chore(deps): update terraform random to v3.8.0 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
random (source)	required_provider	minor	3.7.2 → 3.8.0

---

Release Notes

hashicorp/terraform-provider-random (random)

v3.8.0

Compare Source

ENHANCEMENTS:

• Add uuid4 and uuid7 resources to generate valid random uuids of the appropriate version (#​402)

---

Configuration

📅 Schedule: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Open in Overmind ↗

---

model|risks_v6
✨Frontend Team Review

🟢 Change Signals

Routine 🟢 ▁▂▃▅ Multiple AWS instance resources showing routine updates at 1 event/week for the last 3 weeks.

View signals ↗

---

🔥 Risks

Instance replacement will orphan NLB IP target 10.0.101.181:9090, leaving zero healthy targets ‼️High Open Risk ↗
The production API server is being replaced with a new AMI. Its primary ENI is set DeleteOnTermination=true, and the service behind it is exposed through the NLB target group api-health-terraform-example that registers the static IP 10.0.101.181 on port 9090. When the instance is replaced, the ENI and private IP 10.0.101.181 will be destroyed and the new instance will receive a different private IP.

Because the target group uses static IP targets, it will continue health checking 10.0.101.181:9090, which will no longer route to the new instance. The NLB mon-internal-terraform-example will lose healthy targets, causing connection failures for clients relying on that listener. DNS tied to the old IP or to the instance’s public EIP may also see brief gaps during re-association, and CloudWatch metrics bound to the old instance ID will reset around the swap.

Instance replacement will change private IP and leave NLB IP target 10.0.101.181:9090 stale, breaking connectivity ❗Medium Open Risk ↗
The instance will be replaced to use AMI ami-0bf9887e498661487. Its current primary ENI has DeleteOnTermination=true and owns private IP 10.0.101.181, which is the exact IP registered in the internal NLB target group api-health-terraform-example on port 9090. When the old instance is terminated, that ENI and private IP will be released and the new instance will receive a different private IP.

Because no changes are planned to the NLB target registration, the load balancer will continue sending health checks and traffic to 10.0.101.181:9090, which will no longer be attached to the service. This will drive the target to unhealthy and break connectivity for consumers of mon-internal-terraform-example. The Elastic IP 13.134.236.98 may re-associate to the new ENI, but that does not fix the stale IP-target registration in the NLB.

---

🟣 Expected Changes

~ ec2-address › 13.134.236.98

--- current
+++ proposed
@@ -9,5 +9,5 @@
   domain: vpc
   id: eipalloc-05a1609afb54e84ed
-  instance: i-0f2ddb4fd6ffe519d
+  instance: (known after apply)
   ipam_pool_id: null
   network_border_group: eu-west-2

+/- ec2-instance › i-0f2ddb4fd6ffe519d

--- current
+++ proposed
@@ -2,60 +2,52 @@
 id: github.com/overmindtech/terraform-example.ec2-instance.module.api_access[0].aws_instance.api_server
 attributes:
-  ami: ami-08854f8e26c0f195a
-  arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-0f2ddb4fd6ffe519d
-  associate_public_ip_address: true
-  availability_zone: eu-west-2a
-  capacity_reservation_specification:
-    - capacity_reservation_preference: open
-  cpu_core_count: 2
-  cpu_options:
-    - core_count: 2
-      threads_per_core: 1
-  cpu_threads_per_core: 1
-  credit_specification:
-    - cpu_credits: unlimited
-  disable_api_stop: false
-  disable_api_termination: false
-  ebs_optimized: false
-  enable_primary_ipv6: null
-  enclave_options:
-    - enabled: false
+  ami: ami-0bf9887e498661487
+  arn: (known after apply)
+  associate_public_ip_address: (known after apply)
+  availability_zone: (known after apply)
+  capacity_reservation_specification: (known after apply)
+  cpu_core_count: (known after apply)
+  cpu_options: (known after apply)
+  cpu_threads_per_core: (known after apply)
+  disable_api_stop: (known after apply)
+  disable_api_termination: (known after apply)
+  ebs_block_device: (known after apply)
+  ebs_optimized: (known after apply)
+  enable_primary_ipv6: (known after apply)
+  enclave_options: (known after apply)
+  ephemeral_block_device: (known after apply)
   get_password_data: false
-  hibernation: false
-  host_resource_group_arn: null
-  id: i-0f2ddb4fd6ffe519d
-  instance_initiated_shutdown_behavior: stop
-  instance_state: running
+  hibernation: null
+  host_id: (known after apply)
+  host_resource_group_arn: (known after apply)
+  iam_instance_profile: (known after apply)
+  id: (known after apply)
+  instance_initiated_shutdown_behavior: (known after apply)
+  instance_lifecycle: (known after apply)
+  instance_market_options: (known after apply)
+  instance_state: (known after apply)
   instance_type: t4g.nano
-  ipv6_address_count: 0
-  maintenance_options:
-    - auto_recovery: default
-  metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 2
-      http_tokens: required
-      instance_metadata_tags: disabled
-  monitoring: false
-  placement_partition_number: 0
-  primary_network_interface_id: eni-0773024a15fcbb57f
-  private_dns: ip-10-0-101-181.eu-west-2.compute.internal
-  private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-  private_ip: 10.0.101.181
-  public_dns: ec2-13-134-236-98.eu-west-2.compute.amazonaws.com
-  public_ip: 13.134.236.98
-  root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 3000
-      throughput: 125
-      volume_id: vol-06afd9face18bb4ef
-      volume_size: 30
-      volume_type: gp3
+  ipv6_address_count: (known after apply)
+  ipv6_addresses: (known after apply)
+  key_name: (known after apply)
+  maintenance_options: (known after apply)
+  metadata_options: (known after apply)
+  monitoring: (known after apply)
+  network_interface: (known after apply)
+  outpost_arn: (known after apply)
+  password_data: (known after apply)
+  placement_group: (known after apply)
+  placement_partition_number: (known after apply)
+  primary_network_interface_id: (known after apply)
+  private_dns: (known after apply)
+  private_dns_name_options: (known after apply)
+  private_ip: (known after apply)
+  public_dns: (known after apply)
+  public_ip: (known after apply)
+  root_block_device: (known after apply)
+  secondary_private_ips: (known after apply)
+  security_groups: (known after apply)
   source_dest_check: true
+  spot_instance_request_id: (known after apply)
   subnet_id: subnet-07b5b1fb2ba02f964
   tags:
@@ -73,10 +62,10 @@
     Service: core-api
     Team: platform
-  tenancy: default
+  tenancy: (known after apply)
   terraform_address: module.api_access[0].aws_instance.api_server
   terraform_name: module.api_access[0].aws_instance.api_server
   timeouts: null
   user_data: 81da62125f9a922120a56e2408e5798a6cdef634
-  user_data_base64: null
+  user_data_base64: (known after apply)
   user_data_replace_on_change: true
   volume_tags: null

---

🟠 Unmapped Changes

+/- aws_lb_target_group_attachment › module.api_access[0].aws_lb_target_group_attachment.api_server_ip

--- current
+++ proposed
@@ -3,8 +3,8 @@
 attributes:
   availability_zone: all
-  id: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/api-health-terraform-example/b062866b5f0bf0e0-20260113024249454600000002
+  id: (known after apply)
   port: 9090
   target_group_arn: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/api-health-terraform-example/b062866b5f0bf0e0
-  target_id: 10.0.101.181
+  target_id: (known after apply)
   terraform_address: module.api_access[0].aws_lb_target_group_attachment.api_server_ip
   terraform_name: module.api_access[0].aws_lb_target_group_attachment.api_server_ip

---

💥 Blast Radius

Items 17

Edges 41

[github-actions]

⛔ Auto-Blocked

---

🔴 Decision

Found 1 high risk requiring review

---

📊 Signals Summary

Routine 🟢 +4

---

🔥 Risks Summary

High 1 · Medium 1 · Low 0

---

💥 Blast Radius

Items 17 · Edges 41

---

View full analysis in Overmind ↗