wp-cache/campaign.gov.uk\n - wp-uploads/dev.blog.gov.uk\n - wp-cache/dev.blog.gov.uk\n syslog_papertrail_endpoint: logs6.papertrailapp.com:18341\n staging:\n track_revision: develop\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:16852\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/blog.gov.uk\n - wp-cache/blog.gov.uk\n - wp-uploads/campaign.gov.uk\n - wp-cache/campaign.gov.uk\n - wp-uploads/dev.blog.gov.uk\n - wp-cache/dev.blog.gov.uk\n syslog_papertrail_endpoint: logs4.papertrailapp.com:16852\n services:\n - name: blog\n enable_max_one_container_per_instance: false\n launch_on:\n - staging\n - prod\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: true\n cloudfront_5xx:\n enabled: true\n threshold: '95'\n evaluation_periods: '5'\n ghost_inspector:\n enabled: false\n cloudfront:\n create: false\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/gds-blogs\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_count: '6'\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/blog.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/blog.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n - name: clamav-lib\n host_path: \"/mnt/efs/clamav/lib\"\n container_path: \"/var/lib/clamav\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(21 * * * ? *)\n prod: cron(21 * * * ? *)\n workers:\n - name: dxw-digest\n container_command:\n - \"/usr/local/bin/run-wp-worker.sh\"\n - \"/var/www/html/wp-content/plugins/dxw-digest/bin/cmd.php\"\n - \"/var/www/html/wp-load.php\"\n container_count: 1\n - name: dxw-comment-notifications\n container_command:\n - \"/usr/local/bin/run-wp-worker.sh\"\n - \"/var/www/html/wp-content/plugins/dxw-comment-notifications/bin/cmd.php\"\n - \"/var/www/html/wp-load.php\"\n container_count: 1\n domain_names:\n prod:\n - blog.gov.uk\n - \"*.blog.gov.uk\"\n staging:\n - blog.staging.gds.dalmatian.dxw.net\n - \"*.blog.staging.gds.dalmatian.dxw.net\"\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:841480728064:certificate/9c71c86f-12e8-428e-bfea-89738b3c6edd\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:841480728064:certificate/64529a20-300b-4eb2-9e2c-5ef4c64c7a7a\n - name: blogdev\n launch_on:\n - staging\n cloudfront:\n create: true\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-blogdev-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-blogdev-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-blogdev-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-blogdev-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/gds-blogs\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_count: '1'\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/dev.blog.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/dev.blog.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n - name: clamav-lib\n host_path: \"/mnt/efs/clamav/lib\"\n container_path: \"/var/lib/clamav\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(21 * * * ? *)\n workers:\n - name: dxw-virus-scanner\n container_command:\n - \"/usr/local/bin/run-wp-worker.sh\"\n - \"/var/www/html/wp-content/plugins/dxw-virus-scanner/bin/cmd.php\"\n - \"/var/www/html/wp-load.php\"\n container_count: 1\n - name: campaign\n enable_max_one_container_per_instance: false\n launch_on:\n - staging\n - prod\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: true\n cloudfront_5xx:\n enabled: true\n threshold: '95'\n evaluation_periods: '5'\n ghost_inspector:\n enabled: false\n cloudfront:\n create: false\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-campaign-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-campaign-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-campaign-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: gds-campaign-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/gds-campaigns\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '4'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/campaign.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/campaign.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n - name: clamav-lib\n host_path: \"/mnt/efs/clamav/lib\"\n container_path: \"/var/lib/clamav\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(41 * * * ? *)\n prod: cron(41 * * * ? *)\n domain_names:\n prod:\n - campaign.gov.uk\n - \"*.campaign.gov.uk\"\n staging:\n - campaign.staging.gds.dalmatian.dxw.net\n - \"*.campaign.staging.gds.dalmatian.dxw.net\"\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:841480728064:certificate/6320dd93-46e7-41fa-8379-85b4b6a8c4fa\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:841480728064:certificate/59a65658-238c-47ef-b4b1-75c9873c3a28\n judiciary-int:\n account_id: '571543455290'\n cluster:\n create: true\n aurora:\n - identifier: intranet\n minimum_size:\n staging: 0.5\n prod: 4\n maximum_size:\n staging: 3\n prod: 8\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: intranet\n opensearch_cluster:\n - identifier: judiciary-int\n in_use_by:\n - intranet\n version: 3.1\n master_enabled: false\n instance_count: 3\n instance_type: t3.small.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - intranet\n environments:\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs.papertrailapp.com:26052\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/intranet.judiciary.uk\n syslog_papertrail_endpoint: logs.papertrailapp.com:26052\n prod:\n track_revision: main\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 3\n max_servers: 3\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:17321\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/intranet.judiciary.uk\n syslog_papertrail_endpoint: logs3.papertrailapp.com:17321\n services:\n - name: intranet\n enable_max_one_container_per_instance: false\n cloudfront:\n create: true\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n - \"/wp-admin/css/*\"\n - \"/wp-admin/js/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: judiciary-int-intranet-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n - \"/openid-connect-authorize\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: judiciary-int-intranet-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n prod:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n - \"/wp-admin/css/*\"\n - \"/wp-admin/js/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: judiciary-int-intranet-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n - \"/openid-connect-authorize\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: judiciary-int-intranet-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/judiciary-intranet\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '4'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/intranet.judiciary.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(2,32 * * * ? *)\n prod: cron(1,21,41 * * * ? *)\n domain_names:\n prod:\n - intranet.judiciary.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:571543455290:certificate/716052c2-b384-48f4-9b01-eba1f67a20f6\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:571543455290:certificate/0a3b8dee-3e50-4cf5-8bdf-89a2060a239b\n judiciary:\n account_id: '571543455290'\n cluster:\n create: true\n rds:\n - identifier: judiciary\n instance_class:\n staging: db.t3.small\n prod: db.t3.large\n engine: mysql\n engine_version: 8.0.42\n db_name: judiciary\n opensearch_cluster:\n - identifier: judiciary\n in_use_by:\n - web\n version: 3.1\n master_enabled: false\n instance_count: 3\n instance_type: t3.small.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - \"/wp-json/\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - web\n environments:\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs.papertrailapp.com:26052\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/judiciary.uk\n syslog_papertrail_endpoint: logs.papertrailapp.com:26052\n prod:\n track_revision: main\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 3\n max_servers: 3\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:17321\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/judiciary.uk\n syslog_papertrail_endpoint: logs3.papertrailapp.com:17321\n services:\n - name: web\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: true\n cloudfront_5xx:\n enabled: true\n threshold: '95'\n evaluation_periods: '5'\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: judiciary-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: judiciary-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: judiciary-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wp-settings-*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: judiciary-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: judiciary-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: judiciary-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wp-settings-*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/judiciary\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/judiciary.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(2,32 * * * ? *)\n prod: cron(1,20,40 * * * ? *)\n domain_names:\n prod:\n - www.judiciary.uk\n - judiciary.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:571543455290:certificate/bb46bffe-d621-440b-81c3-aaad0a5a250c\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:571543455290:certificate/bc5921b8-bb48-4fb7-a1c6-180f348de4a5\n mettvh:\n account_id: '876401144910'\n cluster:\n create: true\n waf:\n - name: default\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n rds:\n - identifier: web\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: postgres\n engine_version: '16.8'\n db_name: web\n force_ssl: true\n in_use_by:\n - web\n - identifier: mid\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: postgres\n engine_version: '16.8'\n db_name: mid\n force_ssl: true\n in_use_by:\n - mid\n elasticache_cluster:\n - identifier: redis\n node_type: cache.t3.small\n node_count: 2\n engine: redis\n engine_version: 7.1\n parameters:\n - name: databases\n value: '32'\n in_use_by:\n - web\n - mid\n shared_loadbalancer:\n - name: web\n ssl_policy: ELBSecurityPolicy-TLS13-1-2-2021-06\n in_use_by:\n - web\n - web-test-01\n - web-test-02\n - name: mid\n internal: true\n ssl_policy: ELBSecurityPolicy-TLS13-1-2-2021-06\n in_use_by:\n - mid\n - mid-test-01\n - mid-test-02\n subnets_name: extra_private_subnets\n ip_whitelist:\n - name: VPC CIDR\n cidr: 172.24.24.0/21\n - name: VPC CIDR prod\n cidr: 172.24.40.0/21\n environments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n max_instance_lifetime: 2592000\n ecs_instance_refresh_lambda_schedule_expression: cron(0 1 * * ? *)\n min_servers: 2\n max_servers: 4\n ecs_egress_rules:\n - name: HTTPS to extra private subnet 1\n port: '443'\n cidr: 172.24.30.0/24\n - name: HTTPS to extra private subnet 2\n port: '443'\n cidr: 172.24.31.0/24\n extra_ecs_clusters:\n - name: mid\n subnets_name: extra_private_subnets\n min_servers: 2\n max_servers: 4\n instance_type: t3.medium\n max_instance_lifetime: 2592000\n docker_storage_size: 40\n ecs_egress_lockdown: true\n ecs_egress_rules:\n - name: MSSSQL to Peering connection cidr\n port: '1433'\n cidr: 172.24.32.0/21\n - name: MSSSQL to VPN destination cidr\n port: '1433'\n cidr: 172.16.0.0/23\n - name: HTTPS to 172.21.1.12\n port: '443'\n cidr: 172.21.1.12/32\n cidr: 172.24.24.0/21\n vpc_peering_connections:\n tvh:\n account_id: '538863186945'\n vpc_id: vpc-0282f07a0a9fd8b38\n ecs_subnet_routes:\n - extra_private_subnets\n - ecs_private_subnets\n destination_cidr_block: 172.24.32.0/21\n ecs_egress_lockdown: true\n ecs_private_subnets:\n - availability_zone: eu-west-2a\n cidr: 172.24.28.0/24\n - availability_zone: eu-west-2b\n cidr: 172.24.29.0/24\n extra_private_subnets:\n - availability_zone: eu-west-2a\n cidr: 172.24.30.0/24\n - availability_zone: eu-west-2b\n cidr: 172.24.31.0/24\n extra_public_subnets:\n - availability_zone: eu-west-2a\n cidr: 172.24.24.0/24\n - availability_zone: eu-west-2b\n cidr: 172.24.25.0/24\n - availability_zone: eu-west-2c\n cidr: 172.24.27.0/24\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:43015\n logspout_envars:\n - name: SYSLOG_HOSTNAME\n value: \"{{.ContainerName}}\"\n - name: SYSLOG_TAG\n value: \"{{.Container.Config.Hostname}}\"\n tinyproxy:\n create: true\n enable_cognito_auth: true\n syslog_papertrail_endpoint: logs4.papertrailapp.com:43015\n prod:\n track_revision: master\n instance_type: t3.medium\n max_instance_lifetime: 2592000\n ecs_instance_refresh_lambda_schedule_expression: cron(0 1 ? * 1 *)\n min_servers: 3\n max_servers: 5\n ecs_egress_rules:\n - name: HTTPS to extra private subnet 1\n port: '443'\n cidr: 172.24.46.0/24\n - name: HTTPS to extra private subnet 2\n port: '443'\n cidr: 172.24.47.0/24\n extra_ecs_clusters:\n - name: mid\n subnets_name: extra_private_subnets\n min_servers: 3\n max_servers: 5\n instance_type: t3.medium\n max_instance_lifetime: 2592000\n docker_storage_size: 40\n ecs_egress_lockdown: true\n ecs_egress_rules:\n - name: MSSSQL to Peering connection cidr\n port: '1433'\n cidr: 172.24.48.0/21\n - name: MSSSQL to VPN destination cidr\n port: '1433'\n cidr: 172.16.0.0/23\n - name: HTTPS to 172.21.1.12\n port: '443'\n cidr: 172.21.1.12/32\n - name: HTTPS to 172.21.1.10\n port: '443'\n cidr: 172.21.1.10/32\n cidr: 172.24.40.0/21\n vpc_peering_connections:\n tvh:\n account_id: '538863186945'\n vpc_id: vpc-088ee07b7728abef2\n ecs_subnet_routes:\n - extra_private_subnets\n destination_cidr_block: 172.24.48.0/21\n ecs_egress_lockdown: true\n ecs_private_subnets:\n - availability_zone: eu-west-2a\n cidr: 172.24.44.0/24\n - availability_zone: eu-west-2b\n cidr: 172.24.45.0/24\n extra_private_subnets:\n - availability_zone: eu-west-2a\n cidr: 172.24.46.0/24\n - availability_zone: eu-west-2b\n cidr: 172.24.47.0/24\n extra_public_subnets:\n - availability_zone: eu-west-2a\n cidr: 172.24.40.0/24\n - availability_zone: eu-west-2b\n cidr: 172.24.41.0/24\n - availability_zone: eu-west-2c\n cidr: 172.24.43.0/24\n syslog_papertrail_endpoint: logs6.papertrailapp.com:49292\n logspout_command:\n - syslog+tls://logs6.papertrailapp.com:49292\n logspout_envars:\n - name: SYSLOG_HOSTNAME\n value: \"{{.ContainerName}}\"\n - name: SYSLOG_TAG\n value: \"{{.Container.Config.Hostname}}\"\n tinyproxy:\n create: true\n services:\n - name: mid-test-01\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n prod:\n ghost_inspector:\n enabled: false\n launch_on:\n - staging\n launch_on_cluster: mid\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:thames-valley-housing/mytvh-mid\n custom_codestar_connection_arn: arn:aws:codestar-connections:eu-west-2:876401144910:connection/0329878f-0381-44d1-b4c8-3c7acb3c729b\n track_revision:\n staging: test-01\n buildspec: buildspec-dalmatian.yml\n container_port: 8080\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - puma\n deregistration_delay: 120\n proxy_configuration:\n staging:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n no_proxy:\n - 172.21.1.12\n - met-prd-vm-db02.metropolitan.org.uk\n prod:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n no_proxy: []\n - name: mid-test-02\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n prod:\n ghost_inspector:\n enabled: false\n launch_on:\n - staging\n launch_on_cluster: mid\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:thames-valley-housing/mytvh-mid\n custom_codestar_connection_arn: arn:aws:codestar-connections:eu-west-2:876401144910:connection/0329878f-0381-44d1-b4c8-3c7acb3c729b\n track_revision:\n staging: test-02\n buildspec: buildspec-dalmatian.yml\n container_port: 8080\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - puma\n deregistration_delay: 120\n proxy_configuration:\n staging:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n no_proxy:\n - 172.21.1.12\n - met-prd-vm-db02.metropolitan.org.uk\n prod:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n no_proxy: []\n - name: mid\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n prod:\n ghost_inspector:\n enabled: false\n launch_on_cluster: mid\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:thames-valley-housing/mytvh-mid\n custom_codestar_connection_arn: arn:aws:codestar-connections:eu-west-2:876401144910:connection/0329878f-0381-44d1-b4c8-3c7acb3c729b\n buildspec: buildspec-dalmatian.yml\n container_extra_hosts:\n - hostname: met-prd-vm-db02.metropolitan.org.uk\n ipAddress: 172.21.1.12\n - hostname: met-prd-vm-db01.metropolitan.org.uk\n ipAddress: 172.21.1.10\n container_port: 8080\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - puma\n container_count: 3\n deregistration_delay: 120\n proxy_configuration:\n staging:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n no_proxy:\n - 172.21.1.12\n - met-prd-vm-db02.metropolitan.org.uk\n prod:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n no_proxy:\n - 172.21.1.10\n - name: web-test-01\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n prod:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n basic_auth:\n staging: true\n basic_auth_users_extra:\n tvh: 30256d88799fb775d2067abfb8a7ef9413795e62dc4ed589b439ac3cebf3bad48b70993df66df45b246044caebbd7898a73b6aa0b2ac510333df119c50673d0163e28d888da62893a34c2197c27772504f00e07297021ce9e85afe1b61f75a51\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/api/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: mettvh-web-test-01-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n basic_auth_bypass: true\n launch_on:\n - staging\n image_source: build_from_github_repo\n image_location: git@github.com:thames-valley-housing/mytvh-web\n custom_codestar_connection_arn: arn:aws:codestar-connections:eu-west-2:876401144910:connection/0329878f-0381-44d1-b4c8-3c7acb3c729b\n track_revision:\n staging: test-01\n buildspec: buildspec-dalmatian.yml\n container_port: 3000\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - puma\n deregistration_delay: 120\n proxy_configuration:\n staging:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n prod:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n workers:\n - name: sidekiq\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - sidekiq\n - name: web-test-02\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n prod:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n basic_auth:\n staging: true\n basic_auth_users_extra:\n tvh: 30256d88799fb775d2067abfb8a7ef9413795e62dc4ed589b439ac3cebf3bad48b70993df66df45b246044caebbd7898a73b6aa0b2ac510333df119c50673d0163e28d888da62893a34c2197c27772504f00e07297021ce9e85afe1b61f75a51\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/api/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: mettvh-web-test-02-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n basic_auth_bypass: true\n launch_on:\n - staging\n image_source: build_from_github_repo\n image_location: git@github.com:thames-valley-housing/mytvh-web\n custom_codestar_connection_arn: arn:aws:codestar-connections:eu-west-2:876401144910:connection/0329878f-0381-44d1-b4c8-3c7acb3c729b\n track_revision:\n staging: test-02\n buildspec: buildspec-dalmatian.yml\n container_port: 3000\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - puma\n deregistration_delay: 120\n proxy_configuration:\n staging:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n prod:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n workers:\n - name: sidekiq\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - sidekiq\n - name: web\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n prod:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n basic_auth:\n staging: true\n basic_auth_users_extra:\n tvh: 30256d88799fb775d2067abfb8a7ef9413795e62dc4ed589b439ac3cebf3bad48b70993df66df45b246044caebbd7898a73b6aa0b2ac510333df119c50673d0163e28d888da62893a34c2197c27772504f00e07297021ce9e85afe1b61f75a51\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/api/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: mettvh-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n basic_auth_bypass: true\n image_source: build_from_github_repo\n image_location: git@github.com:thames-valley-housing/mytvh-web\n custom_codestar_connection_arn: arn:aws:codestar-connections:eu-west-2:876401144910:connection/0329878f-0381-44d1-b4c8-3c7acb3c729b\n buildspec: buildspec-dalmatian.yml\n container_port: 3000\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - puma\n container_count: 3\n deregistration_delay: 120\n domain_names:\n prod:\n - mtvh.online\n - www.mtvh.online\n - my.tvha.co.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:876401144910:certificate/28e5c533-eed8-4239-9c54-c09741fcb10b\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:876401144910:certificate/029ad607-cc3d-4863-910d-1a77b168c88c\n proxy_configuration:\n staging:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n prod:\n https_proxy: dalmatian_tinyproxy\n http_proxy: dalmatian_tinyproxy\n workers:\n - name: sidekiq\n container_command:\n - \"./docker-entrypoint.sh\"\n - bundle\n - exec\n - sidekiq\n mtvh-gp:\n account_id: '966086556319'\n cluster:\n create: true\n aurora:\n - identifier: mtvhgp\n minimum_size:\n staging: 0.5\n prod: 2\n maximum_size:\n staging: 1\n prod: 4\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: mtvhgp\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - web\n environments:\n prod:\n track_revision: master\n instance_type: t3.medium\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:33211,syslog+tls://logs4.papertrailapp.com:34954\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/mtvh.co.uk\n syslog_papertrail_endpoint: logs3.papertrailapp.com:33211\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs5.papertrailapp.com:12793,syslog+tls://logs2.papertrailapp.com:13428\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/mtvh.co.uk\n syslog_papertrail_endpoint: logs5.papertrailapp.com:12793\n services:\n - name: web\n global_accelerator:\n prod: true\n staging: false\n cloudfront:\n create: true\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: mtvh-gp-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: mtvh-gp-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: mtvh-gp-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: mtvh-gp-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: mtvh-gp-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: mtvh-gp-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:thames-valley-housing/mtvh-website\n custom_codestar_connection_arn: arn:aws:codestar-connections:eu-west-2:966086556319:connection/eab73dca-18e0-4f8f-ba17-d942979eb73c\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/mtvh.co.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - www.mtvh.co.uk\n - mtvh.co.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:966086556319:certificate/aa833601-9e32-45ef-855d-0ebade9e2047\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:966086556319:certificate/286eeb4a-dcdd-4143-ae65-80e2bfb99cdc\n nao:\n account_id: '984225123583'\n cluster:\n create: true\n rds:\n - identifier: nao\n instance_class:\n prod: db.t3.large\n staging: db.t3.small\n engine: mysql\n engine_version: 8.0.42\n db_name: nao\n opensearch_cluster:\n - identifier: nao\n in_use_by:\n - web\n version: 3.3\n master_enabled: false\n instance_count: 3\n instance_type: t3.medium.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n elasticache_cluster:\n - identifier: rdscache\n in_use_by:\n - web\n node_type: cache.t3.medium\n node_count: 1\n engine: redis\n engine_version: 7.1\n parameters:\n - name: maxmemory-policy\n value: allkeys-lru\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - web\n - paf\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 3\n max_servers: 3\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:12011\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/nao.org.uk\n syslog_papertrail_endpoint: logs3.papertrailapp.com:12011\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs2.papertrailapp.com:29069\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/nao.org.uk\n syslog_papertrail_endpoint: logs2.papertrailapp.com:29069\n services:\n - name: paf\n enable_max_one_container_per_instance: false\n global_accelerator:\n prod: true\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nao-paf-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: nao-paf-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nao-paf-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nao-paf-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: nao-paf-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nao-paf-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nao-paf\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/public-audit-forum.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/public-audit-forum.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(2,32 * * * ? *)\n prod: cron(1,21,41 * * * ? *)\n domain_names:\n prod:\n - www.public-audit-forum.org.uk\n - public-audit-forum.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:984225123583:certificate/892f9ad9-e6db-42e7-8ae5-745c87a936ac\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:984225123583:certificate/fb31e844-daf4-4de8-8248-132136283a29\n - name: web\n enable_max_one_container_per_instance: false\n global_accelerator:\n prod: true\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nao-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: nao-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nao-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n staging:\n - path_patterns:\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nao-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: nao-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nao-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nao\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/nao.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/nao.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(2,32 * * * ? *)\n prod: cron(1,21,41 * * * ? *)\n domain_names:\n prod:\n - www.nao.org.uk\n - nao.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:984225123583:certificate/00caa030-91a6-40be-ad5d-0a8de6907b46\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:984225123583:certificate/e67a7a02-d0dd-49c8-a703-193c7a06145e\n natcen:\n account_id: '429334471753'\n cluster:\n create: true\n environments:\n prod:\n track_revision: main\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:24094\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n syslog_papertrail_endpoint: logs4.papertrailapp.com:24094\n rds:\n - identifier: natcenuk\n instance_class:\n prod: db.t3.small\n engine: mysql\n engine_version: 8.0.42\n storage_encrypted: false\n db_name: natcenuk\n - identifier: natcenscot\n instance_class:\n prod: db.t3.small\n engine: mysql\n engine_version: 8.0.42\n storage_encrypted: false\n db_name: natcenscot\n elasticache_cluster:\n - identifier: rdscache\n in_use_by:\n - natcen-uk\n - natcen-scot\n node_type: cache.t3.small\n node_count: 1\n engine: redis\n engine_version: 7.x\n parameters:\n - name: maxmemory-policy\n value: allkeys-lru\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - natcen-1\n shared_loadbalancer:\n - name: natcen-1\n global_accelerator:\n prod: true\n in_use_by:\n - natcen-uk\n - natcen-scot\n services:\n - name: natcen-scot\n launch_on:\n - prod\n cloudfront:\n create: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: natcen-natcen-scot-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/whatscotlandthinks\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/whatscotlandthinks.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/whatscotlandthinks.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - whatscotlandthinks.org\n - www.whatscotlandthinks.org\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:429334471753:certificate/fac4a190-69db-41b7-bcbc-9294541d8e33\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:429334471753:certificate/cf420223-8548-431e-bde3-36519c9f6f10\n - name: natcen-uk\n launch_on:\n - prod\n cloudfront:\n create: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: natcen-natcen-uk-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/natcen\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/whatukthinks.org\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/whatukthinks.org\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - whatukthinks.org\n - www.whatukthinks.org\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:429334471753:certificate/579a577e-cb6e-4406-b48e-9297c3b07675\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:429334471753:certificate/3f2e339c-a51f-4bc5-b13b-8678adb4f204\n nhs-england:\n account_id: '661178850043'\n cluster:\n create: true\n environments:\n prod:\n track_revision: main\n logspout_command:\n - syslog+tls://logs5.papertrailapp.com:36829\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 6\n max_servers: 12\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/england.nhs.uk\n - wp-uploads/longtermplan.nhs.uk\n syslog_papertrail_endpoint: logs5.papertrailapp.com:36829\n aurora:\n - identifier: cluster1\n minimum_size:\n staging: 0.5\n prod: 2\n maximum_size:\n staging: 2\n prod: 20\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: cluster1\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - nhs-england-1\n shared_loadbalancer:\n - name: nhs-england-1\n global_accelerator:\n prod: true\n in_use_by:\n - web\n - longterm\n opensearch_cluster:\n - identifier: nhsengland\n in_use_by:\n - web\n version: 3.1\n master_enabled: false\n instance_count: 3\n instance_type: t3.medium.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n services:\n - name: longterm\n launch_on:\n - prod\n enable_max_one_container_per_instance: false\n cloudfront:\n create: false\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nhs-england-longterm-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: nhs-england-longterm-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nhs-england-longterm-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nhs-longtermplan\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/longtermplan.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/longtermplan.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n prod: cron(36 * * * ? *)\n domain_names:\n prod:\n - www.longtermplan.nhs.uk\n - longtermplan.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:661178850043:certificate/91c7be31-4693-45bf-9bb4-38d1b9791669\n - name: web\n launch_on:\n - prod\n enable_max_one_container_per_instance: false\n cloudfront:\n create: false\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n prod: true\n origin_keepalive_timeout:\n prod: '60'\n origin_read_timeout:\n prod: '60'\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nhs-england-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: nhs-england-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: nhs-england-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nhs-england\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/england.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/england.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n prod: cron(37 * * * ? *)\n domain_names:\n prod:\n - england.nhs.uk\n - www.england.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:661178850043:certificate/f9baa46b-34ea-4202-bedf-d22af1d76638\n nhsx-website:\n account_id: '052666621102'\n cluster:\n create: true\n environments:\n staging:\n track_revision: dev\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:13977\n syslog_papertrail_endpoint: logs4.papertrailapp.com:13977\n prod:\n min_servers: 4\n max_servers: 6\n track_revision: master\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs6.papertrailapp.com:29476\n syslog_papertrail_endpoint: logs6.papertrailapp.com:29476\n waf:\n - name: waf\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n associations:\n service_loadbalancers:\n - web\n rds:\n - identifier: nhsxweb\n in_use_by:\n - web\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: postgres\n engine_version: 11.22-rds.20250508\n allocated_storage: 20\n storage_encrypted: false\n db_name: nhsxweb\n port: 5432\n maintenance_window: mon:19:00-mon:19:30\n backup_window: '09:00-10:00'\n parameter_store_path_db_url_name: DATABASE_URL\n elasticache_cluster:\n - identifier: nhsxweb\n in_use_by:\n - web\n node_type: cache.t3.small\n node_count: 1\n engine: redis\n engine_version: 6.x\n parameters:\n - name: maxmemory-policy\n value: allkeys-lru\n services:\n - name: web\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_origins:\n staging:\n - origin: nhsx-website-staging-media.s3.amazonaws.com\n id: S3-nhsx-website-staging-media\n prod:\n - origin: nhsx-website-prod-media.s3.amazonaws.com\n id: S3-nhsx-website-prod-media\n viewer_request_functions:\n - name: default\n redirects:\n - from_hostname_pattern: www.nhsx.nhs.uk\n from_path_pattern: \"/*\"\n to_hostname: transform.england.nhs.uk\n to_path: \"/$${path}\"\n - from_hostname_pattern: transform.england.nhs.uk\n from_path_pattern: \"/key-tools-and-info/procurement-frameworks/procurement-framework-strategy-recommendations/\"\n to_hostname: www.england.nhs.uk\n to_path: \"/nhs-commercial/central-commercial-function-ccf/procurement-framework-strategy-recommendations/\"\n - from_hostname_pattern: transform.england.nhs.uk\n from_path_pattern: \"/improvement/focusondiagnostics/\"\n to_hostname: transform.england.nhs.uk\n to_path: \"/focusondiagnostics/\"\n - from_hostname_pattern: transform.england.nhs.uk\n from_path_pattern: \"/key-tools-and-info/get-started-with-nhsx-digital-and-technology-assurance/\"\n to_hostname: transform.england.nhs.uk\n to_path: \"/key-tools-and-info/get-started-with-digital-and-technology-assurance/\"\n associate_with_default_behaviour:\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/media/*\"\n target_origin_id: S3-nhsx-website-staging-media\n min_ttl: 1200\n default_ttl: 21600\n max_ttl: 86400\n associate_viewer_request_function: ''\n prod:\n - path_patterns:\n - \"/media/*\"\n target_origin_id: S3-nhsx-website-prod-media\n min_ttl: 1200\n default_ttl: 21600\n max_ttl: 86400\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:nhsx/nhsx-website\n codepipeline_use_github_v1: true\n container_port: 8000\n health_check_path: \"/\"\n container_command:\n - \"./docker-entrypoint.sh\"\n - uwsgi\n - \"--static-map\"\n - \"/static=/usr/srv/app/static\"\n - \"--ini\"\n - \"/etc/uwsgi.ini\"\n scheduled_tasks:\n - name: publish_scheduled_pages\n command:\n - python /usr/srv/app/manage.py publish_scheduled_pages\n schedule_expression:\n staging: cron(1,31 * * * ? *)\n prod: cron(1,31 * * * ? *)\n domain_names:\n prod:\n - transform.england.nhs.uk\n - nhsx.nhs.uk\n - www.nhsx.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:052666621102:certificate/faf79347-a0e5-4892-98c2-786dc88c4287\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:052666621102:certificate/95c46f8d-35f9-4445-8048-89529c9fb119\n ons:\n account_id: '225709814079'\n cluster:\n create: true\n rds:\n - identifier: ons\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: 8.0.42\n db_name: ons\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - blog\n environments:\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs6.papertrailapp.com:16591\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/blog.ons.gov.uk\n syslog_papertrail_endpoint: logs6.papertrailapp.com:16591\n prod:\n track_revision: main\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs2.papertrailapp.com:46793\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/blog.ons.gov.uk\n syslog_papertrail_endpoint: logs2.papertrailapp.com:46793\n services:\n - name: blog\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: true\n cloudfront_5xx:\n enabled: true\n threshold: '95'\n evaluation_periods: '5'\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: ons-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: ons-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: ons-blog-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: ons-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: ons-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: ons-blog-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/ons-blog\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/blog.ons.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/blog.ons.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - blog.ons.gov.uk\n - digitalblog.ons.gov.uk\n - statsdiscovery.ons.gov.uk\n - datasciencecampus.ons.gov.uk\n - style.ons.gov.uk\n - backup.ons.gov.uk\n - wordpress.onsdigital.co.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:225709814079:certificate/515cd44f-df9d-4e8f-b797-13fa9e73d79a\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:225709814079:certificate/c69bd0dc-a8f4-449b-86cd-3c19a94de1f6\n rwm:\n account_id: '302222309765'\n cluster:\n create: true\n rds:\n - identifier: shared1\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: 8.0.42\n db_name: initial_db\n shared_loadbalancer:\n - name: shared-1\n global_accelerator:\n prod: true\n in_use_by:\n - wip\n - copeland\n - wg3\n - explore\n - nws\n - nws-wip\n - cumbria\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n exclude_rules:\n - SQLi_BODY\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n associations:\n shared_loadbalancers:\n - shared-1\n environments:\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 3\n max_servers: 3\n syslog_papertrail_endpoint: logs.papertrailapp.com:30404\n logspout_command:\n - syslog+tls://logs.papertrailapp.com:30404,syslog://20.77.41.194:514\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs:\n - wp-uploads/workinginpartnership.org.uk\n - wp-uploads/copeland.workinginpartnership.org.uk\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 3\n max_servers: 5\n syslog_papertrail_endpoint: logs6.papertrailapp.com:52396\n logspout_command:\n - syslog+tls://logs6.papertrailapp.com:52396,syslog://20.77.41.194:514\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs:\n - wp-uploads/workinginpartnership.org.uk\n - wp-uploads/copeland.workinginpartnership.org.uk\n services:\n - name: copeland\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-copeland-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-copeland-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-copeland-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-copeland-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-copeland-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-copeland-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/wip-copeland\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/copeland.workinginpartnership.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - copeland.workinginpartnership.org.uk\n - www.copeland.workinginpartnership.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/3414a485-7f1a-48e2-bb53-5bf112ba9c4a\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/86e23fa6-b14b-455f-8547-d5986dc959b5\n - name: cumbria\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-cumbria-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-cumbria-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-cumbria-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-cumbria-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-cumbria-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-cumbria-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nws\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/cumbria.workinginpartnership.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/cumbria.workinginpartnership.org.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1,31 * * * ? *)\n domain_names:\n prod:\n - cumbria.workinginpartnership.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/b8c4e2fa-2ce0-4b8c-9f58-fbf38952722c\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/6ed1a784-b985-4051-a3f5-697fa91c0027\n - name: explore\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-explore-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-explore-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-explore-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-explore-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-explore-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-explore-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/wip-explore\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/explore.workinginpartnership.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - explore.workinginpartnership.org.uk\n - www.explore.workinginpartnership.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/d9fba2f1-6902-4cea-8656-f358caa0bbdc\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/55b6a711-272f-4dd3-92b8-c3c85a6f3d79\n - name: nws-wip\n launch_on:\n - staging\n - prod\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-nws-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-nws-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nws-wip\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/multisite.workinginpartnership.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(2,32 * * * ? *)\n prod: cron(1,21,41 * * * ? *)\n domain_names:\n prod:\n - \"*.workinginpartnership.org.uk\"\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/ff35e592-9e68-472e-9aef-e629b973920a\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/7f2141d6-9f1d-4d44-bf78-9e6188a4f185\n - name: nws\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-nws-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-nws-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-nws-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/nws\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/nuclearwasteservices.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - nuclearwasteservices.uk\n - www.nuclearwasteservices.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/0ae4a9de-638e-4b2b-9b55-d5e067d1e099\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/771a5353-707e-4cb7-ac75-33eee52a7f1a\n - name: wg3\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wg3-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-wg3-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wg3-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wg3-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-wg3-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wg3-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/workinggroup3\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/wg3\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n - name: wip\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wip-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: rwm-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: rwm-wip-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/wip\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/workinginpartnership.org.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - workinginpartnership.org.uk\n - www.workinginpartnership.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:302222309765:certificate/e887f171-62bd-4f86-aaa2-a694b18387e7\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:302222309765:certificate/f788659d-a985-4378-8ead-6aa4b9ad6127\n stgeorges:\n account_id: '149524467025'\n cluster:\n create: true\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:30503\n enable_efs: 'true'\n syslog_papertrail_endpoint: logs4.papertrailapp.com:30503\n aurora:\n - identifier: sqlcluster\n minimum_size:\n staging: 0.5\n prod: 1\n maximum_size:\n staging: 2\n prod: 6\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: sqlcluster\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - stgeorges-1\n shared_loadbalancer:\n - name: stgeorges-1\n global_accelerator:\n prod: true\n in_use_by:\n - web\n - aos\n services:\n - name: aos\n launch_on:\n - prod\n cloudfront:\n create: false\n serve_from_subdirectory: \"/aos\"\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/sghaos\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/stgeorges.nhs.uk.aos\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/stgeorges.nhs.uk.aos\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - www.stgeorges.nhs.uk\n - stgeorges.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:149524467025:certificate/3bbd1e85-b7f8-431d-a1af-c9e552f8f4bb\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:149524467025:certificate/c727a06e-a61a-4541-ba12-eb9777a34155\n - name: web\n launch_on:\n - prod\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: stgeorges-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"*/wp-content/*\"\n - \"/wp-includes/*\"\n - \"*/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: stgeorges-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: stgeorges-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/stghpress\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/stgeorges.nhs.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/stgeorges.nhs.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - www.stgeorges.nhs.uk\n - stgeorges.nhs.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:149524467025:certificate/3bbd1e85-b7f8-431d-a1af-c9e552f8f4bb\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:149524467025:certificate/c727a06e-a61a-4541-ba12-eb9777a34155\n test-app:\n account_id: '511700466171'\n cluster:\n create: true\n rds:\n - identifier: bikeshed\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: 5.7.44\n storage_encrypted: false\n db_name: bikeshed\n codebuild_access:\n - test-service\n elasticache_cluster:\n - identifier: testredis\n in_use_by:\n - test-service\n engine: redis\n node_type: cache.t2.micro\n node_count: 1\n engine_version: 6.x\n port: 6379\n maintenance_window: mon:19:00-mon:22:00\n snapshot_window: '09:00-10:00'\n parameter_store_path_elasticache_cluster_url_name: REDIS_URL\n shared_loadbalancer:\n - name: test-shared\n in_use_by:\n - test-service\n s3:\n - name: test-app-bucket-staging\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - test-service-staging\n policy:\n staging:\n rw:\n services:\n - test-service\n environments:\n staging:\n track_revision: master\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs7.papertrailapp.com:34880\n min_servers: 2\n max_servers: 4\n enable_ecs_vpc_flow_logs: true\n services:\n - name: test-service\n blue_green:\n staging:\n enabled: true\n enable_max_one_container_per_instance: false\n monitoring:\n production:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n basic_auth:\n staging: true\n basic_auth_users_extra:\n test-user: 621138553c8384db4fd7b71e22ffe7e0d049230346e99412d29a249f7bf90e2403d26386bf5288a86ee7174ca007723490f0bcf19c6e1375f1edf25345f0611490221256f5edda8df0e8b16db80d33a38602982f5a4c22e4a1a1566162e9bd1a\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n ip_subnet_allow_list:\n - 54.76.254.148/32\n - name: redirects\n true_client_ip_header: true\n redirects:\n - from_hostname_pattern: dalmatian-test-app.dxw.net\n from_path_pattern: \"/dxw-redirect\"\n to_hostname: dxw.com\n to_path: \"/$${path}\"\n associate_with_default_behaviour:\n staging: true\n custom_origins:\n staging:\n - origin: test-media-staging.s3.amazonaws.com\n id: test-media-staging-s3\n - origin: test-app-bucket-staging.s3.amazonaws.com\n id: test-app-bucket-staging\n production:\n - origin: test-media-production.s3.amazonaws.com\n id: test-media-production-s3\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/media/*\"\n target_origin_id: test-media-staging-s3\n min_ttl: 1200\n default_ttl: 3600\n max_ttl: 86400\n associate_viewer_request_function: default\n - path_patterns:\n - \"/test/*\"\n target_origin_id: test-app-bucket-staging\n forwarded_headers:\n - Authorization\n min_ttl: 1200\n default_ttl: 3600\n max_ttl: 86400\n associate_viewer_request_function: default\n serve_from_subdirectory: \"/test-subdir\"\n domain_names:\n staging:\n - dalmatian-test-app.dxw.net\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/dalmatian-test-app\n codepipeline_use_github_v1: true\n codepipeline_codebuild_run_in_vpc: true\n buildspec: buildspec.yml\n container_port: 3100\n container_command:\n - \"/docker-entrypoint.sh\"\n - rails\n - server\n container_volumes:\n - name: test\n host_path: \"/mnt/test\"\n container_path: \"/test\"\n scheduled_tasks:\n - name: test-scheduled-task\n command:\n - echo\n - hello\n schedule_expression:\n staging: cron(0/15 * * * ? *)\n prod: cron(0/15 * * * ? *)\nparameter-store-path-prefix: \"/dalmatian-variables/\"", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "e84789e9-5d70-4aa4-b669-0abbfbdc9b47", "timestamp": "2026-02-20T17:55:52.682Z", "type": "gemini", "content": "I will search for `dxw-pentest` in the `dalmatian.yml` file within the `dalmatian` repository to see if it's defined there.", "thoughts": [ { "subject": "Locating the Target", "description": "I'm currently focused on the `dalmatian.yml` files, specifically within the `dalmatian` and `dalmatian-config` repositories. I was initially surprised not to find `dxw-pentest` listed in the first one, but now I'm checking the other file, hoping to find it there.", "timestamp": "2026-02-20T17:55:51.035Z" }, { "subject": "Verifying Configuration Location", "description": "I've examined the `dalmatian.yml` in the `dalmatian` repository again; `dxw-pentest` remains absent. My suspicion solidified – the critical configurations likely reside in `dalmatian-config`. I've confirmed the directory structure, noting the nested `dxw-pentest.yml` within the `infrastructures` directory inside `dalmatian-config`. This feels like the correct location.", "timestamp": "2026-02-20T17:55:52.543Z" } ], "tokens": { "input": 65104, "output": 59, "cached": 52070, "thoughts": 238, "tool": 0, "total": 65401 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "grep_search_1771610152678_0", "name": "grep_search", "args": { "pattern": "dxw-pentest", "file_path": "dalmatian.yml" }, "result": [ { "functionResponse": { "id": "grep_search_1771610152678_0", "name": "grep_search", "response": { "output": "No matches found for pattern \"dxw-pentest\" in path \".\"." } } } ], "status": "success", "timestamp": "2026-02-20T17:55:52.773Z", "resultDisplay": "No matches found", "displayName": "SearchText", "description": "Searches for a regular expression pattern within file contents. Max 100 matches.", "renderOutputAsMarkdown": true } ] }, { "id": "5202dfb6-b0d7-474c-87b2-7642e2e8ef95", "timestamp": "2026-02-20T17:55:56.173Z", "type": "gemini", "content": "I will read the `dalmatian.yml` file in the `dalmatian-config` repository to see how the infrastructures are defined and if they reference the individual YAML files in the `config/infrastructures/` directory.", "thoughts": [ { "subject": "Checking Dalmatian Files", "description": "I've confirmed that the configuration isn't where I initially expected it to be, specifically, not within the `dalmatian/dalmatian.yml` file. However, my search led me to `dalmatian-config/config/infrastructures/dxw-pentest.yml`. Interestingly, the `dalmatian-config` repository also has a `dalmatian.yml` at its root, so I'll examine that next.", "timestamp": "2026-02-20T17:55:56.051Z" } ], "tokens": { "input": 65179, "output": 80, "cached": 51879, "thoughts": 78, "tool": 0, "total": 65337 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "read_file_1771610156169_0", "name": "read_file", "args": { "file_path": "/Users/bob/git/dxw/dalmatian-config/dalmatian.yml" }, "result": [ { "functionResponse": { "id": "read_file_1771610156169_0", "name": "read_file", "response": { "output": "\nIMPORTANT: The file content has been truncated.\nStatus: Showing lines 1-2000 of 17944 total lines.\nAction: To read more of the file, you can use the 'offset' and 'limit' parameters in a subsequent 'read_file' call. For example, to read the next section of the file, use offset: 2000.\n\n--- FILE CONTENT (truncated) ---\n---\naccount-bootstrap:\n variables:\n region: eu-west-2\n root_domain_zone: dalmatian.dxw.net\n dalmatian_read_users:\n - ed\n - cristina\n - hippers\n - bob-read\n dalmatian_admin_users:\n - chris\n - bob\n - laura-admin\n - ed-admin\n - cristina-admin\n - olivia-admin\n - tomh-admin\n - isratc-admin\n - lorna-admin\n - nick-admin\n - stu-admin\n - rob-admin\n - anthony-admin\n - lee-admin\n - matty-admin\n - calum-admin\n - meyric-admin\n - brent-admin\n - serena-admin\n - dragon-admin\n - suze-admin\n - george-admin\n - matthew-admin\n - sim-admin\n - barryr-admin\n - jamesk-admin\n - ash-admin\n - sarah-admin\n - ynda-admin\n - patrick-admin\n - williamman-admin\nci:\n variables:\n region: eu-west-2\n prci_github_owner: dxw\n prci_github_repository: dalmatian\n prci_codebuild_compute_type: BUILD_GENERAL1_SMALL\n prci_codebuild_image: public.ecr.aws/q8n3y8x7/testing-terraform-docker:latest\n bpsp_source_branch: master\n bpbp_codebuild_compute_type: BUILD_GENERAL1_SMALL\n bpbp_codebuild_image: public.ecr.aws/q8n3y8x7/testing-terraform-docker:latest\ninfrastructure-defaults:\n variables:\n region: eu-west-2\n cidr: 10.0.0.0/16\n root_domain_zone: dalmatian.dxw.net\n internal_domain_zone: dalmatian.internal\n ecs_private_subnets:\n - availability_zone: eu-west-2a\n cidr: 10.0.128.0/24\n - availability_zone: eu-west-2b\n cidr: 10.0.129.0/24\n - availability_zone: eu-west-2c\n cidr: 10.0.130.0/24\n extra_public_subnets:\n - availability_zone: eu-west-2a\n cidr: 10.0.0.0/24\n - availability_zone: eu-west-2b\n cidr: 10.0.1.0/24\n - availability_zone: eu-west-2c\n cidr: 10.0.2.0/24\n instances_key_name: dalmatian-ecs-instances\n instance_type: t3.medium\n min_servers: 2\n max_servers: 4\n associate_public_ip_address: 0\n docker_storage_size: 40\n dockerhub_email: ''\n dockerhub_token: ''\n monitoring_docs_path: https://github.com/dxw/ops-docs/blob/master/dalmatian-monitoring/\n basic_auth_users:\n dxwsupport: '085740adb45fce7e0968c43a26f3acc9fc2c9ac1f38919ed78270f80905dbce07ea010aa8c5e44ee685ed3d8833e6dbbb4a6427af4a10011a8946187a29913e0d59540ba3f0c25f1bb66b6d76a473bd2cf70d9f8b0c79c05ae85864cf8cf779f'\ninfrastructures:\n bas:\n account_id: '419128131613'\n cluster:\n create: true\n opensearch_cluster:\n - identifier: bas\n in_use_by:\n - web\n version: 3.1\n master_enabled: false\n instance_count: 3\n instance_type: t3.small.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n rds:\n - identifier: bas\n instance_class:\n prod: db.t3.medium\n staging: db.t3.small\n engine: mysql\n engine_version: 8.0.42\n db_name: bas\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - web\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 2\n max_servers: 3\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:20014\n syslog_papertrail_endpoint: logs3.papertrailapp.com:20014\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:15689\n syslog_papertrail_endpoint: logs4.papertrailapp.com:15689\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n services:\n - name: web\n enable_max_one_container_per_instance: false\n launch_on:\n - prod\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n - Origin\n - X-WP-Nonce\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n - Origin\n - X-WP-Nonce\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: bas-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: bas-web-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/baspress\n buildspec: dalmatian_core_buildspec_saluki\n container_count: '5'\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/bas.ac.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/bas.ac.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1,31 * * * ? *)\n domain_names:\n prod:\n - bas.ac.uk\n - www.bas.ac.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:419128131613:certificate/cdf6d6b8-1f01-4a3f-9591-0c1e56866121\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:419128131613:certificate/9ce96ba1-565d-477f-8e6b-08edb0a3aeaf\n caselaw-stg:\n account_id: '626206937213'\n cluster:\n create: true\n s3:\n - name: tna-caselaw-assets-staging\n encrypted: false\n acl: public-read\n policy:\n staging:\n rw:\n services:\n - editor\n cloudfront:\n create: true\n domain_names:\n - assets.staging.caselaw.nationalarchives.gov.uk\n certificate: arn:aws:acm:us-east-1:626206937213:certificate/f15f7b26-47f3-477b-a78c-08b328c3ce4f\n - name: tna-caselaw-unpublished-assets-staging\n encrypted: true\n acl: private\n policy:\n staging:\n rw:\n services:\n - editor\n - name: tna-caselaw-marklogic-backup-staging\n encrypted: true\n acl: private\n aurora:\n - identifier: cluster1\n minimum_size:\n staging: 0.5\n maximum_size:\n staging: 1\n engine: aurora-postgresql\n engine_version: '15.4'\n db_name: cluster1\n rds:\n - identifier: shared\n instance_class:\n staging: db.t3.small\n engine: postgres\n engine_version: '11.22'\n db_name: inital_db_name\n allocated_storage: 200\n port: 5432\n waf:\n - name: caselaw\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesSQLiRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n associations:\n service_loadbalancer:\n - editor\n - public\n - priv-api\n environments:\n staging:\n track_revision: main\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:25413\n enable_efs: 'true'\n services:\n - name: editor\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n blue_green:\n staging:\n enabled: true\n enable_max_one_container_per_instance: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-editor-ui\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/check\"\n container_port: 5000\n container_command:\n - \"/entrypoint\"\n - \"/start\"\n domain_names:\n staging:\n - editor.staging.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:626206937213:certificate/32e71258-1bad-4281-9341-29efae63c184\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:626206937213:certificate/556f9be1-aa77-47fe-b2de-7d487bac6597\n scheduled_tasks:\n - name: process-reenrichment-queue\n command:\n - \"./manage.py\"\n - enrich_next_in_reenrichment_queue\n schedule_expression:\n prod: cron(13,43 18-23,0-6 * * ? *)\n - name: pdf-worker\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-pdf-conversion\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n container_port: 0\n container_command:\n - python\n - queue_listener/queue_listener.py\n - name: priv-api\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n blue_green:\n staging:\n enabled: true\n enable_max_one_container_per_instance: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-privileged-api\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/docs\"\n container_port: 8080\n container_command:\n - uvicorn\n - openapi_server.main:app\n - \"--host 0.0.0.0\"\n - \"--port 8080\"\n domain_names:\n staging:\n - api.staging.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:626206937213:certificate/acf4d06f-9cad-46e7-99e7-914844566e24\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:626206937213:certificate/415e2db3-7ecf-4356-a4cb-0fc7c8b44597\n - name: public\n monitoring:\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n blue_green:\n staging:\n enabled: true\n enable_max_one_container_per_instance: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-public-ui\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/check\"\n container_port: 5000\n container_command:\n - \"/entrypoint\"\n - \"/start\"\n domain_names:\n staging:\n - staging.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n staging: arn:aws:acm:eu-west-2:626206937213:certificate/dd7cc3f5-8ee7-4c26-96d6-99877378effb\n cloudfront_ssl_certificate:\n staging: arn:aws:acm:us-east-1:626206937213:certificate/6249f595-1502-45c7-9652-4a345f5b7c93\n scheduled_tasks:\n - name: recalculate-court-dates\n command:\n - \"./manage.py\"\n - recalculate_court_dates\n - \"--write\"\n schedule_expression:\n staging: cron(56 4 * * ? *)\n caselaw:\n account_id: '276505630421'\n hosted_zones:\n - domain: caselaw.nationalarchives.gov.uk\n cname_records:\n - name: _78fb500e8843610842d4bb647db51570.editor.staging.caselaw.nationalarchives.gov.uk\n value: _1a90eb15805e7609d3c3bd2b6709fe0a.qwknvqrlct.acm-validations.aws.\n - name: _172c6de34b34a80be6af484e2e9b3392.www.editor.staging.caselaw.nationalarchives.gov.uk\n value: _4262efc7cf3b4d5529b9d90b7111cb16.qwknvqrlct.acm-validations.aws.\n - name: _132734cd7034e52fd59627f0489b58ac.staging.caselaw.nationalarchives.gov.uk\n value: _b1b36d22ad1c862f017974c4abc7f59b.qvwhjqbvbg.acm-validations.aws.\n - name: _0c54d6f21da3cf55b6e1a3004b3d3a56.www.staging.caselaw.nationalarchives.gov.uk\n value: _deab10e3dafed06823f3f6f32041f074.qvwhjqbvbg.acm-validations.aws.\n - name: _a356b4b103532cc511f1ffe8245c22fd.editor.caselaw.nationalarchives.gov.uk\n value: _7d11c470025c2f2e931f2a883cbf9601.qwknvqrlct.acm-validations.aws.\n - name: _de1d203a10f66ff17336848e2fb4b0bf.www.editor.caselaw.nationalarchives.gov.uk\n value: _5d14285f44f61a1af473eba13bc40409.qwknvqrlct.acm-validations.aws.\n - name: _e5ca712f11e67119c380b3deae49fd70.caselaw.nationalarchives.gov.uk\n value: _823a867ae62dd74f29bb6fd39971fcb3.qwknvqrlct.acm-validations.aws.\n - name: _fdd770ef0664411464b4f059488f9fbf.www.caselaw.nationalarchives.gov.uk\n value: _e0c09055ca46a0d452aafbe6eb83ddff.qwknvqrlct.acm-validations.aws.\n - name: editor.caselaw.nationalarchives.gov.uk\n value: dgahyt2fa3kuq.cloudfront.net.\n - name: editor.staging.caselaw.nationalarchives.gov.uk\n value: d1iuddf85kusku.cloudfront.net.\n - name: staging.caselaw.nationalarchives.gov.uk\n value: d2y1tp7iel5w9x.cloudfront.net.\n - name: _a1ebe4745c24eac61f7461eabbc168ef.api.staging.caselaw.nationalarchives.gov.uk.\n value: _97f1436f70ac31f294aada08cc8aaf64.fpktwqqglf.acm-validations.aws.\n - name: _e2656715e78ddb204030c56da570f97a.api.caselaw.nationalarchives.gov.uk.\n value: _ddbafbeea46b67d5e5463c687c2c3eb9.fpktwqqglf.acm-validations.aws.\n - name: api.staging.caselaw.nationalarchives.gov.uk\n value: d974tpiyde2op.cloudfront.net.\n - name: api.caselaw.nationalarchives.gov.uk\n value: d2fisfxnfqj9rn.cloudfront.net.\n - name: _376bc62e1236a60e4bdca674076ef63a.assets.caselaw.nationalarchives.gov.uk\n value: _deb34765c09add0aa7c56d60ba669b7f.njdczhxdjc.acm-validations.aws.\n - name: _c806e5a739d7fa82056fb78584f2faac.assets.staging.caselaw.nationalarchives.gov.uk\n value: _7c35da553486feb6dad8ea4c211f2e3a.njdczhxdjc.acm-validations.aws.\n - name: assets.staging.caselaw.nationalarchives.gov.uk\n value: daemohisb35uy.cloudfront.net\n - name: assets.caselaw.nationalarchives.gov.uk\n value: d6s9404qfl4w9.cloudfront.net\n - name: ml.internal.staging.caselaw.nationalarchives.gov.uk\n value: internal-casel-Inter-ZOGJXYO3YO0P-1952744788.eu-west-2.elb.amazonaws.com\n - name: ml.external.staging.caselaw.nationalarchives.gov.uk\n value: caselaw-Alb-AA6AAOM5OAIU-1229666245.eu-west-2.elb.amazonaws.com\n - name: ml.internal.production.caselaw.nationalarchives.gov.uk\n value: internal-casel-Inter-IEYELZU5H4SR-1103909616.eu-west-2.elb.amazonaws.com\n - name: ml.external.production.caselaw.nationalarchives.gov.uk\n value: caselaw-Alb-1IDSCWLVRCK1T-2098249791.eu-west-2.elb.amazonaws.com\n - name: tr7w64hjz4fmlcdf4evgn5ht7w42dgbc._domainkey.staging.caselaw.nationalarchives.gov.uk\n value: tr7w64hjz4fmlcdf4evgn5ht7w42dgbc.dkim.amazonses.com\n - name: 2iwvzyjtnnj4c637hwwhqjwtvc5kzbif._domainkey.staging.caselaw.nationalarchives.gov.uk\n value: 2iwvzyjtnnj4c637hwwhqjwtvc5kzbif.dkim.amazonses.com\n - name: sd4buvcxevejri33mvpeq6bc2gsy5cb3._domainkey.staging.caselaw.nationalarchives.gov.uk\n value: sd4buvcxevejri33mvpeq6bc2gsy5cb3.dkim.amazonses.com\n - name: musnzhdxppv4sqd6u2gl6gundup5wkpx._domainkey.caselaw.nationalarchives.gov.uk\n value: musnzhdxppv4sqd6u2gl6gundup5wkpx.dkim.amazonses.com\n - name: k4mrulrj4eh3lwv7amk4wzccj7nj2lgo._domainkey.caselaw.nationalarchives.gov.uk\n value: k4mrulrj4eh3lwv7amk4wzccj7nj2lgo.dkim.amazonses.com\n - name: tzq5x574nguteezy5vit3tivamrxeov2._domainkey.caselaw.nationalarchives.gov.uk\n value: tzq5x574nguteezy5vit3tivamrxeov2.dkim.amazonses.com\n alias_records:\n - name: caselaw.nationalarchives.gov.uk\n value: d3ps134a3uyfwa.cloudfront.net.\n cluster:\n create: true\n s3:\n - name: tna-caselaw-assets\n encrypted: false\n acl: public-read\n policy:\n prod:\n rw:\n services:\n - editor\n cloudfront:\n create: true\n domain_names:\n - assets.caselaw.nationalarchives.gov.uk\n certificate: arn:aws:acm:us-east-1:276505630421:certificate/fac62dd9-9cfc-4ba0-a478-c43db5bc1db9\n - name: tna-caselaw-unpublished-assets\n encrypted: true\n acl: private\n policy:\n prod:\n rw:\n services:\n - editor\n - name: tna-caselaw-marklogic-backup\n encrypted: true\n acl: private\n - name: tna-caselaw-ingester-deploy\n encrypted: true\n acl: private\n rds:\n - identifier: shared\n instance_class:\n prod: db.t3.small\n engine: postgres\n engine_version: '11.22'\n db_name: inital_db_name\n allocated_storage: 200\n port: 5432\n aurora:\n - identifier: cluster1\n minimum_size:\n prod: 0.5\n maximum_size:\n prod: 3\n engine: aurora-postgresql\n engine_version: '15.4'\n db_name: cluster1\n environments:\n prod:\n track_revision: production\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 5\n max_servers: 8\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:38403\n enable_efs: 'true'\n services:\n - name: editor\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n blue_green:\n prod:\n enabled: true\n enable_max_one_container_per_instance: false\n cloudfront:\n create: true\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-editor-ui\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/check\"\n container_port: 5000\n container_count: '5'\n container_command:\n - \"/entrypoint\"\n - \"/start\"\n domain_names:\n prod:\n - editor.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:276505630421:certificate/23c7f59a-21e2-41f9-92d1-cb314520038e\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:276505630421:certificate/ca233fa5-4f91-4891-b9ae-13c18a1fddf4\n scheduled_tasks:\n - name: process-reenrichment-queue\n command:\n - \"./manage.py\"\n - enrich_next_in_reenrichment_queue\n schedule_expression:\n prod: cron(13,43 18-23,0-6 * * ? *)\n - name: process-reparse-queue\n command:\n - \"./manage.py\"\n - reparse_next_in_reparse_queue\n schedule_expression:\n prod: cron(28,58 18-23,0-6 * * ? *)\n - name: pdf-worker\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-pdf-conversion\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n container_port: 0\n container_command:\n - python\n - queue_listener/queue_listener.py\n - name: priv-api\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n blue_green:\n prod:\n enabled: true\n enable_max_one_container_per_instance: false\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-privileged-api\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/docs\"\n container_port: 8080\n container_command:\n - uvicorn\n - openapi_server.main:app\n - \"--host 0.0.0.0\"\n - \"--port 8080\"\n domain_names:\n prod:\n - api.caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:276505630421:certificate/1ef9680d-cb14-4a3e-9eb8-19e0d726acb8\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:276505630421:certificate/a584725d-f055-48b3-ac5d-ab0a503e9504\n - name: public\n blue_green:\n prod:\n enabled: true\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: true\n cloudfront_5xx:\n enabled: true\n threshold: '5'\n evaluation_periods: '15'\n ghost_inspector:\n enabled: false\n enable_max_one_container_per_instance: false\n cloudfront:\n create: true\n image_source: build_from_github_repo\n image_location: git@github.com:nationalarchives/ds-caselaw-public-ui\n codepipeline_use_github_v1: true\n buildspec: dalmatian_core_buildspec_default\n health_check_path: \"/check\"\n container_port: 5000\n container_count: '5'\n container_command:\n - \"/entrypoint\"\n - \"/start\"\n domain_names:\n prod:\n - caselaw.nationalarchives.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:276505630421:certificate/bec03109-db3c-489e-aeca-37ae57061d32\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:276505630421:certificate/2d5cdc02-4bf7-4ecf-84fc-6e8ea328b210\n scheduled_tasks:\n - name: recalculate-court-dates\n command:\n - \"./manage.py\"\n - recalculate_court_dates\n - \"--write\"\n schedule_expression:\n prod: cron(56 4 * * ? *)\n dalmatian-1:\n account_id: '052666621102'\n cluster:\n create: true\n rds:\n - identifier: shared1\n instance_class:\n staging: db.t2.small\n prod: db.t2.small\n engine: postgres\n engine_version: '11.22'\n storage_encrypted: false\n storage_type: gp2\n db_name: initial_db_name\n codebuild_access:\n - sun\n - sun-worker\n shared_loadbalancer:\n - name: shared-1\n in_use_by:\n - sun\n elasticache_cluster:\n - identifier: sun\n node_type: cache.t3.small\n node_count: 2\n engine: redis\n engine_version: 6.x\n in_use_by:\n - sun\n - sun-worker\n environments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:13251\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs:\n - sun-discourse/bitnami\n - sun-discourse/discourse-assets\n - sun/assets\n - sun/uploads\n - sun/plugins\n prod:\n track_revision: master\n instance_type: t3.medium\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:39394\n enable_efs: 'true'\n encrypt_efs: 'false'\n min_servers: 3\n max_servers: 6\n efs_dirs:\n - sun-discourse/bitnami\n - sun-discourse/discourse-assets\n - sun/assets\n - sun/uploads\n - sun/plugins\n services:\n - name: sun-worker\n monitoring:\n prod:\n ghost_inspector:\n enabled: false\n staging:\n ghost_inspector:\n enabled: false\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/sun-discourse-docker\n buildspec: buildspec.yml\n codepipeline_codebuild_run_in_vpc: true\n codepipeline_codebuild_use_service_env: true\n container_port: 0\n container_command:\n - \"/docker-entrypoint.sh\"\n - bundle\n - exec\n - sidekiq\n container_volumes:\n - name: uploads\n host_path: \"/mnt/efs/sun/uploads\"\n container_path: \"/var/www/discourse/public/uploads\"\n home_directory: \"/home/discourse\"\n - name: sun\n cloudfront:\n create: false\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/sun-discourse-docker\n codepipeline_codebuild_run_in_vpc: true\n codepipeline_codebuild_use_service_env: true\n buildspec: buildspec.yml\n health_check_grace_period: 1200\n health_check_path: \"/\"\n container_port: 9292\n container_count: 3\n enable_max_one_container_per_instance: false\n container_command:\n - \"/docker-entrypoint.sh\"\n - bundle\n - exec\n - puma\n container_volumes:\n - name: uploads\n host_path: \"/mnt/efs/sun/uploads\"\n container_path: \"/var/www/discourse/public/uploads\"\n home_directory: \"/home/discourse\"\n domain_names:\n prod:\n - www.statsusernet.org.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:052666621102:certificate/2e725a4f-a60c-4722-82f7-217eceb73e60\n dhsc:\n account_id: '504027283968'\n cluster:\n create: true\n opensearch_cluster:\n - identifier: dhsc\n in_use_by:\n - intranet\n - intra-dev\n version: 3.1\n master_enabled: false\n instance_count: 3\n instance_type: t3.small.elasticsearch\n warm_enabled: false\n volume_size: 20\n parameter_store_path_opensearch_cluster_url_name: ELASTICSEARCH_URL\n aurora:\n - identifier: dhscint\n minimum_size:\n staging: 0.5\n prod: 1\n maximum_size:\n staging: 1\n prod: 30\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: dhscint\n waf:\n - name: wordpress\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/async-upload.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n service_loadbalancers:\n - intranet\n - intra-dev\n environments:\n prod:\n track_revision: main\n instance_type: t3.medium\n min_servers: 5\n max_servers: 6\n logspout_command:\n - syslog+tls://logs6.papertrailapp.com:28623\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/intranet.dhsc.gov.uk\n syslog_papertrail_endpoint: logs6.papertrailapp.com:28623\n staging:\n track_revision: develop\n instance_type: t3.small\n min_servers: 2\n max_servers: 2\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:36547\n enable_efs: 'true'\n efs_dirs:\n - wp-uploads/intranet.dhsc.gov.uk\n syslog_papertrail_endpoint: logs3.papertrailapp.com:36547\n services:\n - name: intra-dev\n launch_on:\n - staging\n cloudfront:\n create: true\n origin_keepalive_timeout:\n staging: '60'\n prod: '60'\n origin_read_timeout:\n staging: '60'\n prod: '60'\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n - \"/wp-admin/css/*\"\n - \"/wp-admin/js/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dhsc-intra-dev-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dhsc-intra-dev-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n prod:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n - \"/wp-admin/css/*\"\n - \"/wp-admin/js/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dhsc-intra-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dhsc-intra-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/dhsc-intranet\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '2'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/intra-dev.dhsc.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression: cron(1/2 * * * ? *)\n - name: intranet\n enable_max_one_container_per_instance: false\n global_accelerator:\n prod: false\n staging: false\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: true\n cloudfront_5xx:\n enabled: true\n threshold: '95'\n evaluation_periods: '5'\n ghost_inspector:\n enabled: false\n cloudfront:\n create: true\n offline_page_http_status:\n 504: \"/error-pages/500.html\"\n 500: \"/error-pages/501.html\"\n 501: \"/error-pages/502.html\"\n 502: \"/error-pages/503.html\"\n 503: \"/error-pages/504.html\"\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n prod:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dhsc-intranet-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dhsc-intranet-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n staging:\n - path_patterns:\n - \"/wp-content/plugins/*\"\n - \"/wp-content/themes/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dhsc-intranet-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dhsc-intranet-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/dhsc-intranet\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '4'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/intranet.dhsc.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh\"\n schedule_expression:\n staging: cron(1/2 * * * ? *)\n prod: cron(1/2 * * * ? *)\n domain_names:\n prod:\n - intranet.dhsc.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:504027283968:certificate/b2372a2f-9aa3-4aea-9c51-bf0ec90d3027\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:504027283968:certificate/9fcff1ae-444c-46f9-83e2-a56a63be1131\n dxw-govpress:\n account_id: '666653442229'\n hosted_zones:\n - domain: govpress.com\n mx_records:\n - name: govpress.com\n value:\n - 10 mail.dxw.net.\n - name: clients.govpress.com\n value:\n - 10 mail.dxw.net.\n - name: helpful.govpress.com\n value:\n - 10 mail.dxw.net.\n cname_records:\n - name: relay.govpress.com\n value: gingerbread.dxw.net.\n - name: git.govpress.com\n value: gitlab-prod-app.prod.dxw.net.\n - name: www.govpress.com\n value: redirect.dxw.net.\n - name: esht.prod.govpress.com\n value: d15tqudmnm8frj.cloudfront.net\n - name: _d82f73e41cffdbd334e6943ccc710e7a.govpress.com\n value: _3c0f1cf439ba4fcc9c17c55d2130ee56.njdczhxdjc.acm-validations.aws\n - name: _e765e7b484391dc5cc84f98f49a46337.www.govpress.com\n value: _4d3157cb7368a9836e01844246374d77.njdczhxdjc.acm-validations.aws\n - name: magnus._domainkey.govpress.com\n value: magnus._domainkey.dxw.com\n a_records:\n - name: govpress.com\n value: 54.228.199.127\n - name: lambeth.prod.govpress.com\n value: 46.43.2.234\n txt_records:\n - name: govpress.com\n value:\n - v=spf1 include:spf.dxw.net ~all\n - name: _dmarc.govpress.com\n value:\n - v=DMARC1; p=none; rua=mailto:postmaster-dmarc@dxw.com\n - name: clients.govpress.com\n value:\n - v=spf1 a:gingerbread.dxw.net mx include:spf.dxw.net include:amazonses.com ~all\n - name: _dmarc.clients.govpress.com\n value:\n - v=DMARC1; p=none; rua=mailto:dxw-d@dmarc.report-uri.com\n - name: mailtrap-forward.clients.govpress.com\n value:\n - mailtrap-forward=2eb7461a24c4f29b240c4bec462663ea9b57779c562174b6b42ae1de38003091\n ns_records:\n - name: aws.govpress.com\n value:\n - ns-758.awsdns-30.net.\n - ns-1633.awsdns-12.co.uk.\n - ns-1105.awsdns-10.org.\n - ns-325.awsdns-40.com.\n - domain: cass.independent-review.uk\n cname_records:\n - name: _5e91d9e0e2cc7abbe5a1283046c65871.cass.independent-review.uk\n value: _754633b27559c07c4e645fc5f5be3e25.zjfbrrwmzc.acm-validations.aws.\n a_records:\n - name: cass.independent-review.uk\n value: 54.228.199.127\n txt_records:\n - name: _dmarc.cass.independent-review.uk\n value: v=DMARC1; p=reject;\n - name: cass.independent-review.uk\n value: v=spf1 -all\n mx_records:\n - name: cass.independent-review.uk\n value:\n - 0 .\n - domain: dcmsblog.uk\n cname_records:\n - name: _99f38f14bb860d93ce07d0f8b8a3338b.www.dcmsblog.uk\n value: _f9992e4aa0b8e0100c26211119fb69ca.lblqlwmygg.acm-validations.aws.\n - name: _b2a3eb8c50a5a1c8b27a79f86641235c.dcmsblog.uk\n value: _34d57f1463a0cd62e865532e096afcc7.lblqlwmygg.acm-validations.aws.\n - name: www.dcmsblog.uk\n value: d1qws3mk1m4f0z.cloudfront.net.\n mx_records:\n - name: dcmsblog.uk\n value:\n - 10 mail.dxw.net\n txt_records:\n - name: dcmsblog.uk\n value:\n - v=spf1 mx -all\n alias_records:\n - name: dcmsblog.uk\n value: d1qws3mk1m4f0z.cloudfront.net.\n - domain: younghackney.org\n cname_records:\n - name: _99eff7ccd4566c043c0cf97ddd2e583c.www.younghackney.org\n value: _cefe57a5dfb406a0f85653cdaa16266e.fpktwqqglf.acm-validations.aws.\n - name: _eaafe27852697569cf138410f690d139.younghackney.org\n value: _384b84719b73762d510b218ccd7fe015.fpktwqqglf.acm-validations.aws.\n - name: www.younghackney.org\n value: daadrojmc4wm1.cloudfront.net.\n alias_records:\n - name: younghackney.org\n value: daadrojmc4wm1.cloudfront.net.\n - domain: aws.govpress.com\n cname_records:\n - name: bce.aws.govpress.com\n value: d3fd50518r0hft.cloudfront.net.\n - domain: armedforcescovenant.gov.uk\n cname_records:\n - name: www.armedforcescovenant.gov.uk\n value: d12whp7kmexnih.cloudfront.net.\n - name: _cc4b74431798b39640ed4e3b372efc56.armedforcescovenant.gov.uk\n value: _d5fef69b2cbeaf912b935e513ad7bcf4.fpgkgnzppq.acm-validations.aws.\n - name: _f7f0506aba0082a9dede2ac3279025e5.www.armedforcescovenant.gov.uk\n value: _2f172ba3cfcc8466d5ca50f00687ae49.fpgkgnzppq.acm-validations.aws\n txt_records:\n - name: armedforcescovenant.gov.uk\n value:\n - v=spf1 mx -all\n - name: _dmarc.armedforcescovenant.gov.uk\n value:\n - v=DMARC1; p=reject\n alias_records:\n - name: armedforcescovenant.gov.uk\n value: d12whp7kmexnih.cloudfront.net.\n mx_records:\n - name: armedforcescovenant.gov.uk\n value:\n - 10 mail.dxw.net\n cluster:\n create: true\n rds:\n - identifier: med1\n instance_class:\n staging: db.t3.medium\n prod: db.t3.medium\n engine: mysql\n engine_version: 8.0.42\n db_name: initial_db_name\n sync_sql_backup_to_azure: false\n aurora:\n - identifier: cluster1\n minimum_size:\n staging: 0.5\n prod: 0.5\n maximum_size:\n staging: 6\n prod: 8\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: cluster1\n sync_sql_backup_to_azure: false\n - identifier: cluster2\n minimum_size:\n staging: 0.5\n prod: 0.5\n maximum_size:\n staging: 6\n prod: 16\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: cluster2\n sync_sql_backup_to_azure: false\n - identifier: cluster3\n minimum_size:\n staging: 0.5\n prod: 0.5\n maximum_size:\n staging: 6\n prod: 8\n engine: aurora-mysql\n engine_version: '8.0'\n db_name: cluster3\n sync_sql_backup_to_azure: false\n elasticache_cluster:\n - identifier: rdscache\n in_use_by:\n - af-covenant\n - af-day\n - af-grants\n - advisories\n - analysis\n - arctic\n - bas\n - bas-2025\n - bas-ice-arc\n - bat\n - biot\n - bce\n - bikeshed\n - care-city\n - cognus\n - coretest\n - dcmsblog\n - dfe-eah\n - dft-think\n - dsma\n - dxw-web\n - e-and-e\n - essex-blog\n - esht\n - esht-me\n - fcdo-blog\n - fcdo-lanc\n - fcdo-proto\n - fcdo-stor\n - fleming\n - gosc-test\n - hackneyrec\n - healthy-lon\n - icai\n - itf\n - lamb-cs\n - lamb-love\n - lamb-made\n - lamb-tog\n - ons-careers\n - osdi\n - osteo-cpd\n - osteo-std\n - natcen-scot\n - natcen-uk\n - nhs-england\n - nhs-ltp\n - ons-cop\n - ons-osr\n - ons-uksa\n - ons-www\n - psaa\n - psc\n - refugee\n - saluki-sub\n - saluki-test\n - settle\n - stg\n - stg-aos\n - tke\n - uadta\n - ukaea\n - unialliance\n - unimyths\n - v2c-llanw\n - v-to-c\n - younghack\n node_type: cache.t3.medium\n node_count: 2\n engine: redis\n engine_version: 7.x\n parameters:\n - name: maxmemory-policy\n value: allkeys-lru\n shared_loadbalancer:\n - name: shared-1\n global_accelerator:\n prod: true\n in_use_by:\n - advisories\n - arctic\n - bas\n - bas-2025\n - bce\n - bikeshed\n - care-city\n - cognus\n - dcmsblog\n - dfe-eah\n - dsma\n - dxw-web\n - e-and-e\n - esht\n - esht-me\n - gosc-test\n - hackneyrec\n - healthy-lon\n - icai\n - itf\n - ons-careers\n - osdi\n - osteo-cpd\n - osteo-std\n - psaa\n - psc\n - refugee\n - saluki-sub\n - saluki-test\n - settle\n - stg\n - stg-aos\n - tke\n - uadta\n - ukaea\n - unialliance\n - unimyths\n - v2c-llanw\n - v-to-c\n - younghack\n - name: shared-2\n global_accelerator:\n prod: true\n in_use_by:\n - af-covenant\n - af-day\n - af-grants\n - analysis\n - bas-ice-arc\n - bat\n - biot\n - dft-think\n - essex-blog\n - fcdo-blog\n - fcdo-lanc\n - fcdo-proto\n - fcdo-stor\n - fleming\n - lamb-cs\n - lamb-love\n - lamb-made\n - lamb-tog\n - natcen-scot\n - natcen-uk\n - nhs-england\n - nhs-ltp\n - ons-cop\n - ons-osr\n - ons-uksa\n - ons-www\n - coretest\n waf:\n - name: wordpress-1\n action: block\n aws_managed_rules:\n - name: AWSManagedRulesAmazonIpReputationList\n - name: AWSManagedRulesPHPRuleSet\n exclude_rules:\n - PHPHighRiskMethodsVariables_BODY\n - name: AWSManagedRulesSQLiRuleSet\n excluded_path_patterns:\n - \"/wp-admin/admin-ajax.php\"\n - \"/wp-admin/async-upload.php\"\n - \"/wp-admin/post.php\"\n - name: AWSManagedRulesWordPressRuleSet\n - name: AWSManagedRulesCommonRuleSet\n exclude_rules:\n - SizeRestrictions_BODY\n - SizeRestrictions_QUERYSTRING\n - GenericLFI_BODY\n - GenericRFI_BODY\n - CrossSiteScripting_BODY\n - GenericRFI_QUERYARGUMENTS\n - EC2MetaDataSSRF_BODY\n associations:\n shared_loadbalancers:\n - shared-1\n - shared-2\n s3:\n - name: analysis-dashboard-staging\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - analysis-staging\n policy:\n staging:\n rw:\n services:\n - analysis\n - name: analysis-dashboard-prod\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - analysis-prod\n policy:\n prod:\n rw:\n services:\n - analysis\n - name: settle-reports-staging\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - settle-staging\n policy:\n staging:\n rw:\n services:\n - settle\n - name: settle-reports-prod\n encrypted: true\n acl: private\n service_cloudfront_read_access:\n - settle-prod\n policy:\n prod:\n rw:\n services:\n - settle\n environments:\n staging:\n track_revision: develop\n instance_type: t3.medium\n min_servers: 11\n max_servers: 16\n docker_storage_size: 80\n logspout_command:\n - syslog+tls://logs4.papertrailapp.com:15689\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n syslog_papertrail_endpoint: logs4.papertrailapp.com:15689\n prod:\n track_revision: main\n instance_type: t3.medium\n max_instance_lifetime: 604800\n min_servers: 14\n max_servers: 20\n docker_storage_size: 80\n logspout_command:\n - syslog+tls://logs3.papertrailapp.com:20014\n enable_efs: 'true'\n encrypt_efs: 'false'\n efs_dirs: []\n syslog_papertrail_endpoint: logs3.papertrailapp.com:20014\n services:\n - name: advisories\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-advisories-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-advisories-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/advisories\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_count: '3'\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/advisories.dxw.com\"\n container_path: \"/var/www/html/wp-content/uploads\"\n scheduled_tasks:\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(3 * * * ? *)\n prod: cron(3 * * * ? *)\n domain_names:\n prod:\n - advisories.dxw.com\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/cdc50525-238e-4898-9795-c23491d59fd0\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/d419dd64-522f-4ad0-8f93-d6e66e1e7154\n - name: af-covenant\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-covenant-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-af-covenant-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-covenant-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n prod:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"/wp-login.php\"\n - \"/wp-activate.php\"\n - \"/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-covenant-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n - path_patterns:\n - \"/wp-content/*\"\n - \"/wp-includes/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n target_origin_id: dxw-govpress-af-covenant-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept\n - CloudFront-Forwarded-Proto\n - Host\n forwarded_cookies: none\n forward_query_strings: false\n - path_patterns:\n - \"/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-covenant-prod-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - Authorization\n - Accept-Charset\n - Accept\n - CloudFront-Forwarded-Proto\n - Referer\n - Host\n - Accept-Language\n - Accept-Encoding\n - Accept-Datetime\n forwarded_cookies: whitelist\n whitelisted_names:\n - wordpress_logged_in_*\n - wp-postpass_*\n - wordpress_test_cookie\n - comment_author_*\n forward_query_strings: true\n image_source: build_from_github_repo\n image_location: git@github.com:dxw/afc\n buildspec: dalmatian_core_buildspec_saluki\n container_command:\n - \"./docker-entrypoint.sh\"\n container_port: 80\n container_volumes:\n - name: wp-uploads\n host_path: \"/mnt/efs/wp-uploads/armedforcescovenant.gov.uk\"\n container_path: \"/var/www/html/wp-content/uploads\"\n - name: wp-cache\n host_path: \"/mnt/efs/wp-cache/armedforcescovenant.gov.uk\"\n container_path: \"/var/www/html/wp-content/cache\"\n scheduled_tasks:\n - name: wp-cron-publish\n command:\n - \"/usr/local/bin/wp-cron.sh -p\"\n schedule_expression:\n staging: cron(4 1 * * ? *)\n prod: cron(1,31 * * * ? *)\n - name: wp-cron\n command:\n - \"/usr/local/bin/wp-cron.sh -s 8\"\n schedule_expression:\n staging: cron(4 * * * ? *)\n prod: cron(4 * * * ? *)\n domain_names:\n prod:\n - armedforcescovenant.gov.uk\n - www.armedforcescovenant.gov.uk\n lb_ssl_certificate:\n prod: arn:aws:acm:eu-west-2:666653442229:certificate/2a3d4fe0-5b43-4770-ac37-730947cae3e8\n cloudfront_ssl_certificate:\n prod: arn:aws:acm:us-east-1:666653442229:certificate/15cb0373-983a-49ee-a898-98a73984bbbc\n - name: af-day\n monitoring:\n prod:\n opsgenie_alerts:\n enabled: false\n cloudfront:\n create: true\n viewer_request_functions:\n - name: default\n true_client_ip_header: true\n associate_with_default_behaviour:\n staging: true\n prod: true\n custom_behaviors:\n staging:\n - path_patterns:\n - \"/wp-admin/*\"\n - \"*/wp-admin/*\"\n - \"/wp-login.php\"\n - \"*/wp-login.php\"\n - \"/wp-activate.php\"\n - \"*/wp-activate.php\"\n - \"/wp-json/*\"\n - \"*/wp-json/*\"\n allowed_methods:\n - GET\n - HEAD\n - OPTIONS\n - PUT\n - POST\n - PATCH\n - DELETE\n target_origin_id: dxw-govpress-af-day-staging-default-origin\n min_ttl: 0\n default_ttl: 86400\n max_ttl: 31536000\n forwarded_headers:\n - \"*\"\n forwarded_cookies: all\n forward_query_strings: true\n associate_viewer_request_function: default\n - path_patterns:" } } } ], "status": "success", "timestamp": "2026-02-20T17:55:56.197Z", "resultDisplay": "Read lines 1-2000 of 17944 from ../dalmatian-config/dalmatian.yml", "displayName": "ReadFile", "description": "Reads and returns the content of a specified file. If the file is large, the content will be truncated. The tool's response will clearly indicate if truncation has occurred and will provide details on how to read more of the file using the 'offset' and 'limit' parameters. Handles text, images (PNG, JPG, GIF, WEBP, SVG, BMP), audio files (MP3, WAV, AIFF, AAC, OGG, FLAC), and PDF files. For text files, it can read specific line ranges.", "renderOutputAsMarkdown": true } ] }, { "id": "61cc2adc-8a12-4f30-b829-95c8dcd6b2cc", "timestamp": "2026-02-20T17:55:59.173Z", "type": "gemini", "content": "", "toolCalls": [ { "id": "grep_search_1771610159116_0", "name": "grep_search", "args": { "pattern": "dxw-pentest", "file_path": "/Users/bob/git/dxw/dalmatian-config/dalmatian.yml" }, "result": [ { "functionResponse": { "id": "grep_search_1771610159116_0", "name": "grep_search", "response": { "output": "No matches found for pattern \"dxw-pentest\" in path \".\"." } } } ], "status": "success", "timestamp": "2026-02-20T17:55:59.170Z", "resultDisplay": "No matches found", "displayName": "SearchText", "description": "Searches for a regular expression pattern within file contents. Max 100 matches.", "renderOutputAsMarkdown": true } ], "thoughts": [ { "subject": "Locating a String", "description": "I've got the `dalmatian-config/dalmatian.yml` file open, and it's massive, a sprawling 17944 lines. My next step? I'm using a search to find every instance of 'dxw-pentest' within this configuration file.", "timestamp": "2026-02-20T17:55:59.027Z" } ], "model": "gemini-3-flash-preview", "tokens": { "input": 85884, "output": 37, "cached": 64402, "thoughts": 43, "tool": 0, "total": 85964 } }, { "id": "5a43704d-980b-4e41-8fa4-7b0a868859fc", "timestamp": "2026-02-20T17:56:02.982Z", "type": "gemini", "content": "I will read the `config/dalmatian.yml` file in the `dalmatian-config` repository to see if it's the source for the compiled `dalmatian.yml` and how it references individual infrastructure files.", "thoughts": [ { "subject": "Uncovering Hidden Connections", "description": "I'm now tracing the execution flow to see how `dalmatian` is aware of `dxw-pentest`. I'm starting by analyzing the configuration loading mechanisms to identify potential implicit inclusion strategies or alternative configuration sources. The goal is to figure out if there is a different file that calls the dxw-pentest and loads it.", "timestamp": "2026-02-20T17:56:01.818Z" }, { "subject": "Pinpointing Configuration Sources", "description": "The presence of `dxw-pentest.yml` within the `dalmatian-config` directory seems to contradict initial expectations. My attention has now shifted towards the `compile` and `combine-configs` scripts, considering that the root `dalmatian.yml` might be a product of runtime merging. I'm currently scrutinizing `dalmatian-config/config/dalmatian.yml` to further understand this process.", "timestamp": "2026-02-20T17:56:02.881Z" } ], "tokens": { "input": 85937, "output": 83, "cached": 83279, "thoughts": 177, "tool": 0, "total": 86197 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "read_file_1771610162975_0", "name": "read_file", "args": { "file_path": "/Users/bob/git/dxw/dalmatian-config/config/dalmatian.yml" }, "result": [ { "functionResponse": { "id": "read_file_1771610162975_0", "name": "read_file", "response": { "output": "---\nparameter-store-path-prefix: \"/dalmatian-variables/\"\naccount-bootstrap:\n variables:\n region: eu-west-2\n root_domain_zone: dalmatian.dxw.net\n dalmatian_read_users:\n - ed\n - cristina\n - hippers\n - bob-read\n dalmatian_admin_users:\n - chris\n - bob\n - laura-admin\n - ed-admin\n - cristina-admin\n - olivia-admin\n - tomh-admin\n - isratc-admin\n - lorna-admin\n - nick-admin\n - stu-admin\n - rob-admin\n - anthony-admin\n - lee-admin\n - matty-admin\n - calum-admin\n - meyric-admin\n - brent-admin\n - serena-admin\n - dragon-admin\n - suze-admin\n - george-admin\n - matthew-admin\n - sim-admin\n - barryr-admin\n - jamesk-admin\n - ash-admin\n - sarah-admin\n - ynda-admin\n - patrick-admin\n - williamman-admin\n\nci:\n variables:\n region: eu-west-2\n prci_github_owner: dxw\n prci_github_repository: dalmatian\n prci_codebuild_compute_type: BUILD_GENERAL1_SMALL\n prci_codebuild_image: public.ecr.aws/q8n3y8x7/testing-terraform-docker:latest\n bpsp_source_branch: master\n bpbp_codebuild_compute_type: BUILD_GENERAL1_SMALL\n bpbp_codebuild_image: public.ecr.aws/q8n3y8x7/testing-terraform-docker:latest\ninfrastructure-defaults:\n variables:\n region: eu-west-2\n cidr: 10.0.0.0/16\n root_domain_zone: dalmatian.dxw.net\n internal_domain_zone: dalmatian.internal\n ecs_private_subnets:\n - availability_zone: eu-west-2a\n cidr: 10.0.128.0/24\n - availability_zone: eu-west-2b\n cidr: 10.0.129.0/24\n - availability_zone: eu-west-2c\n cidr: 10.0.130.0/24\n extra_public_subnets:\n - availability_zone: eu-west-2a\n cidr: 10.0.0.0/24\n - availability_zone: eu-west-2b\n cidr: 10.0.1.0/24\n - availability_zone: eu-west-2c\n cidr: 10.0.2.0/24\n instances_key_name: dalmatian-ecs-instances\n instance_type: t3.medium\n min_servers: 2\n max_servers: 4\n associate_public_ip_address: 0\n docker_storage_size: 40\n dockerhub_email: ''\n dockerhub_token: ''\n monitoring_docs_path: https://github.com/dxw/ops-docs/blob/master/dalmatian-monitoring/\n basic_auth_users:\n dxwsupport: '085740adb45fce7e0968c43a26f3acc9fc2c9ac1f38919ed78270f80905dbce07ea010aa8c5e44ee685ed3d8833e6dbbb4a6427af4a10011a8946187a29913e0d59540ba3f0c25f1bb66b6d76a473bd2cf70d9f8b0c79c05ae85864cf8cf779f'\n" } } } ], "status": "success", "timestamp": "2026-02-20T17:56:03.002Z", "resultDisplay": "", "displayName": "ReadFile", "description": "Reads and returns the content of a specified file. If the file is large, the content will be truncated. The tool's response will clearly indicate if truncation has occurred and will provide details on how to read more of the file using the 'offset' and 'limit' parameters. Handles text, images (PNG, JPG, GIF, WEBP, SVG, BMP), audio files (MP3, WAV, AIFF, AAC, OGG, FLAC), and PDF files. For text files, it can read specific line ranges.", "renderOutputAsMarkdown": true } ] }, { "id": "7d7bf890-cdc6-43b6-9c1f-5c4d4ac20081", "timestamp": "2026-02-20T17:56:06.661Z", "type": "gemini", "content": "I will read the `bin/compile` script in the `dalmatian-config` repository to confirm how it combines the different configuration files into the final `dalmatian.yml`.", "thoughts": [ { "subject": "Investigating Configuration Files", "description": "The `config/dalmatian.yml` file is proving tricky. It seems there's an inconsistency with how \"infrastructures\" is handled. I initially thought it was absent but then spotted it at the root level. I'm now hypothesizing that the `bin/compile` script merges the primary config with others from the `config/infrastructures` directory.", "timestamp": "2026-02-20T17:56:06.530Z" }, { "subject": "Examining Script's Logic", "description": "Okay, so I've opened `dalmatian-config/bin/compile`. The script's logic confirms my suspicions. It loads the main config and merges in the contents of infrastructure files. This clarifies the \"infrastructures\" key's presence and how it's being managed, providing a more coherent picture now. Time to explore how those infrastructure configurations are structured.", "timestamp": "2026-02-20T17:56:06.548Z" } ], "tokens": { "input": 87023, "output": 69, "cached": 83175, "thoughts": 91, "tool": 0, "total": 87183 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "read_file_1771610166655_0", "name": "read_file", "args": { "file_path": "/Users/bob/git/dxw/dalmatian-config/bin/compile" }, "result": [ { "functionResponse": { "id": "read_file_1771610166655_0", "name": "read_file", "response": { "output": "#!/bin/sh\n\nset -e\n\ncd \"$(dirname \"$0\")/..\"\n\necho \"==> Validating configuration files…\"\nbin/validate\n\necho \"==> Combining configuration files…\"\nbin/combine-configs\n\necho \"==> Standardising output…\"\nyq eval -i 'sortKeys(.)' dalmatian.yml\n" } } } ], "status": "success", "timestamp": "2026-02-20T17:56:06.688Z", "resultDisplay": "", "displayName": "ReadFile", "description": "Reads and returns the content of a specified file. If the file is large, the content will be truncated. The tool's response will clearly indicate if truncation has occurred and will provide details on how to read more of the file using the 'offset' and 'limit' parameters. Handles text, images (PNG, JPG, GIF, WEBP, SVG, BMP), audio files (MP3, WAV, AIFF, AAC, OGG, FLAC), and PDF files. For text files, it can read specific line ranges.", "renderOutputAsMarkdown": true } ] }, { "id": "3afc0071-0ea9-403b-a13e-f27325dce197", "timestamp": "2026-02-20T17:56:09.606Z", "type": "gemini", "content": "I will read the `bin/combine-configs` script in the `dalmatian-config` repository to see the exact logic for merging the different YAML files.", "thoughts": [ { "subject": "Contemplating Configuration Merging", "description": "I'm currently focused on the `bin/combine-configs` script. My objective is to determine how best to merge configurations effectively. I'm considering the potential for conflicts and how to prioritize settings from different sources. This will ultimately determine the optimal way to consolidate various configuration files into a unified whole.", "timestamp": "2026-02-20T17:56:09.332Z" } ], "tokens": { "input": 87163, "output": 65, "cached": 64197, "thoughts": 8, "tool": 0, "total": 87236 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "read_file_1771610169599_0", "name": "read_file", "args": { "file_path": "/Users/bob/git/dxw/dalmatian-config/bin/combine-configs" }, "result": [ { "functionResponse": { "id": "read_file_1771610169599_0", "name": "read_file", "response": { "output": "#!/usr/bin/env ruby\n\nrequire \"yaml\"\ndalmatian_config = YAML.load_file(\"config/dalmatian.yml\")\n\ndalmatian_config[\"infrastructures\"] = {}\n\nDir.glob(\"config/infrastructures/*.yml\").sort.each do |infrastructure_file|\n infrastructure_name = File.basename(infrastructure_file, \".yml\")\n infrastructure_config = YAML.load_file(infrastructure_file)\n\n infrastructure_config[\"services\"] = []\n\n Dir.glob(\"config/infrastructures/#{infrastructure_name}/*.yml\").sort.each do |service_file|\n service_config = YAML.load_file(service_file)\n infrastructure_config[\"services\"].append(service_config)\n end\n\n dalmatian_config[\"infrastructures\"][infrastructure_name] = infrastructure_config\nend\n\nFile.open(\"dalmatian.yml\", \"w\") do |file|\n file.write(\n dalmatian_config.to_yaml(\n Indent: 2,\n UseHeader: true\n )\n )\nend\n" } } } ], "status": "success", "timestamp": "2026-02-20T17:56:09.633Z", "resultDisplay": "", "displayName": "ReadFile", "description": "Reads and returns the content of a specified file. If the file is large, the content will be truncated. The tool's response will clearly indicate if truncation has occurred and will provide details on how to read more of the file using the 'offset' and 'limit' parameters. Handles text, images (PNG, JPG, GIF, WEBP, SVG, BMP), audio files (MP3, WAV, AIFF, AAC, OGG, FLAC), and PDF files. For text files, it can read specific line ranges.", "renderOutputAsMarkdown": true } ] }, { "id": "960544e5-9941-48b4-a0a0-1e6976a54ff5", "timestamp": "2026-02-20T17:56:13.769Z", "type": "gemini", "content": "I will run the `bin/compile` script in the `dalmatian-config` repository to regenerate the `dalmatian.yml` file with the updated `dxw-pentest` configuration.", "thoughts": [ { "subject": "Reflecting on Compilation", "description": "I've confirmed that the root `dalmatian.yml` is indeed compiled from the files residing in `config/infrastructures/`. With the recent update to `config/infrastructures/dxw-pentest.yml`, I'm preparing to execute `bin/compile` to generate the updated configuration. This should reflect the changes I've just made.", "timestamp": "2026-02-20T17:56:12.142Z" }, { "subject": "Evaluating the Execution Plan", "description": "I'm now zeroing in on the execution phase. The primary objective is to update `dalmatian.yml` by running `bin/compile`. I've realized the user likely intends for the compiled version to be updated. A key consideration is the availability of `yq`, a dependency of the compilation script. If it's unavailable, I will explore an alternative of manually editing the root file, but I will begin by attempting the script execution.", "timestamp": "2026-02-20T17:56:13.675Z" } ], "tokens": { "input": 87480, "output": 84, "cached": 86845, "thoughts": 228, "tool": 0, "total": 87792 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771610173764_0", "name": "run_shell_command", "args": { "dir_path": "/Users/bob/git/dxw/dalmatian-config", "command": "./bin/compile", "description": "Compile the dalmatian configuration." }, "result": [ { "functionResponse": { "id": "run_shell_command_1771610173764_0", "name": "run_shell_command", "response": { "output": "Output: ==> Validating configuration files…\n==> Validating dalmatian.yml against schema…\nconfig/dalmatian.yml valid\n==> Validating infrastructure configurations against schema…\nconfig/infrastructures/bas.yml valid\nconfig/infrastructures/caselaw-stg.yml valid\nconfig/infrastructures/caselaw.yml valid\nconfig/infrastructures/dalmatian-1.yml valid\nconfig/infrastructures/dhsc.yml valid\nconfig/infrastructures/dxw-govpress.yml valid\nconfig/infrastructures/dxw-pentest.yml valid\nconfig/infrastructures/esht.yml valid\nconfig/infrastructures/essex.yml valid\nconfig/infrastructures/fcdo.yml valid\nconfig/infrastructures/gds.yml valid\nconfig/infrastructures/judiciary-int.yml valid\nconfig/infrastructures/judiciary.yml valid\nconfig/infrastructures/mettvh.yml valid\nconfig/infrastructures/mtvh-gp.yml valid\nconfig/infrastructures/nao.yml valid\nconfig/infrastructures/natcen.yml valid\nconfig/infrastructures/nhs-england.yml valid\nconfig/infrastructures/nhsx-website.yml valid\nconfig/infrastructures/ons.yml valid\nconfig/infrastructures/rwm.yml valid\nconfig/infrastructures/stgeorges.yml valid\nconfig/infrastructures/test-app.yml valid\n==> Validating service configurations against schema…\nconfig/infrastructures/bas.yml valid\nconfig/infrastructures/bas/web.yml valid\nconfig/infrastructures/caselaw-stg.yml valid\nconfig/infrastructures/caselaw-stg/editor.yml valid\nconfig/infrastructures/caselaw-stg/pdf-worker.yml valid\nconfig/infrastructures/caselaw-stg/priv-api.yml valid\nconfig/infrastructures/caselaw-stg/public.yml valid\nconfig/infrastructures/caselaw.yml valid\nconfig/infrastructures/caselaw/editor.yml valid\nconfig/infrastructures/caselaw/pdf-worker.yml valid\nconfig/infrastructures/caselaw/priv-api.yml valid\nconfig/infrastructures/caselaw/public.yml valid\nconfig/infrastructures/dalmatian-1.yml valid\nconfig/infrastructures/dalmatian-1/sun-worker.yml valid\nconfig/infrastructures/dalmatian-1/sun.yml valid\nconfig/infrastructures/dhsc.yml valid\nconfig/infrastructures/dhsc/intra-dev.yml valid\nconfig/infrastructures/dhsc/intranet.yml valid\nconfig/infrastructures/dxw-govpress.yml valid\nconfig/infrastructures/dxw-govpress/advisories.yml valid\nconfig/infrastructures/dxw-govpress/af-covenant.yml valid\nconfig/infrastructures/dxw-govpress/af-day.yml valid\nconfig/infrastructures/dxw-govpress/af-grants.yml valid\nconfig/infrastructures/dxw-govpress/analysis.yml valid\nconfig/infrastructures/dxw-govpress/arctic.yml valid\nconfig/infrastructures/dxw-govpress/bas-2025.yml valid\nconfig/infrastructures/dxw-govpress/bas-ice-arc.yml valid\nconfig/infrastructures/dxw-govpress/bas.yml valid\nconfig/infrastructures/dxw-govpress/bat.yml valid\nconfig/infrastructures/dxw-govpress/bce.yml valid\nconfig/infrastructures/dxw-govpress/bikeshed.yml valid\nconfig/infrastructures/dxw-govpress/biot.yml valid\nconfig/infrastructures/dxw-govpress/care-city.yml valid\nconfig/infrastructures/dxw-govpress/cognus.yml valid\nconfig/infrastructures/dxw-govpress/coretest.yml valid\nconfig/infrastructures/dxw-govpress/dcmsblog.yml valid\nconfig/infrastructures/dxw-govpress/dfe-eah.yml valid\nconfig/infrastructures/dxw-govpress/dft-think.yml valid\nconfig/infrastructures/dxw-govpress/dsma.yml valid\nconfig/infrastructures/dxw-govpress/dxw-web.yml valid\nconfig/infrastructures/dxw-govpress/e-and-e.yml valid\nconfig/infrastructures/dxw-govpress/esht-me.yml valid\nconfig/infrastructures/dxw-govpress/esht.yml valid\nconfig/infrastructures/dxw-govpress/essex-blog.yml valid\nconfig/infrastructures/dxw-govpress/fcdo-blog.yml valid\nconfig/infrastructures/dxw-govpress/fcdo-lanc.yml valid\nconfig/infrastructures/dxw-govpress/fcdo-proto.yml valid\nconfig/infrastructures/dxw-govpress/fcdo-stor.yml valid\nconfig/infrastructures/dxw-govpress/fleming.yml valid\nconfig/infrastructures/dxw-govpress/gosc-test.yml valid\nconfig/infrastructures/dxw-govpress/hackneyrec.yml valid\nconfig/infrastructures/dxw-govpress/healthy-lon.yml valid\nconfig/infrastructures/dxw-govpress/icai.yml valid\nconfig/infrastructures/dxw-govpress/itf.yml valid\nconfig/infrastructures/dxw-govpress/lamb-cs.yml valid\nconfig/infrastructures/dxw-govpress/lamb-love.yml valid\nconfig/infrastructures/dxw-govpress/lamb-made.yml valid\nconfig/infrastructures/dxw-govpress/lamb-tog.yml valid\nconfig/infrastructures/dxw-govpress/natcen-scot.yml valid\nconfig/infrastructures/dxw-govpress/natcen-uk.yml valid\nconfig/infrastructures/dxw-govpress/nhs-england.yml valid\nconfig/infrastructures/dxw-govpress/nhs-ltp.yml valid\nconfig/infrastructures/dxw-govpress/ons-careers.yml valid\nconfig/infrastructures/dxw-govpress/ons-cop.yml valid\nconfig/infrastructures/dxw-govpress/ons-osr.yml valid\nconfig/infrastructures/dxw-govpress/ons-uksa.yml valid\nconfig/infrastructures/dxw-govpress/ons-www.yml valid\nconfig/infrastructures/dxw-govpress/osdi.yml valid\nconfig/infrastructures/dxw-govpress/osteo-cpd.yml valid\nconfig/infrastructures/dxw-govpress/osteo-std.yml valid\nconfig/infrastructures/dxw-govpress/psaa.yml valid\nconfig/infrastructures/dxw-govpress/psc.yml valid\nconfig/infrastructures/dxw-govpress/refugee.yml valid\nconfig/infrastructures/dxw-govpress/saluki-sub.yml valid\nconfig/infrastructures/dxw-govpress/saluki-test.yml valid\nconfig/infrastructures/dxw-govpress/settle.yml valid\nconfig/infrastructures/dxw-govpress/stg-aos.yml valid\nconfig/infrastructures/dxw-govpress/stg.yml valid\nconfig/infrastructures/dxw-govpress/tke.yml valid\nconfig/infrastructures/dxw-govpress/ukaea.yml valid\nconfig/infrastructures/dxw-govpress/unialliance.yml valid\nconfig/infrastructures/dxw-govpress/unimyths.yml valid\nconfig/infrastructures/dxw-govpress/v-to-c.yml valid\nconfig/infrastructures/dxw-govpress/v2c-llanw.yml valid\nconfig/infrastructures/dxw-govpress/younghack.yml valid\nconfig/infrastructures/dxw-pentest.yml valid\nconfig/infrastructures/dxw-pentest/saluki.yml valid\nconfig/infrastructures/esht.yml valid\nconfig/infrastructures/esht/me.yml valid\nconfig/infrastructures/esht/web.yml valid\nconfig/infrastructures/essex.yml valid\nconfig/infrastructures/essex/blog.yml valid\nconfig/infrastructures/fcdo.yml valid\nconfig/infrastructures/fcdo/blogs.yml valid\nconfig/infrastructures/fcdo/lancaster.yml valid\nconfig/infrastructures/fcdo/protocol.yml valid\nconfig/infrastructures/fcdo/stories.yml valid\nconfig/infrastructures/gds.yml valid\nconfig/infrastructures/gds/blog.yml valid\nconfig/infrastructures/gds/blogdev.yml valid\nconfig/infrastructures/gds/campaign.yml valid\nconfig/infrastructures/judiciary-int.yml valid\nconfig/infrastructures/judiciary-int/intranet.yml valid\nconfig/infrastructures/judiciary.yml valid\nconfig/infrastructures/judiciary/web.yml valid\nconfig/infrastructures/mettvh.yml valid\nconfig/infrastructures/mettvh/mid-test-01.yml valid\nconfig/infrastructures/mettvh/mid-test-02.yml valid\nconfig/infrastructures/mettvh/mid.yml valid\nconfig/infrastructures/mettvh/web-test-01.yml valid\nconfig/infrastructures/mettvh/web-test-02.yml valid\nconfig/infrastructures/mettvh/web.yml valid\nconfig/infrastructures/mtvh-gp.yml valid\nconfig/infrastructures/mtvh-gp/web.yml valid\nconfig/infrastructures/nao.yml valid\nconfig/infrastructures/nao/paf.yml valid\nconfig/infrastructures/nao/web.yml valid\nconfig/infrastructures/natcen.yml valid\nconfig/infrastructures/natcen/natcen-scot.yml valid\nconfig/infrastructures/natcen/natcen-uk.yml valid\nconfig/infrastructures/nhs-england.yml valid\nconfig/infrastructures/nhs-england/longterm.yml valid\nconfig/infrastructures/nhs-england/web.yml valid\nconfig/infrastructures/nhsx-website.yml valid\nconfig/infrastructures/nhsx-website/web.yml valid\nconfig/infrastructures/ons.yml valid\nconfig/infrastructures/ons/blog.yml valid\nconfig/infrastructures/rwm.yml valid\nconfig/infrastructures/rwm/copeland.yml valid\nconfig/infrastructures/rwm/cumbria.yml valid\nconfig/infrastructures/rwm/explore.yml valid\nconfig/infrastructures/rwm/nws-wip.yml valid\nconfig/infrastructures/rwm/nws.yml valid\nconfig/infrastructures/rwm/wg3.yml valid\nconfig/infrastructures/rwm/wip.yml valid\nconfig/infrastructures/stgeorges.yml valid\nconfig/infrastructures/stgeorges/aos.yml valid\nconfig/infrastructures/stgeorges/web.yml valid\nconfig/infrastructures/test-app.yml valid\nconfig/infrastructures/test-app/test-service.yml valid\n==> Validating infrastructures with shared loadbalancers…\n==> Combining configuration files…\n==> Standardising output…\nProcess Group PGID: 66620" } } } ], "status": "success", "timestamp": "2026-02-20T17:56:23.944Z", "resultDisplay": "==> Validating configuration files…\n==> Validating dalmatian.yml against schema…\nconfig/dalmatian.yml valid\n==> Validating infrastructure configurations against schema…\nconfig/infrastructures/bas.yml valid\nconfig/infrastructures/caselaw-stg.yml valid\nconfig/infrastructures/caselaw.yml valid\nconfig/infrastructures/dalmatian-1.yml valid\nconfig/infrastructures/dhsc.yml valid\nconfig/infrastructures/dxw-govpress.yml valid\nconfig/infrastructures/dxw-pentest.yml valid\nconfig/infrastructures/esht.yml valid\nconfig/infrastructures/essex.yml valid\nconfig/infrastructures/fcdo.yml valid\nconfig/infrastructures/gds.yml valid\nconfig/infrastructures/judiciary-int.yml valid\nconfig/infrastructures/judiciary.yml valid\nconfig/infrastructures/mettvh.yml valid\nconfig/infrastructures/mtvh-gp.yml valid\nconfig/infrastructures/nao.yml valid\nconfig/infrastructures/natcen.yml valid\nconfig/infrastructures/nhs-england.yml valid\nconfig/infrastructures/nhsx-website.yml valid\nconfig/infrastructures/ons.yml valid\nconfig/infrastructures/rwm.yml valid\nconfig/infrastructures/stgeorges.yml valid\nconfig/infrastructures/test-app.yml valid\n==> Validating service configurations against schema…\nconfig/infrastructures/bas.yml valid\nconfig/infrastructures/bas/web.yml valid\nconfig/infrastructures/caselaw-stg.yml valid\nconfig/infrastructures/caselaw-stg/editor.yml valid\nconfig/infrastructures/caselaw-stg/pdf-worker.yml valid\nconfig/infrastructures/caselaw-stg/priv-api.yml valid\nconfig/infrastructures/caselaw-stg/public.yml valid\nconfig/infrastructures/caselaw.yml valid\nconfig/infrastructures/caselaw/editor.yml valid\nconfig/infrastructures/caselaw/pdf-worker.yml valid\nconfig/infrastructures/caselaw/priv-api.yml valid\nconfig/infrastructures/caselaw/public.yml valid\nconfig/infrastructures/dalmatian-1.yml valid\nconfig/infrastructures/dalmatian-1/sun-worker.yml valid\nconfig/infrastructures/dalmatian-1/sun.yml valid\nconfig/infrastructures/dhsc.yml valid\nconfig/infrastructures/dhsc/intra-dev.yml valid\nconfig/infrastructures/dhsc/intranet.yml valid\nconfig/infrastructures/dxw-govpress.yml valid\nconfig/infrastructures/dxw-govpress/advisories.yml valid\nconfig/infrastructures/dxw-govpress/af-covenant.yml valid\nconfig/infrastructures/dxw-govpress/af-day.yml valid\nconfig/infrastructures/dxw-govpress/af-grants.yml valid\nconfig/infrastructures/dxw-govpress/analysis.yml valid\nconfig/infrastructures/dxw-govpress/arctic.yml valid\nconfig/infrastructures/dxw-govpress/bas-2025.yml valid\nconfig/infrastructures/dxw-govpress/bas-ice-arc.yml valid\nconfig/infrastructures/dxw-govpress/bas.yml valid\nconfig/infrastructures/dxw-govpress/bat.yml valid\nconfig/infrastructures/dxw-govpress/bce.yml valid\nconfig/infrastructures/dxw-govpress/bikeshed.yml valid\nconfig/infrastructures/dxw-govpress/biot.yml valid\nconfig/infrastructures/dxw-govpress/care-city.yml valid\nconfig/infrastructures/dxw-govpress/cognus.yml valid\nconfig/infrastructures/dxw-govpress/coretest.yml valid\nconfig/infrastructures/dxw-govpress/dcmsblog.yml valid\nconfig/infrastructures/dxw-govpress/dfe-eah.yml valid\nconfig/infrastructures/dxw-govpress/dft-think.yml valid\nconfig/infrastructures/dxw-govpress/dsma.yml valid\nconfig/infrastructures/dxw-govpress/dxw-web.yml valid\nconfig/infrastructures/dxw-govpress/e-and-e.yml valid\nconfig/infrastructures/dxw-govpress/esht-me.yml valid\nconfig/infrastructures/dxw-govpress/esht.yml valid\nconfig/infrastructures/dxw-govpress/essex-blog.yml valid\nconfig/infrastructures/dxw-govpress/fcdo-blog.yml valid\nconfig/infrastructures/dxw-govpress/fcdo-lanc.yml valid\nconfig/infrastructures/dxw-govpress/fcdo-proto.yml valid\nconfig/infrastructures/dxw-govpress/fcdo-stor.yml valid\nconfig/infrastructures/dxw-govpress/fleming.yml valid\nconfig/infrastructures/dxw-govpress/gosc-test.yml valid\nconfig/infrastructures/dxw-govpress/hackneyrec.yml valid\nconfig/infrastructures/dxw-govpress/healthy-lon.yml valid\nconfig/infrastructures/dxw-govpress/icai.yml valid\nconfig/infrastructures/dxw-govpress/itf.yml valid\nconfig/infrastructures/dxw-govpress/lamb-cs.yml valid\nconfig/infrastructures/dxw-govpress/lamb-love.yml valid\nconfig/infrastructures/dxw-govpress/lamb-made.yml valid\nconfig/infrastructures/dxw-govpress/lamb-tog.yml valid\nconfig/infrastructures/dxw-govpress/natcen-scot.yml valid\nconfig/infrastructures/dxw-govpress/natcen-uk.yml valid\nconfig/infrastructures/dxw-govpress/nhs-england.yml valid\nconfig/infrastructures/dxw-govpress/nhs-ltp.yml valid\nconfig/infrastructures/dxw-govpress/ons-careers.yml valid\nconfig/infrastructures/dxw-govpress/ons-cop.yml valid\nconfig/infrastructures/dxw-govpress/ons-osr.yml valid\nconfig/infrastructures/dxw-govpress/ons-uksa.yml valid\nconfig/infrastructures/dxw-govpress/ons-www.yml valid\nconfig/infrastructures/dxw-govpress/osdi.yml valid\nconfig/infrastructures/dxw-govpress/osteo-cpd.yml valid\nconfig/infrastructures/dxw-govpress/osteo-std.yml valid\nconfig/infrastructures/dxw-govpress/psaa.yml valid\nconfig/infrastructures/dxw-govpress/psc.yml valid\nconfig/infrastructures/dxw-govpress/refugee.yml valid\nconfig/infrastructures/dxw-govpress/saluki-sub.yml valid\nconfig/infrastructures/dxw-govpress/saluki-test.yml valid\nconfig/infrastructures/dxw-govpress/settle.yml valid\nconfig/infrastructures/dxw-govpress/stg-aos.yml valid\nconfig/infrastructures/dxw-govpress/stg.yml valid\nconfig/infrastructures/dxw-govpress/tke.yml valid\nconfig/infrastructures/dxw-govpress/ukaea.yml valid\nconfig/infrastructures/dxw-govpress/unialliance.yml valid\nconfig/infrastructures/dxw-govpress/unimyths.yml valid\nconfig/infrastructures/dxw-govpress/v-to-c.yml valid\nconfig/infrastructures/dxw-govpress/v2c-llanw.yml valid\nconfig/infrastructures/dxw-govpress/younghack.yml valid\nconfig/infrastructures/dxw-pentest.yml valid\nconfig/infrastructures/dxw-pentest/saluki.yml valid\nconfig/infrastructures/esht.yml valid\nconfig/infrastructures/esht/me.yml valid\nconfig/infrastructures/esht/web.yml valid\nconfig/infrastructures/essex.yml valid\nconfig/infrastructures/essex/blog.yml valid\nconfig/infrastructures/fcdo.yml valid\nconfig/infrastructures/fcdo/blogs.yml valid\nconfig/infrastructures/fcdo/lancaster.yml valid\nconfig/infrastructures/fcdo/protocol.yml valid\nconfig/infrastructures/fcdo/stories.yml valid\nconfig/infrastructures/gds.yml valid\nconfig/infrastructures/gds/blog.yml valid\nconfig/infrastructures/gds/blogdev.yml valid\nconfig/infrastructures/gds/campaign.yml valid\nconfig/infrastructures/judiciary-int.yml valid\nconfig/infrastructures/judiciary-int/intranet.yml valid\nconfig/infrastructures/judiciary.yml valid\nconfig/infrastructures/judiciary/web.yml valid\nconfig/infrastructures/mettvh.yml valid\nconfig/infrastructures/mettvh/mid-test-01.yml valid\nconfig/infrastructures/mettvh/mid-test-02.yml valid\nconfig/infrastructures/mettvh/mid.yml valid\nconfig/infrastructures/mettvh/web-test-01.yml valid\nconfig/infrastructures/mettvh/web-test-02.yml valid\nconfig/infrastructures/mettvh/web.yml valid\nconfig/infrastructures/mtvh-gp.yml valid\nconfig/infrastructures/mtvh-gp/web.yml valid\nconfig/infrastructures/nao.yml valid\nconfig/infrastructures/nao/paf.yml valid\nconfig/infrastructures/nao/web.yml valid\nconfig/infrastructures/natcen.yml valid\nconfig/infrastructures/natcen/natcen-scot.yml valid\nconfig/infrastructures/natcen/natcen-uk.yml valid\nconfig/infrastructures/nhs-england.yml valid\nconfig/infrastructures/nhs-england/longterm.yml valid\nconfig/infrastructures/nhs-england/web.yml valid\nconfig/infrastructures/nhsx-website.yml valid\nconfig/infrastructures/nhsx-website/web.yml valid\nconfig/infrastructures/ons.yml valid\nconfig/infrastructures/ons/blog.yml valid\nconfig/infrastructures/rwm.yml valid\nconfig/infrastructures/rwm/copeland.yml valid\nconfig/infrastructures/rwm/cumbria.yml valid\nconfig/infrastructures/rwm/explore.yml valid\nconfig/infrastructures/rwm/nws-wip.yml valid\nconfig/infrastructures/rwm/nws.yml valid\nconfig/infrastructures/rwm/wg3.yml valid\nconfig/infrastructures/rwm/wip.yml valid\nconfig/infrastructures/stgeorges.yml valid\nconfig/infrastructures/stgeorges/aos.yml valid\nconfig/infrastructures/stgeorges/web.yml valid\nconfig/infrastructures/test-app.yml valid\nconfig/infrastructures/test-app/test-service.yml valid\n==> Validating infrastructures with shared loadbalancers…\n==> Combining configuration files…\n==> Standardising output…", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "694a3c2d-45f1-4eb4-b2f3-9b92d654b0c1", "timestamp": "2026-02-20T17:56:35.240Z", "type": "gemini", "content": "I will search for `dxw-pentest` in the root `dalmatian.yml` file of the `dalmatian-config` repository to confirm that it has been successfully included after the compilation.", "thoughts": [ { "subject": "Verifying Dalmatian.yml", "description": "Okay, the `dalmatian.yml` file is supposedly updated. My next step involves confirming this update. I'm going to search for the string `dxw-pentest` within the file to make sure the changes were properly applied.", "timestamp": "2026-02-20T17:56:35.114Z" } ], "tokens": { "input": 90326, "output": 81, "cached": 3774, "thoughts": 35, "tool": 0, "total": 90442 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "grep_search_1771610195237_0", "name": "grep_search", "args": { "pattern": "dxw-pentest", "file_path": "/Users/bob/git/dxw/dalmatian-config/dalmatian.yml" }, "result": [ { "functionResponse": { "id": "grep_search_1771610195237_0", "name": "grep_search", "response": { "output": "No matches found for pattern \"dxw-pentest\" in path \".\"." } } } ], "status": "success", "timestamp": "2026-02-20T17:56:35.307Z", "resultDisplay": "No matches found", "displayName": "SearchText", "description": "Searches for a regular expression pattern within file contents. Max 100 matches.", "renderOutputAsMarkdown": true } ] }, { "id": "f3ce71ae-7ff4-4cc4-8c13-80e99e025b11", "timestamp": "2026-02-20T17:56:39.900Z", "type": "gemini", "content": "I will search for `pentest` (case-insensitive) in the root `dalmatian.yml` file of the `dalmatian-config` repository to ensure I haven't missed it due to case sensitivity or a typo.", "thoughts": [ { "subject": "Examining Infrastructure Naming", "description": "I'm currently trying to figure out why a particular configuration isn't being loaded. It seems the file name is crucial. Specifically, the `bin/combine-configs` script extracts the infrastructure name directly from the file name. This makes me suspect the key used to reference the missing config might be wrong.", "timestamp": "2026-02-20T17:56:38.106Z" }, { "subject": "Investigating Configuration Keys", "description": "I'm now zeroing in on the config key. I double-checked `dxw-pentest .yml`, and I'm fairly certain the problem isn't there. Then I looked at the `combine-configs` script. Bingo! The infrastructure name is derived directly from the filename without any alteration. So the key *should* be `dxw-pentest`. I'm starting to suspect a typo or some subtle naming issue is at play. To rule that out, I'm going to run a case-insensitive `grep`.", "timestamp": "2026-02-20T17:56:39.743Z" } ], "tokens": { "input": 90423, "output": 102, "cached": 86770, "thoughts": 198, "tool": 0, "total": 90723 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771610199888_0", "name": "run_shell_command", "args": { "command": "grep -i pentest /Users/bob/git/dxw/dalmatian-config/dalmatian.yml", "description": "Search for 'pentest' in the compiled dalmatian.yml." }, "result": [ { "functionResponse": { "id": "run_shell_command_1771610199888_0", "name": "run_shell_command", "response": { "output": "Output: dxw-pentest:\n - identifier: pentestvone\n target_origin_id: dxw-pentest-saluki-staging-default-origin\n target_origin_id: dxw-pentest-saluki-staging-default-origin\nProcess Group PGID: 67091" } } } ], "status": "success", "timestamp": "2026-02-20T17:56:42.914Z", "resultDisplay": " dxw-pentest:\n - identifier: pentestvone\n target_origin_id: dxw-pentest-saluki-staging-default-origin\n target_origin_id: dxw-pentest-saluki-staging-default-origin", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "47619052-9d1c-4689-859e-1ec8345e3f43", "timestamp": "2026-02-20T17:56:45.641Z", "type": "gemini", "content": "I will read the `dxw-pentest` section of the compiled `dalmatian.yml` file to verify that the `replication_bucket_destination_arn` has been correctly added to the `pentestvone` RDS instance.", "thoughts": [ { "subject": "Inspecting the Configuration", "description": "I've confirmed the initial presence of the target, and am now diving into the RDS configuration details within the `dalmatian-config/dalmatian.yml` file. My focus is squarely on `pent estvone` to get a precise picture of its current settings.", "timestamp": "2026-02-20T17:56:45.509Z" } ], "tokens": { "input": 90601, "output": 117, "cached": 86579, "thoughts": 36, "tool": 0, "total": 90754 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771610205638_0", "name": "run_shell_command", "args": { "description": "Check the RDS configuration for 'dxw-pentest' in the compiled dalmatian.yml.", "command": "grep -A 20 \"dxw-pentest:\" /Users/bob/git/dxw/dalmatian-config/dalmatian.yml" }, "result": [ { "functionResponse": { "id": "run_shell_command_1771610205638_0", "name": "run_shell_command", "response": { "output": "Output: dxw-pentest:\n account_id: '932446864135'\n cluster:\n create: true\n rds:\n - identifier: pentestvone\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: '8.0'\n db_name: saluki\n replication_bucket_destination_arn: arn:aws:s3:::wai4vub1-mtvh-replication-test\n shared_loadbalancer:\n - name: shared-1\n in_use_by:\n - saluki\n environments:\n staging:\n track_revision: develop\n instance_type: t3.medium\nProcess Group PGID: 67122" } } } ], "status": "success", "timestamp": "2026-02-20T17:56:51.395Z", "resultDisplay": " dxw-pentest:\n account_id: '932446864135'\n cluster:\n create: true\n rds:\n - identifier: pentestvone\n instance_class:\n staging: db.t3.small\n prod: db.t3.small\n engine: mysql\n engine_version: '8.0'\n db_name: saluki\n replication_bucket_destination_arn: arn:aws:s3:::wai4vub1-mtvh-replication-test\n shared_loadbalancer:\n - name: shared-1\n in_use_by:\n - saluki\n environments:\n staging:\n track_revision: develop\n instance_type: t3.medium", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "5e2d67e8-e7fe-4fb2-988a-d2a6f48760d2", "timestamp": "2026-02-20T17:56:55.404Z", "type": "gemini", "content": "I will run the Terraform plan for the `dxw-pentest` RDS infrastructure to verify that the `aws_s3_bucket_versioning.sql_backups` resource and the replication configuration are now being correctly planned.", "thoughts": [ { "subject": "Planning Infrastructure Deployment", "description": "The Terraform plan is running, focusing on the `dxw-pentest` RDS infrastructure. I anticipate seeing the `aws_s3_bucket_versioning.sql_backups` resource creation and the replication configuration details in the plan's output. Initial checks confirm the configuration is valid; now for execution!", "timestamp": "2026-02-20T17:56:54.182Z" }, { "subject": "Analyzing RDS Deployment Plans", "description": "I've successfully executed the Terraform plan, and I'm reviewing the output. The `aws_s3_bucket_versioning.sql_backups` resource creation is confirmed. Replication configurations are also as expected. I'm now verifying the deployment with `scripts/bin/test` and confirming it's using the updated `dalmatian.yml` config file. The tests should validate the configuration I've just updated.", "timestamp": "2026-02-20T17:56:55.250Z" } ], "tokens": { "input": 90915, "output": 92, "cached": 90305, "thoughts": 166, "tool": 0, "total": 91173 }, "model": "gemini-3-flash-preview", "toolCalls": [ { "id": "run_shell_command_1771610215400_0", "name": "run_shell_command", "args": { "command": "./scripts/bin/test -i dxw-pentest -T rds", "description": "Run Terraform plan for dxw-pentest rds to verify replication changes." }, "result": [ { "functionResponse": { "id": "run_shell_command_1771610215400_0", "name": "run_shell_command", "response": { "output": "Output too large. Showing first 8,000 and last 32,000 characters. For full output see: /Users/bob/.gemini/tmp/dalmatian/tool-outputs/session-630ce049-b5a9-45d9-a5c3-385de197ea93/run_shell_command_1771610215400_0.txt\nOutput: ==> Installing Ruby and dependencies...\nSuccessfully installed bundler-2.4.22\nParsing documentation for bundler-2.4.22\nDone installing documentation for bundler after 0 seconds\n1 gem installed\nBundle complete! 13 Gemfile dependencies, 53 gems now installed.\nBundled gems are installed into `../../../.bundles`\n\n==> Installing Terraform and dependencies...\nTerraform v1.9.8 is already installed\n[*] Checking out 0.17.0 from git@github.com:cloudposse/terraform-aws-codebuild.git\n[*] Checking out 2.1.0 from git@github.com:dxw/terraform-aws-github-ci.git\n[*] Checking out 3cc589ecb5bf70fbd1188c47c915550235d4714b from git@github.com:dxw/terraform-aws-s3-bucket.git\n[*] Checking out v2.70.0 from git@github.com:terraform-aws-modules/terraform-aws-vpc\n[*] Checking out v5.7.0 from git@github.com:dxw/tf_aws_ecs.git\n[*] Checking out 1.1.0 from git@github.com:dxw/terraform-aws-cloudtrail\n[*] Checking out 0.28.2 from git@github.com:cloudposse/terraform-aws-efs\n[*] Checking out v1.3.0 from git@github.com:claranet/terraform-aws-lambda\n[*] Checking out v5.2.2 from git@github.com:terraform-aws-modules/terraform-aws-rds\n[*] Checking out v8.3.1 from git@github.com:terraform-aws-modules/terraform-aws-rds-aurora.git\n\n==> Checking for a 'dalmatian.yml' in the root...\nFound: /Users/bob/git/dxw/dalmatian-config/dalmatian.yml\n\n==> Linting YAML...\n\n==> Linting shell scripts...\n\n==> Checking Terraform for JSON errors...\n- Checking ./terraform/policies/iam-read.json... Passed\n- Checking ./terraform/policies/s3-rw-with-versioning.json... Passed\n- Checking ./terraform/policies/codestar-connection-use.json... Passed\n- Checking ./terraform/policies/iam-create-access-key.json... Passed\n- Checking ./terraform/policies/codebuild.json... Passed\n- Checking ./terraform/policies/kms-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/iam-change-password.json... Passed\n- Checking ./terraform/policies/administrator-access.json... Passed\n- Checking ./terraform/policies/assume_roles/aws-backup.json... Passed\n- Checking ./terraform/policies/assume_roles/autoscaling.json... Passed\n- Checking ./terraform/policies/assume_roles/events.json... Passed\n- Checking ./terraform/policies/assume_roles/ecs.json... Passed\n- Checking ./terraform/policies/assume_roles/codepipeline.json... Passed\n- Checking ./terraform/policies/iam-mfa.json... Passed\n- Checking ./terraform/policies/route53-read.json... Passed\n- Checking ./terraform/policies/s3-full-access.json... Passed\n- Checking ./terraform/policies/parameter-store-read-decrypt.json... Passed\n- Checking ./terraform/policies/s3-read.json... Passed\n- Checking ./terraform/policies/parameter-store-RW-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/all-read-with-billing.json... Passed\n- Checking ./terraform/policies/codebuild-start-build.json... Passed\n- Checking ./terraform/policies/all-read.json... Passed\n\n==> Linting Terraform...\n\n==> Running Ruby tests...\n/Users/bob/.rbenv/versions/2.7.1/bin/ruby -I/Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/lib:/Users/bob/.bundles/ruby/2.7.0/gems/rspec-support-3.12.1/lib /Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/exe/rspec --pattern spec/\\*\\*\\{,/\\*/\\*\\*\\}/\\*_spec.rb\n\ntests local configuration\n use of \"terraform apply\"\n passes the hosted zone config to \"terraform apply\"\n passes the s3 config to \"terraform apply\"\n passes the vpn customer gateway config to \"terraform apply\"\n passes the base config to \"terraform apply\"\n passes the waf config to \"terraform apply\"\n passes the rds config to \"terraform apply\"\n passes the elasticache config to \"terraform apply\"\n passes the opensearch config to \"terraform apply\"\n passes the service config to \"terraform apply\"\n passes the loadbalancer config to \"terraform apply\"\n passes the cluster 2 config to \"terraform apply\"\n passes the cluster 3 config to \"terraform apply\"\n passes the cluster 4 config to \"terraform apply\"\n\ntests remote configuration\n retrieves the remotely held full configuration\n proceeds with deploying the infrastructure as per the cached full configuration\n\ntests local configuration\n invokes \"terraform validate\" with the expected cluster options\n invokes \"terraform validate\" with the expected source options\n use of \"terraform plan\"\n passes the hosted zone config to \"terraform plan\"\n passes the s3 config to \"terraform plan\"\n passes the vpn customer gateway config to \"terraform plan\"\n passes the base config to \"terraform plan\"\n passes the waf config to \"terraform plan\"\n passes the rds config to \"terraform plan\"\n passes the elasticache config to \"terraform plan\"\n passes the opensearch config to \"terraform plan\"\n passes the services config to \"terraform plan\"\n passes the loadbalancer config to \"terraform plan\"\n passes the cluster 2 config to \"terraform plan\"\n passes the cluster 3 config to \"terraform plan\"\n passes the cluster 4 config to \"terraform plan\"\n\nDalmatian::Account\n initialisation\n gathering user input\n asks the user for AWS credentials\n asks the user for the AWS account id to use\n asks the user for an account alias\n #call\n changes to the bootstrapping directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n\nDalmatian::CacheHandlerSelector\n ::new_for(remote_reference)\n when the remote reference is for a git repo\n asks for an instance of GitCacheHandler\n when the remote reference is for an S3 bucket\n asks for an instance of S3CacheHandler\n when the remote reference is for a URL\n asks for an instance of UrlCacheHandler\n when the type is unknown\n raises an error\n\nCacheHandler\n when a subclass class does not implement #cache_remote_configuration\n raises a helpful error\n\nDalmatian::CI\n CI::PATH\n is a constant\n #deploy\n changes to the ci directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n #test\n runs terraform plan with the user-supplied vars\n\nDalmatian::ClusterDeployment\n #call\n changes to the ecs directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n when in _plan_ mode\n invokes Terraform.plan using the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply using the _dalmatian-admin_\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Cluster\n on initialisation\n makes Hosted zones, S3, Sources, Services, Loadbalancers, WAF and Rds\n #target_directory\n is a standard _ecs_ path\n #id\n is the primary key of the cluster definition is used\n #name\n when the cluster has an explicitly provided _name_ property\n that property is used\n when the cluster does not have an explicitly provided _name_ property\n the primary key of the cluster definition is used\n #account_id\n is the aws account key for deployment\n #sources\n represents any links to remote sources\n #environments\n represents the attributes of each environment's cluster section\n #fetch\n when the source is remotely held\n logs the plan to clone the source into the infrastructure pth\n deletes any existing source at the infrastructure location\n clones each source into the infrastructure location\n changes to the infrastructure directory for each source\n runs rake terrafile\n changes back to the APP_ROOT\n when the source is a local file path\n does not re-clone the source\n does not run terrafile\n when the specified local directory exists\n logs the fact that the local source is in place\n when the specificed local directory does not exist\n logs an error that the local source is\n\n... [11,652 characters omitted] ...\n\nackups disabled by default\n #replication_bucket_destination_arn\n uses the rds replication_bucket_destination_arn\n #replication_kms_key_id\n uses the rds replication_kms_key_id\n #codebuild_access\n uses the rds codebuild_access\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::RdsTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::RemoteReferenceValues\n when the reference is for a git repo\n returns a git shaped configuration\n if _filename_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for an S3 bucket\n returns an S3 shaped configuration\n if _key_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for a URL\n returns a git shaped configuration\n\nDalmatian::S3CacheHandler\n #call\n deletes any old cache\n uses the AWS S3 cmd to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::S3Deployment\n #call\n changes to s3 infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::S3\n #name\n uses s3 name\n #enable_s3_versioning\n uses enable_s3_versioning bool\n #encrypted\n uses s3 encrypted bool\n #acl\n uses s3 acl\n #policy\n uses s3 policy\n #service_cloudfront_read_access\n uses s3 service_cloudfront_read_access\n #cloudfront\n uses s3 cloudfront\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::S3Test\n #call\n changes to the s3 directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ServiceDeployment\n #call\n changes to ecs-services infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Service\n #name\n uses service name\n #blue_green\n uses the service blue_green map\n #parameter_store_path\n uses service parameter_store_path\n #parameter_store_key\n uses service parameter_store_key\n #daemon\n uses the service daemon bool\n #monitoring\n uses the service monitoring hash\n #cloudfront\n recasts the service config in environment groups\n includes the appropriate \"custom_origins\" values in each environment\n Uses an AWS cloudfront managed cache policy\n Uses an AWS cloudfront managed origin policy\n Uses an AWS cloudfront managed response headers policy\n mirroring of elements into each environment group\n includes the \"create\" value\n includes the \"tls_protocol_version\" value\n includes the \"origin_keepalive_timeout\" value\n includes the \"origin_read_timeout\" value\n includes the \"basic_auth\" value\n includes the \"basic_auth_users_extra\" value\n includes the \"viewer_request_functions\" values\n includes the \"offline_page_http_status\" value\n bypass_protection\n uses the \"bypass_protection\" configuration\n custom_behaviors\n converts list of \"path_patterns\" to a single \"path_pattern\"\n #shared_loadbalancer_name\n returns shared loadbalancer name if the service is in use by a shared loadbalancer\n returns empty string if the service is not in use by a shared loadbalancer\n #s3_policy\n uses the service s3_policy map\n #lb_ip_whitelistt\n uses the service lb_ip_whitelist list\n #lb_idle_timeout\n uses the service lb_idle_timeout\n #global_accelerator\n uses service global_accelerator value\n #health_check_path\n uses the service health_check_path\n #health_check_grace_period\n uses the service health_check_grace_period\n #deregistration_delay\n uses the service deregistration_delay\n #serve_from_subdirectory\n uses the service serve_from_subdirectory\n #domain_names\n groups the domain names from the service domain_list into environments\n #proxy_configuration\n groups the proxy configurations from the service proxy_configuration list into environments\n #home_directory\n uses the service home_directory\n #lb_ssl_certificate\n groups the certificate arns from the service lb_ssl_certificate list into environments\n #lb_ssl_policy\n sets the default ssl policy for each environment\n #cloudfront_ssl_certificate\n groups the certificate arns from the service cloudfront_ssl_certificate list into environments\n #image_source\n uses the service image source\n #launch_on\n uses the service 'launch_on' specification\n #launch_on_cluster\n uses the service 'launch_on_cluster' string\n #cluster_min_servers\n uses the service 'cluster_min_servers' string\n #image_location\n uses the service image location\n #track_revision\n uses the service track_revision string\n #custom_codestar_connection_arn\n uses the service custom_codestar_connection_arn\n #codepipeline_use_github_v1\n uses the service codepipeline_use_github_v1\n #codepipeline_codebuild_run_in_vpc\n uses the service codepipeline_codebuild_run_in_vpc\n #codepipeline_codebuild_use_service_env\n uses the service codepipeline_codebuild_use_service_env\n #buildspec\n uses the service buildspec\n #container_port\n uses the service container port\n #container_command\n uses the service container command\n #container_volumes\n uses the service container volumes\n #container_extra_hosts\n uses the service container extra hosts\n #container_count\n uses the service container_count\n #enable_max_one_container_per_instance\n uses the service enable_max_one_container_per_instance\n #scheduled_tasks\n uses the service scheduled tasks\n #workers\n uses the service workers\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ServiceTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SharedLoadbalancerDeployment\n #call\n changes to shared-loadbalancer infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::SharedLoadbalancer\n #name\n uses shared_loadbalancer name\n #in_use_by\n uses shared_loadbalancer in_use_by list\n #clusters_in_use\n uses shared_loadbalancer clusters_in_use list\n #subnets_name\n uses shared_loadbalancer subnets_name value\n #domain_names\n uses shared_loadbalancer domain_names list provided by Services\n #internal\n uses shared_loadbalancer internal value\n #ip_whitelist\n uses shared_loadbalancer ip_whitelist list\n #idle_timeout\n uses shared_loadbalancer idle_timeout value\n #global_accelerator\n uses shared_loadbalancer global_accelerator value\n #ssl_policy\n has the default ssl policy defined\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::SharedLoadbalancerTest\n #call\n changes to the shared-loadbalancer directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SourceDeployment\n #call\n changes to infrastructure config directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Source\n #name\n uses the cluster name and its own position in the cluster's list of sources\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n\nDalmatian::SourceTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform.validate\n\nDalmatian::Terraform\n ::init(upgrade: false)\n when asked to upgrade\n passes terraform init the upgrade flag\n when not asked to upgrade\n does not pass terraform init the upgrade flag\n ::fmt(args = nil)\n when passed some additional arguments\n passes terraform fmt the upgrade flag\n when passed NO additional arguments\n invokes terraform fmt with no arguments\n ::validate(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::ensure_presence_of_workspace(workspace_name)\n logs our intention to create the workspace\n asks Terraform to create the workspace\n when the workspace already exists (and an error is rescued)\n logs our intention to _select_ rather than _create_ the workspace\n asks Terraform to select the existing workspace\n ::plan(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::apply(tfvars, auto_approve=false)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n when auto-approve is set to true\n passes the _auto-approve_ flag to terraform apply\n ::destroy(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::list_workspaces\n changes to the bootstrapping directory\n runs the terraform cmd to list workspaces\n\nDalmatian::UrlCacheHandler\n #call\n deletes any old cache\n uses the helper to GET a URI\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::VpnCustomerGatewayDeployment\n #call\n changes to vpn-customer-gateway infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::VpnCustomerGateway\n #name\n uses vpn_customer_gateway name\n #bgp_asn\n uses vpn_customer_gateway bgp_asn\n #ip_address\n uses vpn_customer_gateway ip_address\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::VpnCustomerGatewayTest\n #call\n changes to the vpn-customer-gateway directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::WAFDeployment\n #call\n changes to waf infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::WAF\n #name\n uses waf name\n #action\n uses waf action\n #ip_deny_list\n has a list of IP addresses to block\n #aws_managed_rules\n uses waf aws_managed_rules list\n #associations\n uses waf associations list\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::WAFTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nFinished in 3.23 seconds (files took 0.7882 seconds to load)\n478 examples, 0 failures\n\nCoverage report generated for RSpec to /Users/bob/git/dxw/dalmatian/coverage. 4310 / 4389 LOC (98.2%) covered.\n\n==> Linting markdown...\n\n==> Fetching Dalmatian config for 'dxw-pentest'...\n\n==> Testing Dalmatian for 'dxw-pentest'...\n[*] Running terraform init for dxw-pentest-pentestvone-rds-staging\nInitializing the backend...\nUpgrading modules...\n- rds in ../../../vendor/terraform_modules/terraform-aws-rds\n- rds.db_instance in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_instance\n- rds.db_option_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_option_group\n- rds.db_parameter_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_parameter_group\n- rds.db_subnet_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_subnet_group\nInitializing provider plugins...\n- Finding hashicorp/aws versions matching \">= 4.45.0, ~> 4.45\"...\n- Finding hashicorp/random versions matching \">= 3.1.0\"...\n- Using previously-installed hashicorp/aws v4.67.0\n- Using previously-installed hashicorp/random v3.8.1\n\nTerraform has been successfully initialized!\n\nYou may now begin working with Terraform. Try running \"terraform plan\" to see\nany changes that are required for your infrastructure. All Terraform commands\nshould now work.\n\nIf you ever set or change modules or backend configuration for Terraform,\nrerun this command to reinitialize your working directory. If you forget, other\ncommands will detect it and remind you to do so if necessary.\n[*] Creating dxw-pentest-pentestvone-rds-staging workspace\nWorkspace \"dxw-pentest-pentestvone-rds-staging\" already exists\n[*] Selecting dxw-pentest-pentestvone-rds-staging workspace\n[*] Running terraform fmt for dxw-pentest-pentestvone-rds-staging\n[*] Running terraform validate for dxw-pentest-pentestvone-rds-staging\nSuccess! The configuration is valid.\n\n[*] Creating dxw-pentest-pentestvone-rds-staging workspace\nWorkspace \"dxw-pentest-pentestvone-rds-staging\" already exists\n[*] Selecting dxw-pentest-pentestvone-rds-staging workspace\nrandom_password.rds_password: Refreshing state... [id=none]\nmodule.rds.module.db_instance.random_id.snapshot_identifier[0]: Refreshing state... [id=lmwwSA]\ndata.aws_caller_identity.current: Reading...\ndata.aws_caller_identity.current: Read complete after 0s [id=511700466171]\nmodule.rds.module.db_instance.data.aws_partition.current: Reading...\ndata.aws_launch_template.ecs_launch_template: Reading...\ndata.aws_kms_alias.ssm: Reading...\nmodule.rds.module.db_instance.data.aws_partition.current: Read complete after 0s [id=aws]\naws_cloudwatch_event_rule.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st]\ndata.aws_s3_bucket.transfer: Reading...\naws_iam_role.sql_backup_scheduled_task_ecs: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs]\nmodule.rds.module.db_parameter_group.aws_db_parameter_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133224710900000001]\naws_s3_bucket.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\nmodule.rds.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Reading...\naws_iam_role.check_sql_backup_scheduled_task_ecs_execution: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution]\nmodule.rds.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Read complete after 0s [id=1813475199]\nmodule.rds.module.db_option_group.aws_db_option_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133225312500000002]\naws_kms_key.rds_ssm: Refreshing state... [id=0aa5dca8-ddcc-4258-bf28-a561b9a8ef87]\ndata.aws_kms_alias.ssm: Read complete after 0s [id=arn:aws:kms:eu-west-2:932446864135:alias/aws/ssm]\naws_iam_role.check_sql_backup_scheduled_task_cloudwatch: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-cw]\ndata.aws_s3_bucket.transfer: Read complete after 0s [id=dxw-pentest-ecs-staging-dalmatian-transfer]\naws_iam_role.check_sql_backup_scheduled_task_ecs: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs]\ndata.aws_security_group.ecs_security_group: Reading...\naws_cloudwatch_event_rule.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st]\ndata.aws_ecs_cluster.cluster: Reading...\ndata.aws_launch_template.ecs_launch_template: Read complete after 0s [id=lt-0fba00b394755128b]\naws_iam_role.sql_backup_scheduled_task_ecs_execution: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution]\ndata.aws_vpc.vpc: Reading...\naws_iam_role.sql_backup_scheduled_task_cloudwatch: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-cw]\ndata.aws_ecs_cluster.cluster: Read complete after 0s [id=arn:aws:ecs:eu-west-2:932446864135:cluster/dxw-pentest-staging]\naws_kms_alias.rds_ssm: Refreshing state... [id=alias/dxw-pentest-pentestvone-rds-staging-rds-values-ssm]\ndata.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile: Reading...\ndata.aws_security_group.ecs_security_group: Read complete after 0s [id=sg-09323ac1b18adbf47]\naws_ssm_parameter.rds_db_password: Refreshing state... [id=/dxw-pentest/dxwpentestpentestvonestaging-rds/password]\naws_s3_bucket_public_access_block.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_server_side_encryption_configuration.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_lifecycle_configuration.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_acl.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup,private]\ndata.aws_vpc.vpc: Read complete after 0s [id=vpc-08160529b0069a9a4]\naws_s3_bucket_policy.sql_backups_bucket: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_iam_policy.ecs_cluster_sql_backup_s3_policy: Refreshing state... [id=arn:aws:iam::932446864135:policy/dxw-pentest-pentestvone-rds-staging-ecs-cluster-sql-backups-s3-policy]\naws_security_group.rds: Refreshing state... [id=sg-03c7b2d71eea98557]\ndata.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile: Read complete after 0s [id=AIPA5SGRKAMD3YWY6PA25]\ndata.aws_subnet.ecs_private[0]: Reading...\ndata.aws_subnet.ecs_private[1]: Reading...\ndata.aws_subnet.ecs_private[0]: Read complete after 0s [id=subnet-0615109dfd24f74b5]\ndata.aws_subnet.ecs_private[2]: Reading...\ndata.aws_subnet.ecs_private[1]: Read complete after 0s [id=subnet-0606eeedab5dea6c7]\ndata.aws_subnet.extra_public[1]: Reading...\ndata.aws_subnet.ecs_private[2]: Read complete after 0s [id=subnet-01660d0866e86d9b6]\ndata.aws_subnet.extra_public[0]: Reading...\ndata.aws_subnet.extra_public[1]: Read complete after 0s [id=subnet-0295a7cf928d802eb]\ndata.aws_subnet.extra_public[2]: Reading...\naws_security_group_rule.transition_rds_postgresql_sg_rule[0]: Refreshing state... [id=sgrule-4074910867]\naws_iam_role_policy.check_sql_backup_scheduled_task_ecs_execution_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution-policy]\ndata.aws_route_table.private_subnet_route_table: Reading...\ndata.aws_subnet.extra_public[0]: Read complete after 0s [id=subnet-019286daa18327178]\naws_iam_role_policy_attachment.ecs_cluster_sql_backup_s3_policy: Refreshing state... [id=tf-ECSInRole-dxw-pentest-staging20250630094259383100000001-20250630133227029100000004]\ndata.aws_subnet.extra_public[2]: Read complete after 0s [id=subnet-0e6866a5f131efdeb]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-allow-s3-policy]\naws_iam_role_policy.check_sql_backup_scheduled_task_cloudwatch_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-cw:dxw-pentest-dxwpentestpentestvonestaging-csb-cw-policy]\ndata.aws_route_table.private_subnet_route_table: Read complete after 1s [id=rtb-092cddc21bbb96803]\nmodule.rds.module.db_subnet_group.aws_db_subnet_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133225841900000003]\naws_iam_role_policy.check_sql_backup_transfer_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs:dxw-pentest-dxwpentestpentestvonestaging-csbt-ecs-allow-s3-policy]\naws_iam_role_policy.check_sql_backup_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs:dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-allow-s3-policy]\naws_ecs_task_definition.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_execution_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution-policy]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_execution_role_ssm_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution-ssm-policy]\naws_iam_role_policy.sql_backup_scheduled_task_cloudwatch_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-cw:dxw-pentest-dxwpentestpentestvonestaging-sb-cw-policy]\naws_cloudwatch_event_target.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st-dxw-pentest-dxwpentestpentestvonestaging-csb-st-target]\nmodule.rds.module.db_instance.aws_db_instance.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging]\naws_ssm_document.rds_db_list: Refreshing state... [id=dxwpentestpentestvonestaging-rds-db-list]\naws_ssm_document.rds_sql_import: Refreshing state... [id=dxwpentestpentestvonestaging-rds-sql-import]\naws_ecs_task_definition.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st]\naws_ssm_document.rds_sql_dump: Refreshing state... [id=dxwpentestpentestvonestaging-rds-sql-dump]\naws_ssm_document.rds_shell: Refreshing state... [id=dxwpentestpentestvonestaging-rds-shell]\naws_ssm_document.rds_db_creation: Refreshing state... [id=dxwpentestpentestvonestaging-rds-db-creation]\naws_cloudwatch_event_target.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st-dxw-pentest-dxwpentestpentestvonestaging-sb-st-target]\n\nNote: Objects have changed outside of Terraform\n\nTerraform detected the following changes made outside of\nTerraform since the last \"terraform apply\" which may have\naffected this plan:\n\n # module.rds.module.db_instance.aws_db_instance.this[0] has changed\n ~ resource \"aws_db_instance\" \"this\" {\n ~ engine_version_actual = \"8.0.41\" -> \"8.0.42\"\n id = \"dxwpentestpentestvonestaging\"\n name = \"saluki\"\n tags = {}\n # (65 unchanged attributes hidden)\n\n # (1 unchanged block hidden)\n }\n\n\nUnless you have made equivalent changes to your configuration,\nor ignored the relevant attributes using ignore_changes, the\nfollowing plan may include actions to undo or respond to these\nchanges.\n\n───────────────────────────────────────────────────────────────\n\nTerraform used the selected providers to generate the following\nexecution plan. Resource actions are indicated with the\nfollowing symbols:\n + create\n\nTerraform will perform the following actions:\n\n # aws_iam_policy.replication[0] will be created\n + resource \"aws_iam_policy\" \"replication\" {\n + arn = (known after apply)\n + id = (known after apply)\n + name = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup-replication-policy\"\n + name_prefix = (known after apply)\n + path = \"/\"\n + policy = jsonencode(\n {\n + Statement = [\n + {\n + Action = [\n + \"s3:GetReplicationConfiguration\",\n + \"s3:ListBucket\",\n ]\n + Effect = \"Allow\"\n + Resource = [\n + \"arn:aws:s3:::dxw-pentest-dxwpentestpentestvonestaging-sql-backup\",\n ]\n },\n + {\n + Action = [\n + \"s3:GetObjectVersionForReplication\",\n + \"s3:GetObjectVersionAcl\",\n + \"s3:GetObjectVersionTagging\",\n ]\n + Effect = \"Allow\"\n + Resource = [\n + \"arn:aws:s3:::dxw-pentest-dxwpentestpentestvonestaging-sql-backup/*\",\n ]\n },\n + {\n + Action = [\n + \"s3:ReplicateObject\",\n + \"s3:ReplicateDelete\",\n + \"s3:ReplicateTags\",\n + \"s3:ObjectOwnerOverrideToBucketOwner\",\n ]\n + Effect = \"Allow\"\n + Resource = \"arn:aws:s3:::wai4vub1-mtvh-replication-test/*\"\n },\n + {\n + Action = [\n + \"kms:Decrypt\",\n ]\n + Condition = {\n + StringLike = {\n + \"kms:EncryptionContext:aws:s3:arn\" = [\n + \"arn:aws:s3:::dxw-pentest-dxwpentestpentestvonestaging-sql-backup/*\",\n ]\n + \"kms:ViaService\" = \"s3.eu-west-2.amazonaws.com\"\n }\n }\n + Effect = \"Allow\"\n + Resource = \"*\"\n },\n ]\n + Version = \"2012-10-17\"\n }\n )\n + policy_id = (known after apply)\n + tags_all = (known after apply)\n }\n\n # aws_iam_role.replication[0] will be created\n + resource \"aws_iam_role\" \"replication\" {\n + arn = (known after apply)\n + assume_role_policy = jsonencode(\n {\n + Statement = [\n + {\n + Action = \"sts:AssumeRole\"\n + Effect = \"Allow\"\n + Principal = {\n + Service = \"s3.amazonaws.com\"\n }\n + Sid = \"\"\n },\n ]\n + Version = \"2012-10-17\"\n }\n )\n + create_date = (known after apply)\n + force_detach_policies = false\n + id = (known after apply)\n + managed_policy_arns = (known after apply)\n + max_session_duration = 3600\n + name = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup-replication\"\n + name_prefix = (known after apply)\n + path = \"/\"\n + role_last_used = (known after apply)\n + tags_all = (known after apply)\n + unique_id = (known after apply)\n\n + inline_policy (known after apply)\n }\n\n # aws_iam_role_policy_attachment.replication[0] will be created\n + resource \"aws_iam_role_policy_attachment\" \"replication\" {\n + id = (known after apply)\n + policy_arn = (known after apply)\n + role = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup-replication\"\n }\n\n # aws_s3_bucket_replication_configuration.sql_backups[0] will be created\n + resource \"aws_s3_bucket_replication_configuration\" \"sql_backups\" {\n + bucket = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup\"\n + id = (known after apply)\n + role = (known after apply)\n\n + rule {\n + id = \"replication\"\n + status = \"Enabled\"\n\n + destination {\n + bucket = \"arn:aws:s3:::wai4vub1-mtvh-replication-test\"\n + storage_class = \"STANDARD\"\n\n + access_control_translation {\n + owner = \"Destination\"\n }\n }\n\n + source_selection_criteria {\n + sse_kms_encrypted_objects {\n + status = \"Enabled\"\n }\n }\n }\n }\n\n # aws_s3_bucket_versioning.sql_backups[0] will be created\n + resource \"aws_s3_bucket_versioning\" \"sql_backups\" {\n + bucket = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup\"\n + id = (known after apply)\n\n + versioning_configuration {\n + mfa_delete = (known after apply)\n + status = \"Enabled\"\n }\n }\n\nPlan: 5 to add, 0 to change, 0 to destroy.\n\n───────────────────────────────────────────────────────────────\n\nNote: You didn't use the -out option to save this plan, so\nTerraform can't guarantee to take exactly these actions if you\nrun \"terraform apply\" now.\nProcess Group PGID: 67132" } } } ], "status": "success", "timestamp": "2026-02-20T17:59:58.765Z", "resultDisplay": "==> Installing Ruby and dependencies...\nSuccessfully installed bundler-2.4.22\nParsing documentation for bundler-2.4.22\nDone installing documentation for bundler after 0 seconds\n1 gem installed\nBundle complete! 13 Gemfile dependencies, 53 gems now installed.\nBundled gems are installed into `../../../.bundles`\n\n==> Installing Terraform and dependencies...\nTerraform v1.9.8 is already installed\n[*] Checking out 0.17.0 from git@github.com:cloudposse/terraform-aws-codebuild.git\n[*] Checking out 2.1.0 from git@github.com:dxw/terraform-aws-github-ci.git\n[*] Checking out 3cc589ecb5bf70fbd1188c47c915550235d4714b from git@github.com:dxw/terraform-aws-s3-bucket.git\n[*] Checking out v2.70.0 from git@github.com:terraform-aws-modules/terraform-aws-vpc\n[*] Checking out v5.7.0 from git@github.com:dxw/tf_aws_ecs.git\n[*] Checking out 1.1.0 from git@github.com:dxw/terraform-aws-cloudtrail\n[*] Checking out 0.28.2 from git@github.com:cloudposse/terraform-aws-efs\n[*] Checking out v1.3.0 from git@github.com:claranet/terraform-aws-lambda\n[*] Checking out v5.2.2 from git@github.com:terraform-aws-modules/terraform-aws-rds\n[*] Checking out v8.3.1 from git@github.com:terraform-aws-modules/terraform-aws-rds-aurora.git\n\n==> Checking for a 'dalmatian.yml' in the root...\nFound: /Users/bob/git/dxw/dalmatian-config/dalmatian.yml\n\n==> Linting YAML...\n\n==> Linting shell scripts...\n\n==> Checking Terraform for JSON errors...\n- Checking ./terraform/policies/iam-read.json... Passed\n- Checking ./terraform/policies/s3-rw-with-versioning.json... Passed\n- Checking ./terraform/policies/codestar-connection-use.json... Passed\n- Checking ./terraform/policies/iam-create-access-key.json... Passed\n- Checking ./terraform/policies/codebuild.json... Passed\n- Checking ./terraform/policies/kms-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/iam-change-password.json... Passed\n- Checking ./terraform/policies/administrator-access.json... Passed\n- Checking ./terraform/policies/assume_roles/aws-backup.json... Passed\n- Checking ./terraform/policies/assume_roles/autoscaling.json... Passed\n- Checking ./terraform/policies/assume_roles/events.json... Passed\n- Checking ./terraform/policies/assume_roles/ecs.json... Passed\n- Checking ./terraform/policies/assume_roles/codepipeline.json... Passed\n- Checking ./terraform/policies/iam-mfa.json... Passed\n- Checking ./terraform/policies/route53-read.json... Passed\n- Checking ./terraform/policies/s3-full-access.json... Passed\n- Checking ./terraform/policies/parameter-store-read-decrypt.json... Passed\n- Checking ./terraform/policies/s3-read.json... Passed\n- Checking ./terraform/policies/parameter-store-RW-encrypt-decrypt.json... Passed\n- Checking ./terraform/policies/all-read-with-billing.json... Passed\n- Checking ./terraform/policies/codebuild-start-build.json... Passed\n- Checking ./terraform/policies/all-read.json... Passed\n\n==> Linting Terraform...\n\n==> Running Ruby tests...\n/Users/bob/.rbenv/versions/2.7.1/bin/ruby -I/Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/lib:/Users/bob/.bundles/ruby/2.7.0/gems/rspec-support-3.12.1/lib /Users/bob/.bundles/ruby/2.7.0/gems/rspec-core-3.12.2/exe/rspec --pattern spec/\\*\\*\\{,/\\*/\\*\\*\\}/\\*_spec.rb\n\ntests local configuration\n use of \"terraform apply\"\n passes the hosted zone config to \"terraform apply\"\n passes the s3 config to \"terraform apply\"\n passes the vpn customer gateway config to \"terraform apply\"\n passes the base config to \"terraform apply\"\n passes the waf config to \"terraform apply\"\n passes the rds config to \"terraform apply\"\n passes the elasticache config to \"terraform apply\"\n passes the opensearch config to \"terraform apply\"\n passes the service config to \"terraform apply\"\n passes the loadbalancer config to \"terraform apply\"\n passes the cluster 2 config to \"terraform apply\"\n passes the cluster 3 config to \"terraform apply\"\n passes the cluster 4 config to \"terraform apply\"\n\ntests remote configuration\n retrieves the remotely held full configuration\n proceeds with deploying the infrastructure as per the cached full configuration\n\ntests local configuration\n invokes \"terraform validate\" with the expected cluster options\n invokes \"terraform validate\" with the expected source options\n use of \"terraform plan\"\n passes the hosted zone config to \"terraform plan\"\n passes the s3 config to \"terraform plan\"\n passes the vpn customer gateway config to \"terraform plan\"\n passes the base config to \"terraform plan\"\n passes the waf config to \"terraform plan\"\n passes the rds config to \"terraform plan\"\n passes the elasticache config to \"terraform plan\"\n passes the opensearch config to \"terraform plan\"\n passes the services config to \"terraform plan\"\n passes the loadbalancer config to \"terraform plan\"\n passes the cluster 2 config to \"terraform plan\"\n passes the cluster 3 config to \"terraform plan\"\n passes the cluster 4 config to \"terraform plan\"\n\nDalmatian::Account\n initialisation\n gathering user input\n asks the user for AWS credentials\n asks the user for the AWS account id to use\n asks the user for an account alias\n #call\n changes to the bootstrapping directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n\nDalmatian::CacheHandlerSelector\n ::new_for(remote_reference)\n when the remote reference is for a git repo\n asks for an instance of GitCacheHandler\n when the remote reference is for an S3 bucket\n asks for an instance of S3CacheHandler\n when the remote reference is for a URL\n asks for an instance of UrlCacheHandler\n when the type is unknown\n raises an error\n\nCacheHandler\n when a subclass class does not implement #cache_remote_configuration\n raises a helpful error\n\nDalmatian::CI\n CI::PATH\n is a constant\n #deploy\n changes to the ci directory\n runs terraform init with upgrade option\n creates the new workspace using the given aws account id and alias\n runs terraform apply with the user-supplied vars\n #test\n runs terraform plan with the user-supplied vars\n\nDalmatian::ClusterDeployment\n #call\n changes to the ecs directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n when in _plan_ mode\n invokes Terraform.plan using the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply using the _dalmatian-admin_\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Cluster\n on initialisation\n makes Hosted zones, S3, Sources, Services, Loadbalancers, WAF and Rds\n #target_directory\n is a standard _ecs_ path\n #id\n is the primary key of the cluster definition is used\n #name\n when the cluster has an explicitly provided _name_ property\n that property is used\n when the cluster does not have an explicitly provided _name_ property\n the primary key of the cluster definition is used\n #account_id\n is the aws account key for deployment\n #sources\n represents any links to remote sources\n #environments\n represents the attributes of each environment's cluster section\n #fetch\n when the source is remotely held\n logs the plan to clone the source into the infrastructure pth\n deletes any existing source at the infrastructure location\n clones each source into the infrastructure location\n changes to the infrastructure directory for each source\n runs rake terrafile\n changes back to the APP_ROOT\n when the source is a local file path\n does not re-clone the source\n does not run terrafile\n when the specified local directory exists\n logs the fact that the local source is in place\n when the specificed local directory does not exist\n logs an error that the local source is missing\n #deploy\n deploys source infrastructure for each source and each service in each environment\n when a cluster should be created\n deploys cluster infrastructure for each environment\n when the _plan_ option IS invoked\n creates Cluster Deployments with plan settings\n when the _auto_approve_ option IS invoked\n creates Cluster Deployments with auto_approve settings\n handling of tests\n when the _test_ option is NOT invoked\n does not run cluster tests\n does not run cluster tests\n does not run cluster tests\n does not run source tests\n does not run waf tests\n does not run rds tests\n does not run service tests\n does not run service tests\n when the test option IS invoked\n runs tests\n when a cluster should NOT be created\n does not deploy cluster infrastructure\n when test option is invoked\n tests sources and services for each environment\n\nDalmatian::ClusterTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n does NOT attempt to check out that commit\n\nDalmatian::ConfigurationReader\n when a full configuration is provided in a local file\n #call\n has no need to use a cache handler\n returns the loaded configuration\n when a reference to a remote configuration is provided\n and the reference is provided in a local file\n uses the CacheHandlerSelector to provide the appropriate retrieval mechanism\n calls on the selected cache handler\n returns the configuration returned by the cache_handler\n and the reference is provided using environment variables\n passes the provided remote reference to the CacheHandlerSelector\n and references are provided in both environment variables and config file\n prefers the environment variable references over the config file\n and no references are provided\n raises an error\n and the remote reference is missing its _type_\n raises an error\n #ci\n when a parameter path prefix is given\n overwrites the ci:variables config with those retrieved from the param store\n leaves other ci:variables in place\n when a parameter path prefix is NOT given\n does NOT overwrite any ci:variables from the param store\n\nDalmatian::ElasticacheCluster\n #identifier\n uses elasticache identifier\n #in_use_by\n uses elasticache_cluster in_use_by list\n #node_type\n uses elasticache_cluster node_type\n #node_count\n uses elasticache_cluster node_count\n #engine\n uses elasticache_cluster engine\n #engine_version\n uses the elasticache_cluster engine_version\n #parameters\n uses the elasticache_cluster parameters list\n #port\n uses the elasticache_cluster port\n #maintenance_window\n uses the elasticache_cluster maintenance_window\n #snapshot_window\n uses the elasticache_cluster snapshot_window\n #parameter_store_path_elasticache_cluster_url_name\n uses the elasticache_cluster parameter_store_path_elasticache_cluster_url_name\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ElasticacheClusterTest\n #call\n changes to the elasticache-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::GitCacheHandler\n #call\n deletes any old cache\n uses git clone to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n when no special cache path is given\n uses the default cache path of ./.dalmatian_cache/remote_config\n\nDalmatian::Helper\n ::git_clone(source, destination)\n when source and destination args are not provided\n raises an error with usage info\n when given source and destination args\n passes the request to the git CLI\n ::git_checkout(revision)\n checks out the given revision using run!\n ::get(source, destination)\n when source and destination args are not provided\n raises an error with usage info\n when given source and destination args\n opens the source url\n opens a new file at the destination\n writes the source resource into that file\n reads the information from the fetched resource\n ::run!\n passes given cmd to Kernel.system\n when the call to Kernel.system returns _false_\n raise a helpful error\n ::run_with_output!(cmd)\n passes given cmd to Open3.capture3\n when the system call returns a zero exit status\n returns the systems output to STDOUT\n when the system call returns a non-zero exit status\n also returns STDOUT ignoring the exit code and STDERR\n when the system call raises an ENOENT error\n catches this and raises a helpful Error\n ::change_to(path)\n passes the given path to Dir.chdir\n ::to_bool(str)\n when given nil\n returns false\n when given an empty string\n returns false\n when given lower case string _true_\n returns true\n when given mixed case string _True_\n returns true\n when given the object true\n returns true\n when given the object false\n returns false\n ::tflint\n runs the tflint cmd\n ::terrafile\n runs rake terrafile\n ::ask\n delegates to HighLine#ask\n ::ask_in_confidence\n delegates to HighLine#ask\n passes a block to mask the answer\n\nDalmatian::HostedZoneDeployment\n #call\n changes to hosted-zone infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::HostedZone\n #domain\n uses hosted_zone domain\n #ns_records\n uses hosted_zone ns_records\n #a_records\n uses hosted_zone a_records\n #alias_records\n uses hosted_zone alias_records\n #cname_records\n uses hosted_zone cname_records\n #mx_records\n uses hosted_zone mx_records\n #txt_records\n uses hosted_zone txt_records\n #srv_records\n uses hosted_zone srv_records\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::HostedZoneTest\n #call\n changes to the hosted-zone directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::Infrastructure\n Infrastructure::PATH\n is a constant\n Infrastructure::APP_ROOT\n is a constant\n initialisation\n when configuration is not provided\n builds one using the defaults\n #clusters\n creates one cluster for each cluster description provided\n key operations on clusters\n #fetch\n asks all clusters to #fetch\n #test\n asks all clusters to #deploy with _plan_ and _test_ options\n #deploy\n when no parameters given\n asks all clusters to #deploy with _plan_, _test_ and _auto-approve_ disabled\n when parameters are given\n asks all clusters to #deploy with the given options\n when a particular infrastructure is named for deployment\n asks only the named cluster to #deploy with the given options\n\nDalmatian::Logger\n ::error(msg)\n raises an error with a red message\n ::info(msg)\n puts the given given message in white\n ::success(msg)\n puts the given given message in green\n ::warn(msg)\n puts the given given message in yellow\n\nDalmatian::OpensearchCluster\n #identifier\n uses opensearch identifier\n #in_use_by\n uses opensearch_cluster in_use_by list\n #version\n uses opensearch_cluster version\n #master_enabled\n uses opensearch_cluster master_enabled bool\n #master_count\n uses opensearch_cluster master_count\n #master_type\n uses opensearch_cluster master_type\n #instance_count\n uses opensearch_cluster instance_count\n #instance_type\n uses opensearch_cluster instance_type\n #warm_enabled\n uses opensearch_cluster warm_enabled bool\n #warm_count\n uses opensearch_cluster warm_count\n #warm_type\n uses opensearch_cluster warm_type\n #parameter_store_path_opensearch_cluster_url_name\n uses opensearch_cluster parameter_store_path_opensearch_cluster_url_name\n #volume_size\n uses opensearch_cluster volume_size\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::OpensearchClusterTest\n #call\n changes to the opensearch-cluster directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ParameterStore\n ::get_parameter(name: \"\", with_decryption: true)\n when getting a single parameter from Parameter Store\n runs aws ssm get-parameter\n ::get_parameters_by_path(path: \"\", with_decryption: true)\n when getting parameters by path from Parameter Store\n runs aws ssm get-parameter\n\nDalmatian::RdsDeployment\n #call\n changes to rds infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Rds\n #identifier\n uses rds identifier\n #in_use_by\n uses rds in_use_by list\n #clusters_in_use\n uses rds clusters_in_use list\n #instance_class\n uses rds instance_class\n #engine\n uses rds engine\n #engine_version\n uses the rds engine_version\n #allocated_storage\n uses the rds allocated_storage\n #storage_encrypted\n uses the rds storage_encrypted bool\n #storage_type\n uses the rds storage_type gp3\n #db_name\n uses the rds db_name\n #port\n uses the rds port\n #maintenance_window\n uses the rds maintenance_window\n #backup_window\n uses the rds backup_window\n #backup_retention_period\n uses the rds backup_retention_period\n #force_ssl\n uses the rds force_ssl bool\n #parameter_store_path_db_url_name\n uses the rds parameter_store_path_db_url_name\n #sql_backup_scheduled_task_environment_variables\n uses the rds sql_backup_scheduled_task_environment_variables\n #check_sql_backup_scheduled_task_environment_variables\n uses the rds check_sql_backup_scheduled_task_environment_variables\n #sync_sql_backup_to_azure\n will have offsite backups disabled by default\n #replication_bucket_destination_arn\n uses the rds replication_bucket_destination_arn\n #replication_kms_key_id\n uses the rds replication_kms_key_id\n #codebuild_access\n uses the rds codebuild_access\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::RdsTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::RemoteReferenceValues\n when the reference is for a git repo\n returns a git shaped configuration\n if _filename_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for an S3 bucket\n returns an S3 shaped configuration\n if _key_ is not present\n supplies the default of _dalmatian.yml_\n when the reference is for a URL\n returns a git shaped configuration\n\nDalmatian::S3CacheHandler\n #call\n deletes any old cache\n uses the AWS S3 cmd to save the remote config to a local cache\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::S3Deployment\n #call\n changes to s3 infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::S3\n #name\n uses s3 name\n #enable_s3_versioning\n uses enable_s3_versioning bool\n #encrypted\n uses s3 encrypted bool\n #acl\n uses s3 acl\n #policy\n uses s3 policy\n #service_cloudfront_read_access\n uses s3 service_cloudfront_read_access\n #cloudfront\n uses s3 cloudfront\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::S3Test\n #call\n changes to the s3 directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::ServiceDeployment\n #call\n changes to ecs-services infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Service\n #name\n uses service name\n #blue_green\n uses the service blue_green map\n #parameter_store_path\n uses service parameter_store_path\n #parameter_store_key\n uses service parameter_store_key\n #daemon\n uses the service daemon bool\n #monitoring\n uses the service monitoring hash\n #cloudfront\n recasts the service config in environment groups\n includes the appropriate \"custom_origins\" values in each environment\n Uses an AWS cloudfront managed cache policy\n Uses an AWS cloudfront managed origin policy\n Uses an AWS cloudfront managed response headers policy\n mirroring of elements into each environment group\n includes the \"create\" value\n includes the \"tls_protocol_version\" value\n includes the \"origin_keepalive_timeout\" value\n includes the \"origin_read_timeout\" value\n includes the \"basic_auth\" value\n includes the \"basic_auth_users_extra\" value\n includes the \"viewer_request_functions\" values\n includes the \"offline_page_http_status\" value\n bypass_protection\n uses the \"bypass_protection\" configuration\n custom_behaviors\n converts list of \"path_patterns\" to a single \"path_pattern\"\n #shared_loadbalancer_name\n returns shared loadbalancer name if the service is in use by a shared loadbalancer\n returns empty string if the service is not in use by a shared loadbalancer\n #s3_policy\n uses the service s3_policy map\n #lb_ip_whitelistt\n uses the service lb_ip_whitelist list\n #lb_idle_timeout\n uses the service lb_idle_timeout\n #global_accelerator\n uses service global_accelerator value\n #health_check_path\n uses the service health_check_path\n #health_check_grace_period\n uses the service health_check_grace_period\n #deregistration_delay\n uses the service deregistration_delay\n #serve_from_subdirectory\n uses the service serve_from_subdirectory\n #domain_names\n groups the domain names from the service domain_list into environments\n #proxy_configuration\n groups the proxy configurations from the service proxy_configuration list into environments\n #home_directory\n uses the service home_directory\n #lb_ssl_certificate\n groups the certificate arns from the service lb_ssl_certificate list into environments\n #lb_ssl_policy\n sets the default ssl policy for each environment\n #cloudfront_ssl_certificate\n groups the certificate arns from the service cloudfront_ssl_certificate list into environments\n #image_source\n uses the service image source\n #launch_on\n uses the service 'launch_on' specification\n #launch_on_cluster\n uses the service 'launch_on_cluster' string\n #cluster_min_servers\n uses the service 'cluster_min_servers' string\n #image_location\n uses the service image location\n #track_revision\n uses the service track_revision string\n #custom_codestar_connection_arn\n uses the service custom_codestar_connection_arn\n #codepipeline_use_github_v1\n uses the service codepipeline_use_github_v1\n #codepipeline_codebuild_run_in_vpc\n uses the service codepipeline_codebuild_run_in_vpc\n #codepipeline_codebuild_use_service_env\n uses the service codepipeline_codebuild_use_service_env\n #buildspec\n uses the service buildspec\n #container_port\n uses the service container port\n #container_command\n uses the service container command\n #container_volumes\n uses the service container volumes\n #container_extra_hosts\n uses the service container extra hosts\n #container_count\n uses the service container_count\n #enable_max_one_container_per_instance\n uses the service enable_max_one_container_per_instance\n #scheduled_tasks\n uses the service scheduled tasks\n #workers\n uses the service workers\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::ServiceTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SharedLoadbalancerDeployment\n #call\n changes to shared-loadbalancer infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::SharedLoadbalancer\n #name\n uses shared_loadbalancer name\n #in_use_by\n uses shared_loadbalancer in_use_by list\n #clusters_in_use\n uses shared_loadbalancer clusters_in_use list\n #subnets_name\n uses shared_loadbalancer subnets_name value\n #domain_names\n uses shared_loadbalancer domain_names list provided by Services\n #internal\n uses shared_loadbalancer internal value\n #ip_whitelist\n uses shared_loadbalancer ip_whitelist list\n #idle_timeout\n uses shared_loadbalancer idle_timeout value\n #global_accelerator\n uses shared_loadbalancer global_accelerator value\n #ssl_policy\n has the default ssl policy defined\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::SharedLoadbalancerTest\n #call\n changes to the shared-loadbalancer directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::SourceDeployment\n #call\n changes to infrastructure config directory\n asks Terraform to ensure that the workspace is in place\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::Source\n #name\n uses the cluster name and its own position in the cluster's list of sources\n #cluster_name\n delegates to the cluster\n #cluster_id\n delegates to the cluster\n #account_id\n delegates to the cluster\n\nDalmatian::SourceTest\n #call\n changes to the ecs directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n when the environment includes a git reference as \"track_revision\"\n checks out that commit\n passes the \"track_revision\" reference along to Terraform.validate\n\nDalmatian::Terraform\n ::init(upgrade: false)\n when asked to upgrade\n passes terraform init the upgrade flag\n when not asked to upgrade\n does not pass terraform init the upgrade flag\n ::fmt(args = nil)\n when passed some additional arguments\n passes terraform fmt the upgrade flag\n when passed NO additional arguments\n invokes terraform fmt with no arguments\n ::validate(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::ensure_presence_of_workspace(workspace_name)\n logs our intention to create the workspace\n asks Terraform to create the workspace\n when the workspace already exists (and an error is rescued)\n logs our intention to _select_ rather than _create_ the workspace\n asks Terraform to select the existing workspace\n ::plan(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::apply(tfvars, auto_approve=false)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n when auto-approve is set to true\n passes the _auto-approve_ flag to terraform apply\n ::destroy(tfvars)\n passes the given _var-file_ to terraform\n reformats the given tfvars and passes them to terraform as args\n ::list_workspaces\n changes to the bootstrapping directory\n runs the terraform cmd to list workspaces\n\nDalmatian::UrlCacheHandler\n #call\n deletes any old cache\n uses the helper to GET a URI\n logs the cloning action\n logs the path to the cached configuration\n returns the cached full configuration to the caller (configuration reader)\n reads the cached full configuration from the disk in order to return to caller\n\nDalmatian::VpnCustomerGatewayDeployment\n #call\n changes to vpn-customer-gateway infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::VpnCustomerGateway\n #name\n uses vpn_customer_gateway name\n #bgp_asn\n uses vpn_customer_gateway bgp_asn\n #ip_address\n uses vpn_customer_gateway ip_address\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::VpnCustomerGatewayTest\n #call\n changes to the vpn-customer-gateway directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nDalmatian::WAFDeployment\n #call\n changes to waf infrastructure directory\n asks Terraform to ensure that the workspace is in place\n when in _plan_ mode\n invokes Terraform.plan with the _dalmatian-read_ role\n when NOT in _plan_ mode\n invokes Terraform.apply with the _dalmatian-admin_ role\n when in _auto_approve_ mode\n asks Terraform to use auto_approve mode\n\nDalmatian::WAF\n #name\n uses waf name\n #action\n uses waf action\n #ip_deny_list\n has a list of IP addresses to block\n #aws_managed_rules\n uses waf aws_managed_rules list\n #associations\n uses waf associations list\n #to_params\n provides a hash of attributes for use in deployment\n\nDalmatian::WAFTest\n #call\n changes to the ecs-services directory\n logs our intention to run Terraform init\n runs Terraform init, with upgrade option\n ensures presence of workspace\n logs our intention to run Terraform fmt\n runs Terraform fmt with check and diff options\n logs our intention to run Terraform validate\n runs Terraform validate, with upgrade option\n changes back to the app root directory\n\nFinished in 3.23 seconds (files took 0.7882 seconds to load)\n478 examples, 0 failures\n\nCoverage report generated for RSpec to /Users/bob/git/dxw/dalmatian/coverage. 4310 / 4389 LOC (98.2%) covered.\n\n==> Linting markdown...\n\n==> Fetching Dalmatian config for 'dxw-pentest'...\n\n==> Testing Dalmatian for 'dxw-pentest'...\n[*] Running terraform init for dxw-pentest-pentestvone-rds-staging\nInitializing the backend...\nUpgrading modules...\n- rds in ../../../vendor/terraform_modules/terraform-aws-rds\n- rds.db_instance in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_instance\n- rds.db_option_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_option_group\n- rds.db_parameter_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_parameter_group\n- rds.db_subnet_group in ../../../vendor/terraform_modules/terraform-aws-rds/modules/db_subnet_group\nInitializing provider plugins...\n- Finding hashicorp/aws versions matching \">= 4.45.0, ~> 4.45\"...\n- Finding hashicorp/random versions matching \">= 3.1.0\"...\n- Using previously-installed hashicorp/aws v4.67.0\n- Using previously-installed hashicorp/random v3.8.1\n\nTerraform has been successfully initialized!\n\nYou may now begin working with Terraform. Try running \"terraform plan\" to see\nany changes that are required for your infrastructure. All Terraform commands\nshould now work.\n\nIf you ever set or change modules or backend configuration for Terraform,\nrerun this command to reinitialize your working directory. If you forget, other\ncommands will detect it and remind you to do so if necessary.\n[*] Creating dxw-pentest-pentestvone-rds-staging workspace\nWorkspace \"dxw-pentest-pentestvone-rds-staging\" already exists\n[*] Selecting dxw-pentest-pentestvone-rds-staging workspace\n[*] Running terraform fmt for dxw-pentest-pentestvone-rds-staging\n[*] Running terraform validate for dxw-pentest-pentestvone-rds-staging\nSuccess! The configuration is valid.\n\n[*] Creating dxw-pentest-pentestvone-rds-staging workspace\nWorkspace \"dxw-pentest-pentestvone-rds-staging\" already exists\n[*] Selecting dxw-pentest-pentestvone-rds-staging workspace\nrandom_password.rds_password: Refreshing state... [id=none]\nmodule.rds.module.db_instance.random_id.snapshot_identifier[0]: Refreshing state... [id=lmwwSA]\ndata.aws_caller_identity.current: Reading...\ndata.aws_caller_identity.current: Read complete after 0s [id=511700466171]\nmodule.rds.module.db_instance.data.aws_partition.current: Reading...\ndata.aws_launch_template.ecs_launch_template: Reading...\ndata.aws_kms_alias.ssm: Reading...\nmodule.rds.module.db_instance.data.aws_partition.current: Read complete after 0s [id=aws]\naws_cloudwatch_event_rule.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st]\ndata.aws_s3_bucket.transfer: Reading...\naws_iam_role.sql_backup_scheduled_task_ecs: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs]\nmodule.rds.module.db_parameter_group.aws_db_parameter_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133224710900000001]\naws_s3_bucket.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\nmodule.rds.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Reading...\naws_iam_role.check_sql_backup_scheduled_task_ecs_execution: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution]\nmodule.rds.module.db_instance.data.aws_iam_policy_document.enhanced_monitoring: Read complete after 0s [id=1813475199]\nmodule.rds.module.db_option_group.aws_db_option_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133225312500000002]\naws_kms_key.rds_ssm: Refreshing state... [id=0aa5dca8-ddcc-4258-bf28-a561b9a8ef87]\ndata.aws_kms_alias.ssm: Read complete after 0s [id=arn:aws:kms:eu-west-2:932446864135:alias/aws/ssm]\naws_iam_role.check_sql_backup_scheduled_task_cloudwatch: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-cw]\ndata.aws_s3_bucket.transfer: Read complete after 0s [id=dxw-pentest-ecs-staging-dalmatian-transfer]\naws_iam_role.check_sql_backup_scheduled_task_ecs: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs]\ndata.aws_security_group.ecs_security_group: Reading...\naws_cloudwatch_event_rule.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st]\ndata.aws_ecs_cluster.cluster: Reading...\ndata.aws_launch_template.ecs_launch_template: Read complete after 0s [id=lt-0fba00b394755128b]\naws_iam_role.sql_backup_scheduled_task_ecs_execution: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution]\ndata.aws_vpc.vpc: Reading...\naws_iam_role.sql_backup_scheduled_task_cloudwatch: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-cw]\ndata.aws_ecs_cluster.cluster: Read complete after 0s [id=arn:aws:ecs:eu-west-2:932446864135:cluster/dxw-pentest-staging]\naws_kms_alias.rds_ssm: Refreshing state... [id=alias/dxw-pentest-pentestvone-rds-staging-rds-values-ssm]\ndata.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile: Reading...\ndata.aws_security_group.ecs_security_group: Read complete after 0s [id=sg-09323ac1b18adbf47]\naws_ssm_parameter.rds_db_password: Refreshing state... [id=/dxw-pentest/dxwpentestpentestvonestaging-rds/password]\naws_s3_bucket_public_access_block.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_server_side_encryption_configuration.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_lifecycle_configuration.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_s3_bucket_acl.sql_backups: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup,private]\ndata.aws_vpc.vpc: Read complete after 0s [id=vpc-08160529b0069a9a4]\naws_s3_bucket_policy.sql_backups_bucket: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sql-backup]\naws_iam_policy.ecs_cluster_sql_backup_s3_policy: Refreshing state... [id=arn:aws:iam::932446864135:policy/dxw-pentest-pentestvone-rds-staging-ecs-cluster-sql-backups-s3-policy]\naws_security_group.rds: Refreshing state... [id=sg-03c7b2d71eea98557]\ndata.aws_iam_instance_profile.ecs_launch_template_iam_instance_profile: Read complete after 0s [id=AIPA5SGRKAMD3YWY6PA25]\ndata.aws_subnet.ecs_private[0]: Reading...\ndata.aws_subnet.ecs_private[1]: Reading...\ndata.aws_subnet.ecs_private[0]: Read complete after 0s [id=subnet-0615109dfd24f74b5]\ndata.aws_subnet.ecs_private[2]: Reading...\ndata.aws_subnet.ecs_private[1]: Read complete after 0s [id=subnet-0606eeedab5dea6c7]\ndata.aws_subnet.extra_public[1]: Reading...\ndata.aws_subnet.ecs_private[2]: Read complete after 0s [id=subnet-01660d0866e86d9b6]\ndata.aws_subnet.extra_public[0]: Reading...\ndata.aws_subnet.extra_public[1]: Read complete after 0s [id=subnet-0295a7cf928d802eb]\ndata.aws_subnet.extra_public[2]: Reading...\naws_security_group_rule.transition_rds_postgresql_sg_rule[0]: Refreshing state... [id=sgrule-4074910867]\naws_iam_role_policy.check_sql_backup_scheduled_task_ecs_execution_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-execution-policy]\ndata.aws_route_table.private_subnet_route_table: Reading...\ndata.aws_subnet.extra_public[0]: Read complete after 0s [id=subnet-019286daa18327178]\naws_iam_role_policy_attachment.ecs_cluster_sql_backup_s3_policy: Refreshing state... [id=tf-ECSInRole-dxw-pentest-staging20250630094259383100000001-20250630133227029100000004]\ndata.aws_subnet.extra_public[2]: Read complete after 0s [id=subnet-0e6866a5f131efdeb]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-allow-s3-policy]\naws_iam_role_policy.check_sql_backup_scheduled_task_cloudwatch_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-cw:dxw-pentest-dxwpentestpentestvonestaging-csb-cw-policy]\ndata.aws_route_table.private_subnet_route_table: Read complete after 1s [id=rtb-092cddc21bbb96803]\nmodule.rds.module.db_subnet_group.aws_db_subnet_group.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging-20250630133225841900000003]\naws_iam_role_policy.check_sql_backup_transfer_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs:dxw-pentest-dxwpentestpentestvonestaging-csbt-ecs-allow-s3-policy]\naws_iam_role_policy.check_sql_backup_scheduled_task_ecs_role_allow_s3_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-ecs:dxw-pentest-dxwpentestpentestvonestaging-csb-ecs-allow-s3-policy]\naws_ecs_task_definition.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_execution_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution-policy]\naws_iam_role_policy.sql_backup_scheduled_task_ecs_execution_role_ssm_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution:dxw-pentest-dxwpentestpentestvonestaging-sb-ecs-execution-ssm-policy]\naws_iam_role_policy.sql_backup_scheduled_task_cloudwatch_role_policy: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-cw:dxw-pentest-dxwpentestpentestvonestaging-sb-cw-policy]\naws_cloudwatch_event_target.check_sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-csb-st-dxw-pentest-dxwpentestpentestvonestaging-csb-st-target]\nmodule.rds.module.db_instance.aws_db_instance.this[0]: Refreshing state... [id=dxwpentestpentestvonestaging]\naws_ssm_document.rds_db_list: Refreshing state... [id=dxwpentestpentestvonestaging-rds-db-list]\naws_ssm_document.rds_sql_import: Refreshing state... [id=dxwpentestpentestvonestaging-rds-sql-import]\naws_ecs_task_definition.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st]\naws_ssm_document.rds_sql_dump: Refreshing state... [id=dxwpentestpentestvonestaging-rds-sql-dump]\naws_ssm_document.rds_shell: Refreshing state... [id=dxwpentestpentestvonestaging-rds-shell]\naws_ssm_document.rds_db_creation: Refreshing state... [id=dxwpentestpentestvonestaging-rds-db-creation]\naws_cloudwatch_event_target.sql_backup_scheduled_task: Refreshing state... [id=dxw-pentest-dxwpentestpentestvonestaging-sb-st-dxw-pentest-dxwpentestpentestvonestaging-sb-st-target]\n\nNote: Objects have changed outside of Terraform\n\nTerraform detected the following changes made outside of\nTerraform since the last \"terraform apply\" which may have\naffected this plan:\n\n # module.rds.module.db_instance.aws_db_instance.this[0] has changed\n ~ resource \"aws_db_instance\" \"this\" {\n ~ engine_version_actual = \"8.0.41\" -> \"8.0.42\"\n id = \"dxwpentestpentestvonestaging\"\n name = \"saluki\"\n tags = {}\n # (65 unchanged attributes hidden)\n\n # (1 unchanged block hidden)\n }\n\n\nUnless you have made equivalent changes to your configuration,\nor ignored the relevant attributes using ignore_changes, the\nfollowing plan may include actions to undo or respond to these\nchanges.\n\n───────────────────────────────────────────────────────────────\n\nTerraform used the selected providers to generate the following\nexecution plan. Resource actions are indicated with the\nfollowing symbols:\n + create\n\nTerraform will perform the following actions:\n\n # aws_iam_policy.replication[0] will be created\n + resource \"aws_iam_policy\" \"replication\" {\n + arn = (known after apply)\n + id = (known after apply)\n + name = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup-replication-policy\"\n + name_prefix = (known after apply)\n + path = \"/\"\n + policy = jsonencode(\n {\n + Statement = [\n + {\n + Action = [\n + \"s3:GetReplicationConfiguration\",\n + \"s3:ListBucket\",\n ]\n + Effect = \"Allow\"\n + Resource = [\n + \"arn:aws:s3:::dxw-pentest-dxwpentestpentestvonestaging-sql-backup\",\n ]\n },\n + {\n + Action = [\n + \"s3:GetObjectVersionForReplication\",\n + \"s3:GetObjectVersionAcl\",\n + \"s3:GetObjectVersionTagging\",\n ]\n + Effect = \"Allow\"\n + Resource = [\n + \"arn:aws:s3:::dxw-pentest-dxwpentestpentestvonestaging-sql-backup/*\",\n ]\n },\n + {\n + Action = [\n + \"s3:ReplicateObject\",\n + \"s3:ReplicateDelete\",\n + \"s3:ReplicateTags\",\n + \"s3:ObjectOwnerOverrideToBucketOwner\",\n ]\n + Effect = \"Allow\"\n + Resource = \"arn:aws:s3:::wai4vub1-mtvh-replication-test/*\"\n },\n + {\n + Action = [\n + \"kms:Decrypt\",\n ]\n + Condition = {\n + StringLike = {\n + \"kms:EncryptionContext:aws:s3:arn\" = [\n + \"arn:aws:s3:::dxw-pentest-dxwpentestpentestvonestaging-sql-backup/*\",\n ]\n + \"kms:ViaService\" = \"s3.eu-west-2.amazonaws.com\"\n }\n }\n + Effect = \"Allow\"\n + Resource = \"*\"\n },\n ]\n + Version = \"2012-10-17\"\n }\n )\n + policy_id = (known after apply)\n + tags_all = (known after apply)\n }\n\n # aws_iam_role.replication[0] will be created\n + resource \"aws_iam_role\" \"replication\" {\n + arn = (known after apply)\n + assume_role_policy = jsonencode(\n {\n + Statement = [\n + {\n + Action = \"sts:AssumeRole\"\n + Effect = \"Allow\"\n + Principal = {\n + Service = \"s3.amazonaws.com\"\n }\n + Sid = \"\"\n },\n ]\n + Version = \"2012-10-17\"\n }\n )\n + create_date = (known after apply)\n + force_detach_policies = false\n + id = (known after apply)\n + managed_policy_arns = (known after apply)\n + max_session_duration = 3600\n + name = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup-replication\"\n + name_prefix = (known after apply)\n + path = \"/\"\n + role_last_used = (known after apply)\n + tags_all = (known after apply)\n + unique_id = (known after apply)\n\n + inline_policy (known after apply)\n }\n\n # aws_iam_role_policy_attachment.replication[0] will be created\n + resource \"aws_iam_role_policy_attachment\" \"replication\" {\n + id = (known after apply)\n + policy_arn = (known after apply)\n + role = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup-replication\"\n }\n\n # aws_s3_bucket_replication_configuration.sql_backups[0] will be created\n + resource \"aws_s3_bucket_replication_configuration\" \"sql_backups\" {\n + bucket = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup\"\n + id = (known after apply)\n + role = (known after apply)\n\n + rule {\n + id = \"replication\"\n + status = \"Enabled\"\n\n + destination {\n + bucket = \"arn:aws:s3:::wai4vub1-mtvh-replication-test\"\n + storage_class = \"STANDARD\"\n\n + access_control_translation {\n + owner = \"Destination\"\n }\n }\n\n + source_selection_criteria {\n + sse_kms_encrypted_objects {\n + status = \"Enabled\"\n }\n }\n }\n }\n\n # aws_s3_bucket_versioning.sql_backups[0] will be created\n + resource \"aws_s3_bucket_versioning\" \"sql_backups\" {\n + bucket = \"dxw-pentest-dxwpentestpentestvonestaging-sql-backup\"\n + id = (known after apply)\n\n + versioning_configuration {\n + mfa_delete = (known after apply)\n + status = \"Enabled\"\n }\n }\n\nPlan: 5 to add, 0 to change, 0 to destroy.\n\n───────────────────────────────────────────────────────────────\n\nNote: You didn't use the -out option to save this plan, so\nTerraform can't guarantee to take exactly these actions if you\nrun \"terraform apply\" now.", "displayName": "Shell", "description": "This tool executes a given shell command as `bash -c `. To run a command in the background, set the `is_background` parameter to true. Do NOT use `&` to background commands. Command is executed as a subprocess that leads its own process group. Command process group can be terminated as `kill -- -PGID` or signaled as `kill -s SIGNAL -- -PGID`.\n\n Efficiency Guidelines:\n - Quiet Flags: Always prefer silent or quiet flags (e.g., `npm install --silent`, `git --no-pager`) to reduce output volume while still capturing necessary information.\n - Pagination: Always disable terminal pagination to ensure commands terminate (e.g., use `git --no-pager`, `systemctl --no-pager`, or set `PAGER=cat`).\n\n The following information is returned:\n\n Output: Combined stdout/stderr. Can be `(empty)` or partial on error and for any unwaited background processes.\n Exit Code: Only included if non-zero (command failed).\n Error: Only included if a process-level error occurred (e.g., spawn failure).\n Signal: Only included if process was terminated by a signal.\n Background PIDs: Only included if background processes were started.\n Process Group PGID: Only included if available.", "renderOutputAsMarkdown": false } ] }, { "id": "fd8bd1bf-1023-49e6-982c-630b9835d479", "timestamp": "2026-02-20T18:00:01.648Z", "type": "gemini", "content": "The `dalmatian.yml` has been updated (via `config/infrastructures/dxw-pentest.yml` and a subsequent `bin/compile`) to enable SQL backup replication for the `dxw-pentest` infrastructure.\n\nSpecifically, for the `pentestvone` RDS instance, I added:\n`replication_bucket_destination_arn: arn:aws:s3:::wai4vub1-mtvh-replication-test`\n\nThe Terraform plan now correctly shows that:\n1. **`aws_s3_bucket_versioning.sql_backups`** will be created with `status = \"Enabled\"`.\n2. **`aws_s3_bucket_replication_configuration.sql_backups`** will be created to replicate to the destination bucket.\n3. Necessary IAM roles and policies for replication will be created.\n\nThis confirms that the versioning is only enabled when replication is configured, as requested.\n\n```yaml\n# dxw-pentest.yml update\nrds:\n- identifier: pentestvone\n ...\n replication_bucket_destination_arn: arn:aws:s3:::wai4vub1-mtvh-replication-test\n```", "thoughts": [], "tokens": { "input": 102534, "output": 266, "cached": 90980, "thoughts": 0, "tool": 0, "total": 102800 }, "model": "gemini-3-flash-preview" }, { "id": "a4428646-3702-470a-b859-6b1e82a6f6e6", "timestamp": "2026-02-20T18:01:14.490Z", "type": "user", "content": [ { "text": "update @GEMINI.md" }, { "text": "\n--- Content from referenced files ---" }, { "text": "\nContent from @GEMINI.md:\n" }, { "text": "# Dalmatian Project Guidelines (GEMINI.md)\n\n## Project Discovery\n\n- **Build/Setup:** `bundle exec rake setup:all`\n- **Testing:** \n - Infrastructure: `scripts/bin/test` (checks formatting, linters, and validates tfvars).\n - SQL Munge: `scripts/bin/test-sql-munge` (PHP linter and tests).\n - Ruby: `bundle exec rspec` (Standard RSpec suite).\n- **Language Stacks:**\n - **Ruby:** Infrastructure logic and CLI tools (`Gemfile`).\n - **Terraform:** Infrastructure as code (`terraform/`).\n - **Python:** Utilities (`requirements.txt`).\n - **PHP:** SQL munging tools (`terraform/infrastructures/ecs/infrastructure_support/php-sql-munge-docker/`).\n\n## Standards & Testing\n\n- **Architecture Decisions:** Follow the ADR process. Records are stored in `docs/architecture-decisions/`.\n- **Formatting:** \n - Terraform: Always run `terraform fmt`.\n - PHP: Adhere to `dxw/php-cs-fixer-config` (checked by `test-sql-munge`).\n- **Ruby Conventions:** Adhere to `.rubocop.yml` and `.standard.yml`.\n\n## Infrastructure Configuration\n\n- Configurations are defined in `dalmatian.yml` (see `dalmatian.yml.example`).\n- Supports `standalone` and `overloaded` (remote sources) cluster descriptions.\n- Remote sources are cached locally via `bundle exec rake dalmatian:fetch`." }, { "text": "\n--- End of content ---" } ], "displayContent": [ { "text": "update @GEMINI.md" } ] }, { "id": "0e140f49-d98a-4315-ba12-f6cea8da33df", "timestamp": "2026-02-20T18:01:30.242Z", "type": "gemini", "content": "I will read the `GEMINI.md` file to confirm its current content and structure before applying updates.", "thoughts": [ { "subject": "Analyzing GEMINI.md Updates", "description": "I'm focused on the changes to `GEMINI.md`. My immediate task is to examine its current contents. Following that, I'll identify the required updates, specifically those stemming from recent modifications to the Terraform files, like the RDS configuration changes.", "timestamp": "2026-02-20T18:01:20.070Z" }, { "subject": "Defining Update Requirements", "description": "I've clarified the update scope. I'm focusing on incorporating the `dalmatian-config` workflow into `GEMINI.md`, emphasizing the compilation step using `bin/compile`. I'll also ensure the RDS configuration conditional logic for `aws_s3_bucket_versioning` is clearly reflected. Further, I will add detail about using `./scripts/bin/test` and `./scripts/bin/test -i -T ` for testing.", "timestamp": "2026-02-20T18:01:23.391Z" }, { "subject": "Revising Configuration Sections", "description": "I'm now rewriting the \"Infrastructure Configuration\" section. I will add detail about `dalmatian-config` and `bin/compile`, and then will incorporate information about the conditional logic for `aws_s3_bucket_versioning` which was updated in the Terraform files. I'll then move on to integrating the testing details, including the use of `./scripts/bin/test` and its available flags.", "timestamp": "2026-02-20T18:01:26.133Z" }, { "subject": "Adding Configuration Details", "description": "I'm now detailing the \"Infrastructure Configuration\" section. I will add information about the `dalmatian-config` repository and how to generate `dalmatian.yml` using `bin/compile`, which also handles the conditional `aws_s3_bucket_versioning` setting. Following this, I will incorporate testing details, including helpful flags.", "timestamp": "2026-02-20T18:01:28.941Z" }, { "subject": "Updating Core Configuration Info", "description": "I'm now revising the \"Infrastructure Configuration\" section. I'll add information about the `dalmatian-config` repository, emphasizing the `bin/compile` step to generate `dalmatian.yml`. Furthermore, I'll update the \"Testing\" section to include the specific and helpful flags for running tests.", "timestamp": "2026-02-20T18:01:30.115Z" } ], "tokens": { "input": 103175, "output": 36, "cached": 3882, "thoughts": 1161, "tool": 0, "total": 104372 }, "model": "gemini-3-pro-preview", "toolCalls": [ { "id": "read_file_1771610490236_0", "name": "read_file", "args": { "file_path": "GEMINI.md" }, "result": [ { "functionResponse": { "id": "read_file_1771610490236_0", "name": "read_file", "response": { "output": "# Dalmatian Project Guidelines (GEMINI.md)\n\n## Project Discovery\n\n- **Build/Setup:** `bundle exec rake setup:all`\n- **Testing:** \n - Infrastructure: `scripts/bin/test` (checks formatting, linters, and validates tfvars).\n - SQL Munge: `scripts/bin/test-sql-munge` (PHP linter and tests).\n - Ruby: `bundle exec rspec` (Standard RSpec suite).\n- **Language Stacks:**\n - **Ruby:** Infrastructure logic and CLI tools (`Gemfile`).\n - **Terraform:** Infrastructure as code (`terraform/`).\n - **Python:** Utilities (`requirements.txt`).\n - **PHP:** SQL munging tools (`terraform/infrastructures/ecs/infrastructure_support/php-sql-munge-docker/`).\n\n## Standards & Testing\n\n- **Architecture Decisions:** Follow the ADR process. Records are stored in `docs/architecture-decisions/`.\n- **Formatting:** \n - Terraform: Always run `terraform fmt`.\n - PHP: Adhere to `dxw/php-cs-fixer-config` (checked by `test-sql-munge`).\n- **Ruby Conventions:** Adhere to `.rubocop.yml` and `.standard.yml`.\n\n## Infrastructure Configuration\n\n- Configurations are defined in `dalmatian.yml` (see `dalmatian.yml.example`).\n- Supports `standalone` and `overloaded` (remote sources) cluster descriptions.\n- Remote sources are cached locally via `bundle exec rake dalmatian:fetch`.\n" } } } ], "status": "success", "timestamp": "2026-02-20T18:01:30.267Z", "resultDisplay": "", "displayName": "ReadFile", "description": "Reads and returns the content of a specified file. If the file is large, the content will be truncated. The tool's response will clearly indicate if truncation has occurred and will provide details on how to read more of the file using the 'offset' and 'limit' parameters. Handles text, images (PNG, JPG, GIF, WEBP, SVG, BMP), audio files (MP3, WAV, AIFF, AAC, OGG, FLAC), and PDF files. For text files, it can read specific line ranges.", "renderOutputAsMarkdown": true } ] }, { "id": "4c303ede-03d2-4c99-b05b-c069da3cfce5", "timestamp": "2026-02-20T18:01:37.983Z", "type": "gemini", "content": "I will update `GEMINI.md` to include information about the configuration management workflow, including the `dalmatian-config` repository, and add specific testing command examples for quick linting and infrastructure planning.", "thoughts": [], "tokens": { "input": 103559, "output": 536, "cached": 99886, "thoughts": 0, "tool": 0, "total": 104095 }, "model": "gemini-3-pro-preview", "toolCalls": [ { "id": "write_file_1771610497977_0", "name": "write_file", "args": { "file_path": "GEMINI.md", "content": "# Dalmatian Project Guidelines (GEMINI.md)\n\n## Project Discovery\n\n- **Build/Setup:** `bundle exec rake setup:all`\n- **Testing:** \n - Infrastructure: `scripts/bin/test` (checks formatting, linters, and validates tfvars).\n - Quick Linting: `scripts/bin/test -l` (skips full Terraform init/plan).\n - Infrastructure Plan: `scripts/bin/test -i -T ` (e.g., `-i dxw-pentest -T rds`).\n - SQL Munge: `scripts/bin/test-sql-munge` (PHP linter and tests).\n - Ruby: `bundle exec rspec` (Standard RSpec suite).\n- **Language Stacks:**\n - **Ruby:** Infrastructure logic and CLI tools (`Gemfile`).\n - **Terraform:** Infrastructure as code (`terraform/`).\n - **Python:** Utilities (`requirements.txt`).\n - **PHP:** SQL munging tools (`terraform/infrastructures/ecs/infrastructure_support/php-sql-munge-docker/`).\n\n## Standards & Testing\n\n- **Architecture Decisions:** Follow the ADR process. Records are stored in `docs/architecture-decisions/`.\n- **Formatting:** \n - Terraform: Always run `terraform fmt`.\n - PHP: Adhere to `dxw/php-cs-fixer-config` (checked by `test-sql-munge`).\n- **Ruby Conventions:** Adhere to `.rubocop.yml` and `.standard.yml`.\n\n## Infrastructure Configuration\n\n- Configurations are defined in `dalmatian.yml` (see `dalmatian.yml.example`).\n- **Dalmatian Config Repo:** If using the `dalmatian-config` repository:\n - Edit individual files in `config/infrastructures/*.yml`.\n - Run `bin/compile` in the `dalmatian-config` directory to regenerate `dalmatian.yml`.\n- Supports `standalone` and `overloaded` (remote sources) cluster descriptions.\n- Remote sources are cached locally via `bundle exec rake dalmatian:fetch`.\n" }, "result": [ { "functionResponse": { "id": "write_file_1771610497977_0", "name": "write_file", "response": { "output": "Successfully overwrote file: /Users/bob/git/dxw/dalmatian/GEMINI.md." } } } ], "status": "success", "timestamp": "2026-02-20T18:02:07.429Z", "resultDisplay": { "fileDiff": "Index: GEMINI.md\n===================================================================\n--- GEMINI.md\tOriginal\n+++ GEMINI.md\tWritten\n@@ -5,6 +5,8 @@\n - **Build/Setup:** `bundle exec rake setup:all`\n - **Testing:** \n - Infrastructure: `scripts/bin/test` (checks formatting, linters, and validates tfvars).\n+ - Quick Linting: `scripts/bin/test -l` (skips full Terraform init/plan).\n+ - Infrastructure Plan: `scripts/bin/test -i -T ` (e.g., `-i dxw-pentest -T rds`).\n - SQL Munge: `scripts/bin/test-sql-munge` (PHP linter and tests).\n - Ruby: `bundle exec rspec` (Standard RSpec suite).\n - **Language Stacks:**\n@@ -24,5 +26,8 @@\n ## Infrastructure Configuration\n \n - Configurations are defined in `dalmatian.yml` (see `dalmatian.yml.example`).\n+- **Dalmatian Config Repo:** If using the `dalmatian-config` repository:\n+ - Edit individual files in `config/infrastructures/*.yml`.\n+ - Run `bin/compile` in the `dalmatian-config` directory to regenerate `dalmatian.yml`.\n - Supports `standalone` and `overloaded` (remote sources) cluster descriptions.\n - Remote sources are cached locally via `bundle exec rake dalmatian:fetch`.\n", "fileName": "GEMINI.md", "filePath": "/Users/bob/git/dxw/dalmatian/GEMINI.md", "originalContent": "# Dalmatian Project Guidelines (GEMINI.md)\n\n## Project Discovery\n\n- **Build/Setup:** `bundle exec rake setup:all`\n- **Testing:** \n - Infrastructure: `scripts/bin/test` (checks formatting, linters, and validates tfvars).\n - SQL Munge: `scripts/bin/test-sql-munge` (PHP linter and tests).\n - Ruby: `bundle exec rspec` (Standard RSpec suite).\n- **Language Stacks:**\n - **Ruby:** Infrastructure logic and CLI tools (`Gemfile`).\n - **Terraform:** Infrastructure as code (`terraform/`).\n - **Python:** Utilities (`requirements.txt`).\n - **PHP:** SQL munging tools (`terraform/infrastructures/ecs/infrastructure_support/php-sql-munge-docker/`).\n\n## Standards & Testing\n\n- **Architecture Decisions:** Follow the ADR process. Records are stored in `docs/architecture-decisions/`.\n- **Formatting:** \n - Terraform: Always run `terraform fmt`.\n - PHP: Adhere to `dxw/php-cs-fixer-config` (checked by `test-sql-munge`).\n- **Ruby Conventions:** Adhere to `.rubocop.yml` and `.standard.yml`.\n\n## Infrastructure Configuration\n\n- Configurations are defined in `dalmatian.yml` (see `dalmatian.yml.example`).\n- Supports `standalone` and `overloaded` (remote sources) cluster descriptions.\n- Remote sources are cached locally via `bundle exec rake dalmatian:fetch`.\n", "newContent": "# Dalmatian Project Guidelines (GEMINI.md)\n\n## Project Discovery\n\n- **Build/Setup:** `bundle exec rake setup:all`\n- **Testing:** \n - Infrastructure: `scripts/bin/test` (checks formatting, linters, and validates tfvars).\n - Quick Linting: `scripts/bin/test -l` (skips full Terraform init/plan).\n - Infrastructure Plan: `scripts/bin/test -i -T ` (e.g., `-i dxw-pentest -T rds`).\n - SQL Munge: `scripts/bin/test-sql-munge` (PHP linter and tests).\n - Ruby: `bundle exec rspec` (Standard RSpec suite).\n- **Language Stacks:**\n - **Ruby:** Infrastructure logic and CLI tools (`Gemfile`).\n - **Terraform:** Infrastructure as code (`terraform/`).\n - **Python:** Utilities (`requirements.txt`).\n - **PHP:** SQL munging tools (`terraform/infrastructures/ecs/infrastructure_support/php-sql-munge-docker/`).\n\n## Standards & Testing\n\n- **Architecture Decisions:** Follow the ADR process. Records are stored in `docs/architecture-decisions/`.\n- **Formatting:** \n - Terraform: Always run `terraform fmt`.\n - PHP: Adhere to `dxw/php-cs-fixer-config` (checked by `test-sql-munge`).\n- **Ruby Conventions:** Adhere to `.rubocop.yml` and `.standard.yml`.\n\n## Infrastructure Configuration\n\n- Configurations are defined in `dalmatian.yml` (see `dalmatian.yml.example`).\n- **Dalmatian Config Repo:** If using the `dalmatian-config` repository:\n - Edit individual files in `config/infrastructures/*.yml`.\n - Run `bin/compile` in the `dalmatian-config` directory to regenerate `dalmatian.yml`.\n- Supports `standalone` and `overloaded` (remote sources) cluster descriptions.\n- Remote sources are cached locally via `bundle exec rake dalmatian:fetch`.\n", "diffStat": { "model_added_lines": 5, "model_removed_lines": 0, "model_added_chars": 400, "model_removed_chars": 0, "user_added_lines": 0, "user_removed_lines": 0, "user_added_chars": 0, "user_removed_chars": 0 }, "isNewFile": false }, "displayName": "WriteFile", "description": "Writes content to a specified file in the local filesystem.\n\n The user has the ability to modify `content`. If modified, this will be stated in the response.", "renderOutputAsMarkdown": true } ] }, { "id": "23b20204-9036-4ada-afd3-fda917c075e1", "timestamp": "2026-02-20T18:02:13.546Z", "type": "gemini", "content": "I have updated `GEMINI.md` to include information about testing and infrastructure configuration.\n\nSpecifically, I added:\n- The `-l` flag for quick linting and the `-i` and `-T` flags for targeted infrastructure testing in the **Testing** section.\n- Details about the `dalmatian-config` workflow (editing individual files and running `bin/compile`) in the **Infrastructure Configuration** section.", "thoughts": [], "tokens": { "input": 104118, "output": 89, "cached": 3842, "thoughts": 0, "tool": 0, "total": 104207 }, "model": "gemini-3-pro-preview" } ], "directories": [ "/Users/bob/git/dxw/dalmatian", "/Users/bob/git/dxw/dalmatian-config" ] }