Skip to content

chore(deps): update terraform random to v3.8.0 - autoclosed#452

Closed
renovate[bot] wants to merge 1 commit intomainfrom
renovate/terraform
Closed

chore(deps): update terraform random to v3.8.0 - autoclosed#452
renovate[bot] wants to merge 1 commit intomainfrom
renovate/terraform

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jan 16, 2026

This PR contains the following updates:

Package Type Update Change
random (source) required_provider minor 3.7.23.8.0

Release Notes

hashicorp/terraform-provider-random (random)

v3.8.0

Compare Source

ENHANCEMENTS:

  • Add uuid4 and uuid7 resources to generate valid random uuids of the appropriate version (#​402)

Configuration

📅 Schedule: Branch creation - "before 10am on friday" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies Renovatebot and dependabot updates terraform labels Jan 16, 2026
@renovate renovate bot enabled auto-merge (squash) January 16, 2026 01:48
@github-actions
Copy link

Overmind

Open in Overmind ↗


model|risks_v6
✨Frontend Team Review

🟢 Change Signals

Routine 🟢 ▁▂▃▅ Multiple AWS instance resources showing routine updates at 1 event/week for the last 3 weeks.

View signals ↗


🔥 Risks

Instance replacement will orphan NLB IP target 10.0.101.181:9090, leaving zero healthy targets ‼️High Open Risk ↗
The production API server is being replaced with a new AMI. Its primary ENI is set DeleteOnTermination=true, and the service behind it is exposed through the NLB target group api-health-terraform-example that registers the static IP 10.0.101.181 on port 9090. When the instance is replaced, the ENI and private IP 10.0.101.181 will be destroyed and the new instance will receive a different private IP.

Because the target group uses static IP targets, it will continue health checking 10.0.101.181:9090, which will no longer route to the new instance. The NLB mon-internal-terraform-example will lose healthy targets, causing connection failures for clients relying on that listener. DNS tied to the old IP or to the instance’s public EIP may also see brief gaps during re-association, and CloudWatch metrics bound to the old instance ID will reset around the swap.

Instance replacement will change private IP and leave NLB IP target 10.0.101.181:9090 stale, breaking connectivity ❗Medium Open Risk ↗
The instance will be replaced to use AMI ami-0bf9887e498661487. Its current primary ENI has DeleteOnTermination=true and owns private IP 10.0.101.181, which is the exact IP registered in the internal NLB target group api-health-terraform-example on port 9090. When the old instance is terminated, that ENI and private IP will be released and the new instance will receive a different private IP.

Because no changes are planned to the NLB target registration, the load balancer will continue sending health checks and traffic to 10.0.101.181:9090, which will no longer be attached to the service. This will drive the target to unhealthy and break connectivity for consumers of mon-internal-terraform-example. The Elastic IP 13.134.236.98 may re-associate to the new ENI, but that does not fix the stale IP-target registration in the NLB.


🟣 Expected Changes

~ ec2-address › 13.134.236.98
--- current
+++ proposed
@@ -9,5 +9,5 @@
   domain: vpc
   id: eipalloc-05a1609afb54e84ed
-  instance: i-0f2ddb4fd6ffe519d
+  instance: (known after apply)
   ipam_pool_id: null
   network_border_group: eu-west-2
+/- ec2-instance › i-0f2ddb4fd6ffe519d
--- current
+++ proposed
@@ -2,60 +2,52 @@
 id: github.com/overmindtech/terraform-example.ec2-instance.module.api_access[0].aws_instance.api_server
 attributes:
-  ami: ami-08854f8e26c0f195a
-  arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-0f2ddb4fd6ffe519d
-  associate_public_ip_address: true
-  availability_zone: eu-west-2a
-  capacity_reservation_specification:
-    - capacity_reservation_preference: open
-  cpu_core_count: 2
-  cpu_options:
-    - core_count: 2
-      threads_per_core: 1
-  cpu_threads_per_core: 1
-  credit_specification:
-    - cpu_credits: unlimited
-  disable_api_stop: false
-  disable_api_termination: false
-  ebs_optimized: false
-  enable_primary_ipv6: null
-  enclave_options:
-    - enabled: false
+  ami: ami-0bf9887e498661487
+  arn: (known after apply)
+  associate_public_ip_address: (known after apply)
+  availability_zone: (known after apply)
+  capacity_reservation_specification: (known after apply)
+  cpu_core_count: (known after apply)
+  cpu_options: (known after apply)
+  cpu_threads_per_core: (known after apply)
+  disable_api_stop: (known after apply)
+  disable_api_termination: (known after apply)
+  ebs_block_device: (known after apply)
+  ebs_optimized: (known after apply)
+  enable_primary_ipv6: (known after apply)
+  enclave_options: (known after apply)
+  ephemeral_block_device: (known after apply)
   get_password_data: false
-  hibernation: false
-  host_resource_group_arn: null
-  id: i-0f2ddb4fd6ffe519d
-  instance_initiated_shutdown_behavior: stop
-  instance_state: running
+  hibernation: null
+  host_id: (known after apply)
+  host_resource_group_arn: (known after apply)
+  iam_instance_profile: (known after apply)
+  id: (known after apply)
+  instance_initiated_shutdown_behavior: (known after apply)
+  instance_lifecycle: (known after apply)
+  instance_market_options: (known after apply)
+  instance_state: (known after apply)
   instance_type: t4g.nano
-  ipv6_address_count: 0
-  maintenance_options:
-    - auto_recovery: default
-  metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 2
-      http_tokens: required
-      instance_metadata_tags: disabled
-  monitoring: false
-  placement_partition_number: 0
-  primary_network_interface_id: eni-0773024a15fcbb57f
-  private_dns: ip-10-0-101-181.eu-west-2.compute.internal
-  private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-  private_ip: 10.0.101.181
-  public_dns: ec2-13-134-236-98.eu-west-2.compute.amazonaws.com
-  public_ip: 13.134.236.98
-  root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 3000
-      throughput: 125
-      volume_id: vol-06afd9face18bb4ef
-      volume_size: 30
-      volume_type: gp3
+  ipv6_address_count: (known after apply)
+  ipv6_addresses: (known after apply)
+  key_name: (known after apply)
+  maintenance_options: (known after apply)
+  metadata_options: (known after apply)
+  monitoring: (known after apply)
+  network_interface: (known after apply)
+  outpost_arn: (known after apply)
+  password_data: (known after apply)
+  placement_group: (known after apply)
+  placement_partition_number: (known after apply)
+  primary_network_interface_id: (known after apply)
+  private_dns: (known after apply)
+  private_dns_name_options: (known after apply)
+  private_ip: (known after apply)
+  public_dns: (known after apply)
+  public_ip: (known after apply)
+  root_block_device: (known after apply)
+  secondary_private_ips: (known after apply)
+  security_groups: (known after apply)
   source_dest_check: true
+  spot_instance_request_id: (known after apply)
   subnet_id: subnet-07b5b1fb2ba02f964
   tags:
@@ -73,10 +62,10 @@
     Service: core-api
     Team: platform
-  tenancy: default
+  tenancy: (known after apply)
   terraform_address: module.api_access[0].aws_instance.api_server
   terraform_name: module.api_access[0].aws_instance.api_server
   timeouts: null
   user_data: 81da62125f9a922120a56e2408e5798a6cdef634
-  user_data_base64: null
+  user_data_base64: (known after apply)
   user_data_replace_on_change: true
   volume_tags: null

🟠 Unmapped Changes

+/- aws_lb_target_group_attachment › module.api_access[0].aws_lb_target_group_attachment.api_server_ip
--- current
+++ proposed
@@ -3,8 +3,8 @@
 attributes:
   availability_zone: all
-  id: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/api-health-terraform-example/b062866b5f0bf0e0-20260113024249454600000002
+  id: (known after apply)
   port: 9090
   target_group_arn: arn:aws:elasticloadbalancing:eu-west-2:540044833068:targetgroup/api-health-terraform-example/b062866b5f0bf0e0
-  target_id: 10.0.101.181
+  target_id: (known after apply)
   terraform_address: module.api_access[0].aws_lb_target_group_attachment.api_server_ip
   terraform_name: module.api_access[0].aws_lb_target_group_attachment.api_server_ip

💥 Blast Radius

Items 17

Edges 41

Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overmind

⛔ Auto-Blocked


🔴 Decision

Found 1 high risk requiring review


📊 Signals Summary

Routine 🟢 +4


🔥 Risks Summary

High 1 · Medium 1 · Low 0


💥 Blast Radius

Items 17 · Edges 41


View full analysis in Overmind ↗

@renovate renovate bot changed the title chore(deps): update terraform random to v3.8.0 chore(deps): update terraform random to v3.8.0 - autoclosed Jan 19, 2026
@renovate renovate bot closed this Jan 19, 2026
auto-merge was automatically disabled January 19, 2026 02:49

Pull request was closed

@renovate renovate bot deleted the renovate/terraform branch January 19, 2026 02:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Renovatebot and dependabot updates terraform

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants