[WIFI-7180] Improve our cloud costs visibility and control (#221)

* Adapt budget alarms and increase cost threshold Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix Terraform syntax Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Add lifecycle rule for logs bucket Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Add name tags for S3 buckets Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix Terraform syntax Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix name tag Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix deprecation warnings Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Re-add versioning config for backup bucket Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Fix more deprecation warnings and upgrade Terraform providers Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Reset monthly budget for other projects and add cost anomaly alert Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> * Remove policy condition Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org> Signed-off-by: Johann Hoffmann <johann.hoffmann@mailbox.org>
2025-10-29 18:12:20 +00:00 · 2022-11-14 14:54:40 +01:00
parent 6d9df4453f
commit 5db814629f
13 changed files with 267 additions and 131 deletions
--- a/terraform/backups-929991548720/tf_backup/main.tf
+++ b/terraform/backups-929991548720/tf_backup/main.tf
@@ -10,6 +10,12 @@ terraform {
  }
 }

+locals {
+  common_tags = {
+    "ManagedBy" = "terraform"
+  }
+}
+
 provider "aws" {
  version = ">= 2.63.0"
  region  = var.aws_region
@@ -26,4 +32,4 @@ data "aws_subnet_ids" "default" {
  vpc_id = data.aws_vpc.default.id
 }

-data "aws_caller_identity" "current" {}
+data "aws_caller_identity" "current" {}
--- a/terraform/backups-929991548720/tf_backup/s3.tf
+++ b/terraform/backups-929991548720/tf_backup/s3.tf
@@ -1,10 +1,9 @@
 resource "aws_s3_bucket" "repo_backup" {
  bucket = var.s3_bucket_backup_name
  acl    = "private"
-
-  versioning {
-    enabled = var.s3_bucket_versioning
-  }
+  tags = merge({
+    "Name" : var.s3_bucket_backup_name
+  }, local.common_tags)

  lifecycle_rule {
    prefix  = ""
@@ -39,6 +38,13 @@ resource "aws_s3_bucket" "repo_backup" {

 }

+resource "aws_s3_bucket_versioning" "repo_backup" {
+  bucket = aws_s3_bucket.repo_backup.id
+  versioning_configuration {
+    status = "Suspended"
+  }
+}
+
 resource "aws_s3_bucket_public_access_block" "repo_backup" {
  bucket                  = aws_s3_bucket.repo_backup.id
  block_public_acls       = true
@@ -56,4 +62,4 @@ resource "aws_vpc_endpoint" "s3" {

 data "aws_route_tables" "default" {
  vpc_id = data.aws_vpc.default.id
-}
+}
--- a/terraform/backups-929991548720/tf_backup/variables.tf
+++ b/terraform/backups-929991548720/tf_backup/variables.tf
@@ -44,12 +44,6 @@ variable "s3_bucket_backup_name" {
  type        = string
 }

-variable "s3_bucket_versioning" {
-  description = "Enables/disables s3 bucket versioning"
-  type        = bool
-  default     = false
-}
-
 variable "repo_blacklist" {
  description = "Comma separated list of repositories to exclude from backup"
  type        = set(string)
--- a/terraform/root-162540680133/tf_organization/billing_alarm.tf
+++ b/terraform/root-162540680133/tf_organization/billing_alarm.tf
@@ -2,7 +2,7 @@ resource "aws_budgets_budget" "default" {
  for_each          = var.org_accounts
  name              = "${each.key}-budget"
  budget_type       = "COST"
-  limit_amount      = each.value["montly_budget"]
+  limit_amount      = each.value["monthly_budget"]
  limit_unit        = "USD"
  time_unit         = "MONTHLY"
  time_period_start = formatdate("YYYY-MM-DD_00:00", timestamp())
@@ -19,7 +19,7 @@ resource "aws_budgets_budget" "default" {
    comparison_operator        = "GREATER_THAN"
    threshold                  = 100
    threshold_type             = "PERCENTAGE"
-    notification_type          = "ACTUAL"
+    notification_type          = "FORECASTED"
    subscriber_email_addresses = each.value["billing_alarm_notify_emails"]
  }
-}
+}
--- a/terraform/root-162540680133/tf_organization/terraform.tfvars
+++ b/terraform/root-162540680133/tf_organization/terraform.tfvars
@@ -4,15 +4,15 @@ billing_alarm_notify_emails = [
  "tip-alerts@opsfleet.com"
 ]

-budget_montly_limit = {
+budget_monthly_limit = {
  "cicd" = "100.0"
  "wifi" = "100.0"
 }

 org_accounts = {
  "cicd" = {
-    "email"         = "cicd-admin@telecominfraproject.com"
-    "montly_budget" = "500.0"
+    "email"          = "cicd-admin@telecominfraproject.com"
+    "monthly_budget" = "500.0"
    "billing_alarm_notify_emails" = [
      "dorongivoni@fb.com",
      "jcrosby@launchcg.com",
@@ -20,19 +20,18 @@ org_accounts = {
  }

  "wifi" = {
-    "email"         = "wifi-admin@telecominfraproject.com"
-    "montly_budget" = "1000.0"
+    "email"          = "wifi-admin@telecominfraproject.com"
+    "monthly_budget" = "5000.0"
    "billing_alarm_notify_emails" = [
-      "dorongivoni@fb.com",
-      "jcrosby@launchcg.com",
-      "dmitry.toptygin@connectus.ai",
-      "chrisbusch@fb.com",
+      "jaspreetsachdev@meta.com",
+      "tip-alerts@opsfleet.com",
+      "chrisbusch@meta.com",
    ]
  }

  "openautomation" = {
-    "email"         = "netauto-admin@telecominfraproject.com"
-    "montly_budget" = "500.0"
+    "email"          = "netauto-admin@telecominfraproject.com"
+    "monthly_budget" = "500.0"
    "billing_alarm_notify_emails" = [
      "dorongivoni@fb.com",
      "jcrosby@launchcg.com",
--- a/terraform/root-162540680133/tf_organization/variables.tf
+++ b/terraform/root-162540680133/tf_organization/variables.tf
@@ -8,11 +8,11 @@ variable "billing_alarm_notify_emails" {
  type        = set(string)
 }

-variable "budget_montly_limit" {
-  description = "Montly budget limit, USD"
+variable "budget_monthly_limit" {
+  description = "Monthly budget limit, USD"
  type        = map(string)
 }

 variable "org_accounts" {
  description = "Organization accounts"
-}
+}
--- a/terraform/wifi-289708231103/allure-reports-s3/main.tf
+++ b/terraform/wifi-289708231103/allure-reports-s3/main.tf
@@ -35,7 +35,9 @@ locals {
 resource "aws_s3_bucket" "bucket" {
  bucket = "openwifi-allure-reports"
  acl    = "public-read"
-  tags   = local.common_tags
+  tags = merge({
+    "Name" : "openwifi-allure-reports"
+  }, local.common_tags)

  website {
    index_document = "index.html"
--- a/terraform/wifi-289708231103/cloudsdk_cicd/.terraform.lock.hcl
+++ b/terraform/wifi-289708231103/cloudsdk_cicd/.terraform.lock.hcl
@@ -2,21 +2,22 @@
 # Manual edits may be lost in future updates.

 provider "registry.terraform.io/hashicorp/aws" {
-  version     = "3.61.0"
-  constraints = ">= 2.23.0, >= 2.55.0, >= 2.59.0, >= 2.68.0"
+  version     = "4.38.0"
+  constraints = ">= 2.23.0, >= 2.68.0, >= 3.22.0, >= 3.35.0"
  hashes = [
-    "h1:0WQSlLpN11nCeKu/k07BwcpypK0AfZDcbfkCxI/QbiE=",
-    "zh:0483ca802ddb0ae4f73144b4357ba72242c6e2641aeb460b1aa9a6f6965464b0",
-    "zh:274712214ebeb0c1269cbc468e5705bb5741dc45b05c05e9793ca97f22a1baa1",
-    "zh:3c6bd97a2ca809469ae38f6893348386c476cb3065b120b785353c1507401adf",
-    "zh:53dd41a9aed9860adbbeeb71a23e4f8195c656fd15a02c90fa2d302a5f577d8c",
-    "zh:65c639c547b97bc880fd83e65511c0f4bbfc91b63cada3b8c0d5776444221700",
-    "zh:a2769e19137ff480c1dd3e4f248e832df90fb6930a22c66264d9793895161714",
-    "zh:a5897a99332cc0071e46a71359b86a8e53ab09c1453e94cd7cf45a0b577ff590",
-    "zh:bdc2353642d16d8e2437a9015cd4216a1772be9736645cc17d1a197480e2b5b7",
-    "zh:cbeace1deae938f6c0aca3734e6088f3633ca09611aff701c15cb6d42f2b918a",
-    "zh:d33ca19012aabd98cc03fdeccd0bd5ce56e28f61a1dfbb2eea88e89487de7fb3",
-    "zh:d548b29a864b0687e85e8a993f208e25e3ecc40fcc5b671e1985754b32fdd658",
+    "h1:bhDPZioOF9Uz9mavezCHfYbD5YJ3fEPsixLpcWgV/kU=",
+    "zh:0ae61458acf7acecf47f7a02e08da1f7adeee9532e053c0d80432f16197e4799",
+    "zh:1ece9bcef41ffc75e0955419d7f8b1708ab7ffe4518bc9a2afe3bc5c79a9e79b",
+    "zh:302065a7c3ae798345b92a465b650b025d9c4e9abc3e78421ecc69a17b8c3d6a",
+    "zh:52d61f6a3ed6726b821a78f1fb78df818cf24a4d2378cc16afded297b37d4b7b",
+    "zh:6c365ed0cae031acdbcca04560997589a94629269cb456d468cbe51a3a020386",
+    "zh:70987a51d782f3458f124efea320157a48453864c420421051c56d41e463a948",
+    "zh:8b5a5f30240c67e596a89ccd76aa81133e6ae253c8a06a932b8901ef2b4a7486",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:d672167515ece7c2db4663faf180dfb6cfc6dbf5e149f868d05c39bb54b9ca03",
+    "zh:df1bc9926674b2e1246c9ebffd8bf8c4e380f50910a7f0b3ded957e8768ae27a",
+    "zh:e304b6e2bd66e7992326aa0446152547eb97e8f77d00bc1a9096022ac37e5d71",
+    "zh:f033690f11446af1383ad74149f429fae19e2784af5e151a22f46965dff21b29",
  ]
 }

@@ -39,96 +40,101 @@ provider "registry.terraform.io/hashicorp/cloudinit" {
 }

 provider "registry.terraform.io/hashicorp/http" {
-  version = "2.1.0"
+  version = "3.2.1"
  hashes = [
-    "h1:HmUcHqc59VeHReHD2SEhnLVQPUKHKTipJ8Jxq67GiDU=",
-    "zh:03d82dc0887d755b8406697b1d27506bc9f86f93b3e9b4d26e0679d96b802826",
-    "zh:0704d02926393ddc0cfad0b87c3d51eafeeae5f9e27cc71e193c141079244a22",
-    "zh:095ea350ea94973e043dad2394f10bca4a4bf41be775ba59d19961d39141d150",
-    "zh:0b71ac44e87d6964ace82979fc3cbb09eb876ed8f954449481bcaa969ba29cb7",
-    "zh:0e255a170db598bd1142c396cefc59712ad6d4e1b0e08a840356a371e7b73bc4",
-    "zh:67c8091cfad226218c472c04881edf236db8f2dc149dc5ada878a1cd3c1de171",
-    "zh:75df05e25d14b5101d4bc6624ac4a01bb17af0263c9e8a740e739f8938b86ee3",
-    "zh:b4e36b2c4f33fdc44bf55fa1c9bb6864b5b77822f444bd56f0be7e9476674d0e",
-    "zh:b9b36b01d2ec4771838743517bc5f24ea27976634987c6d5529ac4223e44365d",
-    "zh:ca264a916e42e221fddb98d640148b12e42116046454b39ede99a77fc52f59f4",
-    "zh:fe373b2fb2cc94777a91ecd7ac5372e699748c455f44f6ea27e494de9e5e6f92",
+    "h1:DfxMa1zM/0NCFWN5PAxivSHJMNkOAFZvDYQkO72ZQmw=",
+    "zh:088b3b3128034485e11dff8da16e857d316fbefeaaf5bef24cceda34c6980641",
+    "zh:09ed1f2462ea4590b112e048c4af556f0b6eafc7cf2c75bb2ac21cd87ca59377",
+    "zh:39c6b0b4d3f0f65e783c467d3f634e2394820b8aef907fcc24493f21dcf73ca3",
+    "zh:47aab45327daecd33158a36c1a36004180a518bf1620cdd5cfc5e1fe77d5a86f",
+    "zh:4d70a990aa48116ab6f194eef393082c21cf58bece933b63575c63c1d2b66818",
+    "zh:65470c43fda950c7e9ac89417303c470146de984201fff6ef84299ea29e02d30",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:842b4dd63e438f5cd5fdfba1c09b8fdf268e8766e6690988ee24e8b25bfd9e8d",
+    "zh:a167a057f7e2d80c78d4b4057538588131fceb983d5c93b07675ad9eb1aa5790",
+    "zh:d0ba69b62b6db788cfe3cf8f7dc6e9a0eabe2927dc119d7fe3fe6573ee559e66",
+    "zh:e28d24c1d5ff24b1d1cc6f0074a1f41a6974f473f4ff7a37e55c7b6dca68308a",
+    "zh:fde8a50554960e5366fd0e1ca330a7c1d24ae6bbb2888137a5c83d83ce14fd18",
  ]
 }

 provider "registry.terraform.io/hashicorp/kubernetes" {
-  version     = "1.13.4"
-  constraints = "~> 1.9, >= 1.11.1"
+  version     = "2.15.0"
+  constraints = ">= 1.11.1"
  hashes = [
-    "h1:xZ0YM8/XezNWMhWKHWWVW8CQA7QzA1eJnXyYoq3R9uk=",
-    "zh:0658034b1b0e241f6d6fc8dac2073755dcbab8f82645c0a46cec052469c518b2",
-    "zh:11a08ffa9b86670711cb8f2754ac8034b0cdf3d9bad4f3c22695f749a892c630",
-    "zh:3e90e15a58f699f22bcbe27d3cf45064f9e1a2f1fb50992afc6ea55a59100d4c",
-    "zh:5e5a335655e40ceb4576af3790aead62646942972c206f49a3dc52275d925f11",
-    "zh:6bbf068c35380e75fbd7f5186c37175c6058bd6160d59957a023af3e4c9f43c5",
-    "zh:6bd839cce4ce786201b3d0d43b6ad80e3bf9642f74b1490b9cf72ca8d8c90575",
-    "zh:804ba2f1d03f315b071434fd7201eeb1e705fcb82f9a1dc4bec760e4231becfa",
-    "zh:957963a9f287589836a56be24bb9a172919f5a3f18098adb9f185f2a6699680b",
-    "zh:b099aea7f5213450f3b0d4e439aeb83aba965920b89474aa94f2bc0d6f698fe7",
-    "zh:b8d610a387f0df4b4c5c27b9319749d1bf60b01c69ea65d2d129c2a61afa0c7b",
-    "zh:cbf56221840b360befc00fe2336a9236d1ff0f32456453030ed6f58b49deb8df",
+    "h1:wAdoEHV4gXntbTcKkva3AKQKt1+BZL9Bi+Z+RZjFYyc=",
+    "zh:108011c33c0fc0b4d429d511bf97744b40b1ab261d51d413b3bffc8247369f26",
+    "zh:3ac39669fa20b7e0430753c3023d8393348213a84c69a18dc75057761478cfcf",
+    "zh:530d274328ce6428300dccf94e26d180c4c867b8fd0e4992ae890451c421fec5",
+    "zh:63245aa73e9df0c71b667ad9e2c6a3495ab3fe43bac0e18a54277ff0593fecdf",
+    "zh:71794ea586e3dc32091269b84734e82b3481faf2d0c359c2f4cab7495d4862f5",
+    "zh:74e163dee3d707ba500830360502b3290b18ed4f753d86c1b39b31ee2b937d2e",
+    "zh:79861de68923f6fd100b7b50a781458437f5d236aa0092005f77beb71f9c13f0",
+    "zh:93cbf9665675c56e045cb42dad7a3985603eaba3893c2dca114880026ddc6016",
+    "zh:a503259f0f4b0028e27a98e5d3a62b7bd70fee763a96ac1880ad7397e31783c8",
+    "zh:d861f87b9b129d60946d580a4190a3bd2aaa30f4fbb237a6a0823fc567c6209a",
+    "zh:e70dacf74b773326e6c618d41ad51a4220eec2caf77617bf45861af46ba2a4ab",
+    "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
  ]
 }

 provider "registry.terraform.io/hashicorp/local" {
-  version     = "2.1.0"
+  version     = "2.2.3"
  constraints = ">= 1.4.0"
  hashes = [
-    "h1:EYZdckuGU3n6APs97nS2LxZm3dDtGqyM4qaIvsmac8o=",
-    "zh:0f1ec65101fa35050978d483d6e8916664b7556800348456ff3d09454ac1eae2",
-    "zh:36e42ac19f5d68467aacf07e6adcf83c7486f2e5b5f4339e9671f68525fc87ab",
-    "zh:6db9db2a1819e77b1642ec3b5e95042b202aee8151a0256d289f2e141bf3ceb3",
-    "zh:719dfd97bb9ddce99f7d741260b8ece2682b363735c764cac83303f02386075a",
-    "zh:7598bb86e0378fd97eaa04638c1a4c75f960f62f69d3662e6d80ffa5a89847fe",
-    "zh:ad0a188b52517fec9eca393f1e2c9daea362b33ae2eb38a857b6b09949a727c1",
-    "zh:c46846c8df66a13fee6eff7dc5d528a7f868ae0dcf92d79deaac73cc297ed20c",
-    "zh:dc1a20a2eec12095d04bf6da5321f535351a594a636912361db20eb2a707ccc4",
-    "zh:e57ab4771a9d999401f6badd8b018558357d3cbdf3d33cc0c4f83e818ca8e94b",
-    "zh:ebdcde208072b4b0f8d305ebf2bfdc62c926e0717599dcf8ec2fd8c5845031c3",
-    "zh:ef34c52b68933bedd0868a13ccfd59ff1c820f299760b3c02e008dc95e2ece91",
+    "h1:aWp5iSUxBGgPv1UnV5yag9Pb0N+U1I0sZb38AXBFO8A=",
+    "zh:04f0978bb3e052707b8e82e46780c371ac1c66b689b4a23bbc2f58865ab7d5c0",
+    "zh:6484f1b3e9e3771eb7cc8e8bab8b35f939a55d550b3f4fb2ab141a24269ee6aa",
+    "zh:78a56d59a013cb0f7eb1c92815d6eb5cf07f8b5f0ae20b96d049e73db915b238",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:8aa9950f4c4db37239bcb62e19910c49e47043f6c8587e5b0396619923657797",
+    "zh:996beea85f9084a725ff0e6473a4594deb5266727c5f56e9c1c7c62ded6addbb",
+    "zh:9a7ef7a21f48fabfd145b2e2a4240ca57517ad155017e86a30860d7c0c109de3",
+    "zh:a63e70ac052aa25120113bcddd50c1f3cfe61f681a93a50cea5595a4b2cc3e1c",
+    "zh:a6e8d46f94108e049ad85dbed60354236dc0b9b5ec8eabe01c4580280a43d3b8",
+    "zh:bb112ce7efbfcfa0e65ed97fa245ef348e0fd5bfa5a7e4ab2091a9bd469f0a9e",
+    "zh:d7bec0da5c094c6955efed100f3fe22fca8866859f87c025be1760feb174d6d9",
+    "zh:fb9f271b72094d07cef8154cd3d50e9aa818a0ea39130bc193132ad7b23076fd",
  ]
 }

 provider "registry.terraform.io/hashicorp/null" {
-  version     = "3.1.0"
+  version     = "3.2.0"
  constraints = ">= 2.1.0"
  hashes = [
-    "h1:vpC6bgUQoJ0znqIKVFevOdq+YQw42bRq0u+H3nto8nA=",
-    "zh:02a1675fd8de126a00460942aaae242e65ca3380b5bb192e8773ef3da9073fd2",
-    "zh:53e30545ff8926a8e30ad30648991ca8b93b6fa496272cd23b26763c8ee84515",
-    "zh:5f9200bf708913621d0f6514179d89700e9aa3097c77dac730e8ba6e5901d521",
-    "zh:9ebf4d9704faba06b3ec7242c773c0fbfe12d62db7d00356d4f55385fc69bfb2",
-    "zh:a6576c81adc70326e4e1c999c04ad9ca37113a6e925aefab4765e5a5198efa7e",
-    "zh:a8a42d13346347aff6c63a37cda9b2c6aa5cc384a55b2fe6d6adfa390e609c53",
-    "zh:c797744d08a5307d50210e0454f91ca4d1c7621c68740441cf4579390452321d",
-    "zh:cecb6a304046df34c11229f20a80b24b1603960b794d68361a67c5efe58e62b8",
-    "zh:e1371aa1e502000d9974cfaff5be4cfa02f47b17400005a16f14d2ef30dc2a70",
-    "zh:fc39cc1fe71234a0b0369d5c5c7f876c71b956d23d7d6f518289737a001ba69b",
-    "zh:fea4227271ebf7d9e2b61b89ce2328c7262acd9fd190e1fd6d15a591abfa848e",
+    "h1:pfjuwssoCoBDRbutlVLAP8wiDrkQ3G4d3rs+f7uSh2A=",
+    "zh:1d88ea3af09dcf91ad0aaa0d3978ca8dcb49dc866c8615202b738d73395af6b5",
+    "zh:3844db77bfac2aca43aaa46f3f698c8e5320a47e838ee1318408663449547e7e",
+    "zh:538fadbd87c576a332b7524f352e6004f94c27afdd3b5d105820d328dc49c5e3",
+    "zh:56def6f00fc2bc9c3c265b841ce71e80b77e319de7b0f662425b8e5e7eb26846",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:8fce56e5f1d13041d8047a1d0c93f930509704813a28f8d39c2b2082d7eebf9f",
+    "zh:989e909a5eca96b8bdd4a0e8609f1bd525949fd226ae870acedf2da0c55b0451",
+    "zh:99ddc34ad13e04e9c3477f5422fbec20fc13395ff940720c287bfa5c546d2fbc",
+    "zh:b546666da4b4b60c0eec23faab7f94dc900e48f66b5436fc1ac0b87c6709ef04",
+    "zh:d56643cb08cba6e074d70c4af37d5de2bd7c505f81d866d6d47c9e1d28ec65d1",
+    "zh:f39ac5ff9e9d00e6a670bce6825529eded4b0b4966abba36a387db5f0712d7ba",
+    "zh:fe102389facd09776502327352be99becc1ac09e80bc287db84a268172be641f",
  ]
 }

 provider "registry.terraform.io/hashicorp/random" {
-  version     = "3.1.0"
+  version     = "3.4.3"
  constraints = ">= 2.1.0"
  hashes = [
-    "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
-    "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
-    "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
-    "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
-    "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
-    "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
-    "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
-    "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
-    "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
-    "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
-    "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
-    "zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
+    "h1:xZGZf18JjMS06pFa4NErzANI98qi59SEcBsOcS2P2yQ=",
+    "zh:41c53ba47085d8261590990f8633c8906696fa0a3c4b384ff6a7ecbf84339752",
+    "zh:59d98081c4475f2ad77d881c4412c5129c56214892f490adf11c7e7a5a47de9b",
+    "zh:686ad1ee40b812b9e016317e7f34c0d63ef837e084dea4a1f578f64a6314ad53",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:84103eae7251384c0d995f5a257c72b0096605048f757b749b7b62107a5dccb3",
+    "zh:8ee974b110adb78c7cd18aae82b2729e5124d8f115d484215fd5199451053de5",
+    "zh:9dd4561e3c847e45de603f17fa0c01ae14cae8c4b7b4e6423c9ef3904b308dda",
+    "zh:bb07bb3c2c0296beba0beec629ebc6474c70732387477a65966483b5efabdbc6",
+    "zh:e891339e96c9e5a888727b45b2e1bb3fcbdfe0fd7c5b4396e4695459b38c8cb1",
+    "zh:ea4739860c24dfeaac6c100b2a2e357106a89d18751f7693f3c31ecf6a996f8d",
+    "zh:f0c76ac303fd0ab59146c39bc121c5d7d86f878e9a69294e29444d4c653786f8",
+    "zh:f143a9a5af42b38fed328a161279906759ff39ac428ebcfe55606e05e1518b93",
  ]
 }

--- a/terraform/wifi-289708231103/cloudsdk_cicd/alb_ingress_controller.tf
+++ b/terraform/wifi-289708231103/cloudsdk_cicd/alb_ingress_controller.tf
@@ -16,5 +16,5 @@ data "http" "alb_ingress_policy_json" {
 resource "aws_iam_policy" "alb_ingress_iam_policy" {
  name_prefix = "alb-ingress-iam-policy-"
  description = "ALB ingress policy for cluster ${local.cluster_name}"
-  policy      = data.http.alb_ingress_policy_json.body
+  policy      = data.http.alb_ingress_policy_json.response_body
 }
--- a/terraform/wifi-289708231103/cloudsdk_cicd/ce_anomaly.tf
+++ b/terraform/wifi-289708231103/cloudsdk_cicd/ce_anomaly.tf
@@ -0,0 +1,91 @@
+resource "aws_sns_topic" "cost_anomaly_updates" {
+  name = "CostAnomalyUpdates"
+}
+
+resource "aws_sns_topic_subscription" "cost_anomaly_subscription" {
+  for_each  = toset(["tip-alerts@opsfleet.com", "jaspreetsachdev@meta.com"])
+  topic_arn = aws_sns_topic.cost_anomaly_updates.arn
+  protocol  = "email"
+  endpoint  = each.value
+}
+
+data "aws_iam_policy_document" "sns_topic_policy" {
+  policy_id = "__default_policy_ID"
+
+  statement {
+    sid = "AWSAnomalyDetectionSNSPublishingPermissions"
+
+    actions = [
+      "SNS:Publish",
+    ]
+
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["costalerts.amazonaws.com"]
+    }
+
+    resources = [
+      aws_sns_topic.cost_anomaly_updates.arn,
+    ]
+  }
+
+  statement {
+    sid = "__default_statement_ID"
+
+    actions = [
+      "SNS:Subscribe",
+      "SNS:SetTopicAttributes",
+      "SNS:RemovePermission",
+      "SNS:Receive",
+      "SNS:Publish",
+      "SNS:ListSubscriptionsByTopic",
+      "SNS:GetTopicAttributes",
+      "SNS:DeleteTopic",
+      "SNS:AddPermission",
+    ]
+
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["289708231103"]
+    }
+
+    resources = [
+      aws_sns_topic.cost_anomaly_updates.arn,
+    ]
+  }
+}
+
+resource "aws_sns_topic_policy" "default" {
+  arn = aws_sns_topic.cost_anomaly_updates.arn
+
+  policy = data.aws_iam_policy_document.sns_topic_policy.json
+}
+
+resource "aws_ce_anomaly_monitor" "wifi_cost_anomaly_monitor" {
+  name              = "WiFiCostAnomalyMonitor"
+  monitor_type      = "DIMENSIONAL"
+  monitor_dimension = "SERVICE"
+}
+
+resource "aws_ce_anomaly_subscription" "realtime_subscription" {
+  name      = "RealtimeAnomalySubscription"
+  threshold = 100
+  frequency = "IMMEDIATE"
+
+  monitor_arn_list = [
+    aws_ce_anomaly_monitor.wifi_cost_anomaly_monitor.arn,
+  ]
+
+  subscriber {
+    type    = "SNS"
+    address = aws_sns_topic.cost_anomaly_updates.arn
+  }
+
+  depends_on = [
+    aws_sns_topic_policy.default,
+  ]
+}
--- a/terraform/wifi-289708231103/cloudsdk_cicd/cloudsdk_lb_shared_resources.tf
+++ b/terraform/wifi-289708231103/cloudsdk_cicd/cloudsdk_lb_shared_resources.tf
@@ -3,20 +3,36 @@ resource "random_string" "random_suffix" {
  special = false
  upper   = false
  lower   = true
-  number  = false
+  numeric = false
 }

 resource "aws_s3_bucket" "alb_logs" {
  bucket = "alb-logs-${var.org}-${var.project}-${var.deployment}-${random_string.random_suffix.result}"
-  acl    = "private"

-  versioning {
-    enabled = false
+  tags = merge({
+    "Name" : "alb-logs-${var.org}-${var.project}-${var.deployment}-${random_string.random_suffix.result}"
+  }, local.common_tags)
+
+  lifecycle {
+    prevent_destroy = true
  }
+}

-  lifecycle_rule {
-    prefix  = ""
-    enabled = true
+resource "aws_s3_bucket_versioning" "alb_logs" {
+  bucket = aws_s3_bucket.alb_logs.id
+  versioning_configuration {
+    status = "Suspended"
+  }
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "alb_logs" {
+  bucket = aws_s3_bucket.alb_logs.id
+
+  rule {
+    id     = "logs_retention"
+    status = "Enabled"
+
+    filter {}

    transition {
      days          = 30
@@ -27,20 +43,21 @@ resource "aws_s3_bucket" "alb_logs" {
      days = 60
    }
  }
+}

-  server_side_encryption_configuration {
-    rule {
-      apply_server_side_encryption_by_default {
-        sse_algorithm = "AES256"
-      }
+resource "aws_s3_bucket_server_side_encryption_configuration" "alb_logs" {
+  bucket = aws_s3_bucket.alb_logs.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
    }
  }
+}

-  tags = local.common_tags
-
-  lifecycle {
-    prevent_destroy = true
-  }
+resource "aws_s3_bucket_acl" "alb_logs" {
+  bucket = aws_s3_bucket.alb_logs.id
+  acl    = "private"
 }

 resource "aws_s3_bucket_public_access_block" "alb_logs" {
--- a/terraform/wifi-289708231103/core-dumps-s3/main.tf
+++ b/terraform/wifi-289708231103/core-dumps-s3/main.tf
@@ -33,7 +33,9 @@ data "sops_file" "secrets" {

 resource "aws_s3_bucket" "openwifi-core-dumps" {
  bucket = "openwifi-core-dumps"
-  tags   = local.common_tags
+  tags = merge({
+    "Name" : "openwifi-core-dumps"
+  }, local.common_tags)
 }

 resource "aws_s3_bucket_lifecycle_configuration" "openwifi-core-dumps" {
--- a/terraform/wifi-289708231103/ucentral-ap-s3/main.tf
+++ b/terraform/wifi-289708231103/ucentral-ap-s3/main.tf
@@ -35,7 +35,9 @@ locals {
 resource "aws_s3_bucket" "bucket" {
  bucket = "ucentral-ap-firmware"
  acl    = "public-read"
-  tags   = local.common_tags
+  tags = merge({
+    "Name" : "ucentral-ap-firmware"
+  }, local.common_tags)

  logging {
    target_bucket = aws_s3_bucket.log_bucket.id
@@ -70,7 +72,18 @@ resource "aws_s3_bucket" "bucket" {
 resource "aws_s3_bucket" "log_bucket" {
  bucket = "ucentral-ap-firmware-logs"
  acl    = "log-delivery-write"
-  tags   = local.common_tags
+  tags = merge({
+    "Name" : "ucentral-ap-firmware-logs"
+  }, local.common_tags)
+
+  lifecycle_rule {
+    id      = "log_retention"
+    enabled = true
+
+    expiration {
+      days = 14
+    }
+  }
 }

 resource "aws_s3_bucket_object" "directory_listing" {