Chore/#54 각 account 별 main.tf 주석 추가

[3olly]

#️⃣ Related Issues

#54

📝 Work Summary

main 브랜치에서 terraform apply를 다시 돌리기 위해, management account와 operation account의 main.tf에 주석을 추가하였습니다.

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/monitoring
Executed At	2025-07-27 14:30:49 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: listing tags for EventBridge Rule (arn:aws:events:ap-northeast-2:502676416967:rule/cloudtrail-s3-event-rule): operation error EventBridge: ListTagsForResource, https response error StatusCode: 400, RequestID: e13fc767-8d31-4784-9ded-d0770915cd28, api error AccessDeniedException: User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: events:ListTagsForResource on resource: arn:aws:events:ap-northeast-2:502676416967:rule/cloudtrail-s3-event-rule because no identity-based policy allows the events:ListTagsForResource action

  with module.eventbridge.aws_cloudwatch_event_rule.s3_object_created,
  on ../../modules/eventbridge_triggers/main.tf line 2, in resource "aws_cloudwatch_event_rule" "s3_object_created":
   2: resource "aws_cloudwatch_event_rule" "s3_object_created" {


Error: reading OpenSearch Domain (arn:aws:es:ap-northeast-2:502676416967:domain/whs-domain): operation error OpenSearch: DescribeDomain, https response error StatusCode: 403, RequestID: 36c6bb60-4cf4-4582-a927-daa9bbbc16aa, api error AccessDeniedException: [User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: es:DescribeDomain on resource: arn:aws:es:ap-northeast-2:502676416967:domain/whs-domain because no identity-based policy allows the es:DescribeDomain action, User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: es:DescribeElasticsearchDomain on resource: arn:aws:es:ap-northeast-2:502676416967:domain/whs-domain because no identity-based policy allows the es:DescribeElasticsearchDomain action]

  with module.opensearch_domain.aws_opensearch_domain.this,
  on ../../modules/opensearch_domain/main.tf line 1, in resource "aws_opensearch_domain" "this":
   1: resource "aws_opensearch_domain" "this" {

[github-actions]

💰 Infracost report

Monthly estimate generated

_{This comment will be updated when code changes.}

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/monitoring
Executed At	2025-07-27 14:34:34 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: reading CloudTrail Trail (arn:aws:cloudtrail:ap-northeast-2:433331841346:trail/org-cloudtrail): operation error CloudTrail: DescribeTrails, https response error StatusCode: 400, RequestID: 8e0b90ec-31a9-4898-b313-204221d26180, api error AccessDeniedException: User: arn:aws:sts::433331841346:assumed-role/management-role/GitHubActions is not authorized to perform: cloudtrail:DescribeTrails because no identity-based policy allows the cloudtrail:DescribeTrails action

  with module.cloudtrail.aws_cloudtrail.org,
  on ../../modules/cloudtrail_org/main.tf line 1, in resource "aws_cloudtrail" "org":
   1: resource "aws_cloudtrail" "org" {

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/monitoring
Executed At	2025-07-27 14:34:36 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: listing tags for EventBridge Rule (arn:aws:events:ap-northeast-2:502676416967:rule/cloudtrail-s3-event-rule): operation error EventBridge: ListTagsForResource, https response error StatusCode: 400, RequestID: 75747906-2432-455b-a03a-d4da97af4a9f, api error AccessDeniedException: User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: events:ListTagsForResource on resource: arn:aws:events:ap-northeast-2:502676416967:rule/cloudtrail-s3-event-rule because no identity-based policy allows the events:ListTagsForResource action

  with module.eventbridge.aws_cloudwatch_event_rule.s3_object_created,
  on ../../modules/eventbridge_triggers/main.tf line 1, in resource "aws_cloudwatch_event_rule" "s3_object_created":
   1: resource "aws_cloudwatch_event_rule" "s3_object_created" {


Error: reading OpenSearch Domain (arn:aws:es:ap-northeast-2:502676416967:domain/whs-domain): operation error OpenSearch: DescribeDomain, https response error StatusCode: 403, RequestID: 1b1d596a-d3fb-4aad-beb5-03b26893d5e7, api error AccessDeniedException: [User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: es:DescribeDomain on resource: arn:aws:es:ap-northeast-2:502676416967:domain/whs-domain because no identity-based policy allows the es:DescribeDomain action, User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: es:DescribeElasticsearchDomain on resource: arn:aws:es:ap-northeast-2:502676416967:domain/whs-domain because no identity-based policy allows the es:DescribeElasticsearchDomain action]

  with module.opensearch_domain.aws_opensearch_domain.this,
  on ../../modules/opensearch_domain/main.tf line 1, in resource "aws_opensearch_domain" "this":
   1: resource "aws_opensearch_domain" "this" {

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/monitoring
Executed At	2025-07-27 14:41:31 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: reading CloudTrail Trail (arn:aws:cloudtrail:ap-northeast-2:433331841346:trail/org-cloudtrail): operation error CloudTrail: DescribeTrails, https response error StatusCode: 400, RequestID: 6e8ffaa9-f418-4277-beb7-d4dd190b6367, api error AccessDeniedException: User: arn:aws:sts::433331841346:assumed-role/management-role/GitHubActions is not authorized to perform: cloudtrail:DescribeTrails because no identity-based policy allows the cloudtrail:DescribeTrails action

  with module.cloudtrail.aws_cloudtrail.org,
  on ../../modules/cloudtrail_org/main.tf line 1, in resource "aws_cloudtrail" "org":
   1: resource "aws_cloudtrail" "org" {

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/monitoring
Executed At	2025-07-27 14:41:35 UTC

---

Plan Output

Plan failed

Plan Error (if any)

Error: reading Lambda Function (opensearch-alerting-setup): operation error Lambda: GetFunction, https response error StatusCode: 403, RequestID: 42729830-6bdb-4a66-8a62-69a7c1cce85b, api error AccessDeniedException: User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: lambda:GetFunction on resource: arn:aws:lambda:ap-northeast-2:502676416967:function:opensearch-alerting-setup because no identity-based policy allows the lambda:GetFunction action

  with module.lambda_alerting.aws_lambda_function.alerting_setup,
  on ../../modules/lambda_alerting/main.tf line 45, in resource "aws_lambda_function" "alerting_setup":
  45: resource "aws_lambda_function" "alerting_setup" {


Error: reading Lambda Function (s3-to-opensearch-delivery): operation error Lambda: GetFunction, https response error StatusCode: 403, RequestID: 71963d8b-4d9a-44db-97c4-cd3673a9afae, api error AccessDeniedException: User: arn:aws:sts::502676416967:assumed-role/operation-cicd/GitHubActions is not authorized to perform: lambda:GetFunction on resource: arn:aws:lambda:ap-northeast-2:502676416967:function:s3-to-opensearch-delivery because no identity-based policy allows the lambda:GetFunction action

  with module.lambda_delivery.aws_lambda_function.delivery,
  on ../../modules/lambda_delivery/main.tf line 63, in resource "aws_lambda_function" "delivery":
  63: resource "aws_lambda_function" "delivery" {

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	management-team-account/monitoring
Executed At	2025-07-27 14:46:00 UTC

---

Plan Output

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration
and found no differences, so no changes are needed.

Plan Error (if any)

(no errors)

[github-actions]

[Terraform Plan Summary]

항목	값
Status	success
Directory	operation-team-account/monitoring
Executed At	2025-07-27 14:46:01 UTC

---

Plan Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.lambda_alerting.aws_lambda_function.alerting_setup will be updated in-place
  ~ resource "aws_lambda_function" "alerting_setup" {
        id                             = "opensearch-alerting-setup"
        tags                           = {}
        # (23 unchanged attributes hidden)

      ~ environment {
          ~ variables = {
              ~ "SLACK_WEBHOOK_URL"   = (sensitive value)
                # (1 unchanged element hidden)
            }
        }

        # (3 unchanged blocks hidden)
    }

  # module.opensearch_domain.aws_opensearch_domain.this will be updated in-place
  ~ resource "aws_opensearch_domain" "this" {
      ~ access_policies    = (sensitive value)
        id                 = "arn:aws:es:ap-northeast-2:502676416967:domain/whs-domain"
        tags               = {}
        # (10 unchanged attributes hidden)

        # (10 unchanged blocks hidden)
    }

  # module.s3.aws_s3_bucket_policy.cloudtrail will be updated in-place
  ~ resource "aws_s3_bucket_policy" "cloudtrail" {
        id     = "whs-aws-logs"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                    # (2 unchanged elements hidden)
                    {
                        Action    = "s3:PutObject"
                        Condition = {
                            StringEquals = {
                                "s3:x-amz-acl" = "bucket-owner-full-control"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Service = "cloudtrail.amazonaws.com"
                        }
                        Resource  = "arn:aws:s3:::whs-aws-logs/AWSLogs/*"
                        Sid       = "AllowCloudTrailWrite"
                    },
                  ~ {
                      ~ Principal = {
                          ~ AWS = "arn:aws:iam::243359234795:root" -> "arn:aws:iam::502676416967:root"
                        }
                      ~ Resource  = "arn:aws:s3:::whs-aws-logs/AWSLogs/243359234795/*" -> "arn:aws:s3:::whs-aws-logs/AWSLogs/502676416967/*"
                        # (4 unchanged attributes hidden)
                    },
                  ~ {
                      ~ Principal = {
                          ~ AWS = "arn:aws:iam::243359234795:root" -> "arn:aws:iam::502676416967:root"
                        }
                        # (4 unchanged attributes hidden)
                    },
                ]
                # (1 unchanged attribute hidden)
            }
        )
        # (1 unchanged attribute hidden)
    }

Plan: 0 to add, 3 to change, 0 to destroy.

Plan Error (if any)

(no errors)

[rnjsdbwlsqwer]

주석만 추가된 거 확인했습니다.