From 9da183258d2c08815e3bda67371b7d9ef3bdf61d Mon Sep 17 00:00:00 2001
From: matthieu42morin <matthieu.bernard.morin@gmail.com>
Date: Sat, 2 Mar 2024 17:10:44 +0100
Subject: [PATCH] DynamoDB table fix for Terraform locks

---
 .terraform.lock.hcl |   2 +-
 main.tf             |  32 +++++++++++++++++++++++++++++---
 providers.tf        |   4 ++--
 s3remote.tfplan     | Bin 0 -> 10281 bytes
 4 files changed, 32 insertions(+), 6 deletions(-)
 create mode 100644 s3remote.tfplan

diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index 831c6f9..11feee5 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -3,7 +3,7 @@
 
 provider "registry.terraform.io/hashicorp/aws" {
   version     = "5.39.0"
-  constraints = ">= 4.0.0"
+  constraints = ">= 5.0.0"
   hashes = [
     "h1:isoOv/JipnnPD3j8Df6XwGU1i4egjlygrgBv0RfsZ7g=",
     "zh:01e405306470ed784bc9d38dbaeff394bd2c0f7d58e5592c5d0165c87d84e4b0",
diff --git a/main.tf b/main.tf
index f902da4..b7da3fd 100644
--- a/main.tf
+++ b/main.tf
@@ -14,15 +14,16 @@ resource "aws_s3_bucket" "terraform_state" {
 }
 
 resource "aws_s3_bucket_versioning" "enabled" {
-  bucket = aws_s3_bucket.terraform_state.id
+  bucket = aws_s3_bucket.terraform_state.bucket
   versioning_configuration {
     status = "Enabled"
+    mfa_delete = "Disabled"
   }
   
 }
 
 resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
-  bucket = aws_s3_bucket.terraform_state.id
+  bucket = aws_s3_bucket.terraform_state.bucket
 
   rule {
     apply_server_side_encryption_by_default {
@@ -33,7 +34,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "default" {
 }
 
 resource "aws_s3_bucket_public_access_block" "public_access" {
-  bucket                  = aws_s3_bucket.terraform_state.id
+  bucket                  = aws_s3_bucket.terraform_state.bucket
   block_public_acls       = true
   block_public_policy     = true
   ignore_public_acls      = true
@@ -41,15 +42,40 @@ resource "aws_s3_bucket_public_access_block" "public_access" {
   
 }
 
+# DynamoBD CMK
+resource "aws_kms_key" "dynamodb" {
+  description         = "DynamoDB Table Server side encryption"
+  enable_key_rotation = true
+  key_usage           = "ENCRYPT_DECRYPT"
+
+}
+
+resource "aws_kms_alias" "dynamodb" {
+  name          = format("alias/%s-dynamodb-CMK", var.resource_name_prefix,)
+  target_key_id = aws_kms_key.dynamodb.key_id
+}
+
+
 resource "aws_dynamodb_table" "terraform_locks" {
   name         = "omnicognate-terraform-locks"
   billing_mode = "PAY_PER_REQUEST"
   hash_key     = "LockID"
+  depends_on = [ aws_s3_bucket_versioning.enabled ]
 
   attribute {
     name = "LockID"
     type = "S"
   }
+  server_side_encryption {
+    enabled     = true
+    kms_key_arn = aws_kms_key.dynamodb.arn
+  }
+  point_in_time_recovery {
+    enabled = true
+  }
+  lifecycle {
+    prevent_destroy = true
+  }
   tags = merge(
     { Name = "${var.resource_name_prefix}-aws_dynamodb_table" },
     var.common_tags,
diff --git a/providers.tf b/providers.tf
index 09ded84..cdafd11 100644
--- a/providers.tf
+++ b/providers.tf
@@ -8,7 +8,7 @@ terraform {
     required_providers {
         aws = {
             source  = "hashicorp/aws"
-            version = ">= 4.0.0"
+            version = ">= 5.0.0"
         }
     }
 }
@@ -16,7 +16,7 @@ provider "aws" {
     region = var.aws_region
     # using aws-vault to assume a role
     assume_role {
-        duration = "1h" 
+        duration = "3600s" 
         role_arn = var.role_arn 
   }
 }
diff --git a/s3remote.tfplan b/s3remote.tfplan
new file mode 100644
index 0000000000000000000000000000000000000000..844675a816851b3c516196826ece70b89305d558
GIT binary patch
literal 10281
zcma)?Wl&w)vbG8C4#6#f;10pvW#R6!aQEO2!Cis{cXvr}cbA2`yX%+STlehjUFV$o
zde!_fs@8aC&7M7aJhOYqOG7|ng2Dd!*@YOYgZ*L9U~phgCU#Z^HY&<cVDGkNwt&YP
zYqr|rH{%6sA7AN(Iuum~sN<YfDEZrNUu))9-yinSOG!@Yb0;*Eh&k?Mwq_pxaHVId
z)wTT~T~3wg2Da!WR8rL7Y{7j*>}+wEml9U`Q4vjohwOn|PD0`t4i@rTv#U>RPql1z
z$u>{V-B`MZ$(ZTbLpqCTE0JV+l&k$NSl6;NVxOb!@&R+;_6!YPtDNB}mYpajr3*q(
zwlaH~6bi5gBB0s-F;8y^R*U`yT`#)dUX%n`bf~RIZ8N&wyjYm?fQh~^?%?z$zVOLw
zte_a`SycEd!eFTvI!8bImJKoRMM+&op{r>vnx@O`Ahl8M<0==L&sEQgk)CGHGKhD6
zL3t1>DCu<UB=P$azZG)6BGtgh!Ky^5-OGdQywuu|xCcaN@PNQP2jh9hQa)_(hmq{O
zFaj~DGTPV<_5o@#B>}0%1_=#`-5hk~*q8{29MuyO4p@R_b&2(jGL-Gdo~ym_XxXSN
z-T<-wOrmBdo6BG*WQidj<?PH}>QMKAE)}#gO%m9`pWi?)OJ=j(^!U6hEMH||+$ntJ
zAkNTc{E5zCD=n(&&S%PWBU!%AE}Xa))j#!kkCZF<2|>-Bkmnn=6YDB<0sX?yR~Ld<
zw#N0+MRJWE&%SB7e2k2Gol^|mI_+1Bs7+E}l#-X#)ZeQ45O1D4pAw_)kC4d<&!EdB
z7P|Bk-BENyORSQ~1SF8Bz$iu#q7tFIMOH|Z&F2!)g=Mte4412ayb~{jSNo%n16Fkx
zGQvMQ0U%!=&t&Z~z8HJOn+$oL8Q!5o4GGL-G|@X`^9IunOdHIbN;T$6l-Y}1EJc6c
zOG9($6G*t1h$X3`52W&cl#%?7+O>4Aq=q<<(vUh{5GTM0D41qUA*cxnj$71rVYH0n
z8H`O}_P6Umj}YRDw|Gs<`0-p6mK9g3a;vd~L0kKD){jEOaI^JwXX~Q0UvGZ$GUG)A
z!G#k0WeNcA%rn?`ImoiteurG|a+~t=(BS<oy1EMZz@Gke>QZn|8?0jY?bnb?_q5BG
zmYe&xFTnohXLSfqYYBu`?l&L1`!{#$i)5t>{;U>{;|n?&SdI?o7_uN)jTvkvdvGt-
zH8XXFnjj&+W+L*keJZdtgg{^VRG=bwb8X1LQ#Nc(N_cSy=6>rBkAb_dR>UqB!z0~T
zlj13@L{y;wi%;%I-FV!DVOJ;$%UpwFY!zsIP@6!Q-FfRiI1+@w?K1bH6|(+JZ8ur8
zMJ0$Y%setv0p>C_i-==LCetzgWvPHz0~VtlXqkbOgU&K*5H61h30n;Qz}|`W7+`0*
zfV1kbQOLvK<Uo3FESqIqH-*6Gc3DN^#^43<HborH1rvofiL=~VhKaOOh=E1U{;3aP
zary&;=Vz9O<x~WInaC2<h3-wHkR^eV9>0k?U<g+D49%F&z{s#b-WXLV<9I=@!#={5
z)`=1t>F1`}22B6eq|f}@>)Z)}-ZRDK8QsxCBp)yBvF;Dey{yJndDdIyU^4_`hDeGM
z1-Y<j+uT)7+zo8*B#)l}SiI{WYQxBg^io<Yg!1W*6iOTDAxVxgaSI)WbntM~1`rY1
z(-j9<BW41*TyMZ#3|b{|sGmi!gEoixOyScbcUiCE$Uxic-CoOiCkHWm#cJ9qS~lBV
zEtW=kwXDmU6~0tOfe(@Uq?a%HwHL^lJ1mET`p@+XK4Q<sx*xP>DUD&cgE{q&h!$&X
zS4s_CZZFli8O<)@cM0}i4@heUw5og3s_z*LEA>9t$3Ft6vmp&OLqS@E!rAkyt1yzh
zA7fSvMdh&6PNY}X!$>J(BPZ>!?70n3Uy+Bkvd~e%53FyUBb?VbA+dcT$X`*z-{^0b
z_^h76Ogu@#WOC@3u)^y@QeN95J7HUeKDj&@g#R>qIrZs7M&2@{RS56(!F?L^LFyBo
z@9P{@4Sd6&9jy;~7^1|&i_B+aU<kR%#xj_m{wgaC)Ppp<lbY{DyMGz%>HoCl3Rva6
zZK?pvG*<?T4BPS(jZqH2U0ZY7+1bQPic_kkH823Y2TJeZP-PI#Qk|WAWsB#E66yhB
zx4GJHe{r(6B8ZIkdYfA4*#=yBZ#q&4zTc5GU8Lt4=|M&pNHI0g6`iToH}Mw5EnKG7
z-0u|6y=xTH$+G`iM|wrf5wR?8sxEt)4b-}-XyK<45+{I7gVxn?s~_B+=eP}fbjK{C
zK^BF4N|D##Z6F|@d^ieI!knaJo(=Oa?~`}4p8x`?R&Wv!In_%(mIgJR5mQ+o7_(7t
z^FNR^(tm_GrtYne+;6s5w47`WkhQZ&n*^~2!7BpfwPqJSZ0eJ$Qc#G~M?^(LH|%U>
zL?tZQ4W9ShCMTfeXUC?#&v(M!W&h?~hLSzkaXlv%RJsh}8M`1Rrnp01`Fw}G`gz#J
zczaP-IEKp3J^&%YKbGBu0sl^ODaogP8gIOZe=P@n<VTMk88NY$ZQbz`wSIb(PqQN%
zlF}yVt8HJF)pU~@s?Mv1+H=zY#j8E_Yon5DG}272Q?a4g8la)7#Va7+fr6&gtyZKe
zEQqo+#RwU)-P}V^wb{OVa)Z|Y4rJPWNz!D0mf|l2nRbFPl;OYT5@B}?M}1J2sqBH-
zDSiTuMO`QlB_l$2{xNY@pZEaCa=4EgF;Zj7iK=azvs8A<&gHj?Fcs}<9D{(arEZuZ
zNo8J&;Tp-i$3_J+jFz~pYwqn@e(}*?B_+0FRyIPj6NY_@qMr7gE6R+eP5D6`KuTJQ
z40%IE<<)!0GOMq`8@>;WwAc)t)5y*QQ`|+RP5Rz~!R*~WaNAguTE}L016`{?qwaix
zxJkkZg;wT9t5^=cQh*G3w`z1K)q?k}b;^tj+WB2z2)R@hg@E3&5cDd#Qc3_;zI|R@
z*t(ceOaPz#F)S~}vS&vitc%FkN5ZY?h3ur;rS;%UD<b4u^MzZ4h8qzxktdk;sJ@#Y
z(mOMAxR7b?0ApdSoMY&;5^Bp^cwzi}GXp&}+YPeL*0{tDgoa@uQ7o6ho=0z-uexem
z>^GpFtBS(Nm`uev@LS{{gG7B{q=qk@l`|3NOmLv!4J`hBJ}fN9XOR|$wPddkw^!qY
zZF$WYXYSiY{2nt|FRV|so!yVM;>hmX-?It=_^x3BpBmrRLUo=tJ8>W6^!9)K5z1@E
zpU*<jCrNXn5qZ&{FYG#3f<NqfTrrRMw!a|cc}OXm_nRcpVNjVpbx5WF1|Fh2Nai)j
z2MP@A?M+@91~z!TL@^c)3~b{A7?}Kjq&b-Xp*cq<11I1gIA^H@;=z7h)!Vq}&j{vv
z4{KaNtSHf11*!QxdBTac#*;wAc#wuFaAKqVOuZrg9@|iAZ{@T#)j*<5e2P<i?{fcs
zk7l^$On{oYX{DB{GItFxujgmXJI%<2(Tr07h<ywGW3LsQX#zy10OaBE8JeqY<upk-
zJ?l5Hyp6^T6C>BV@2zKUPdcWJSe2wET<PY(yD|yL;hG;%{eI`#dDX*U_5>XcjB#kS
zsf$98>F7)w>cU1;W&v=_Dki{yx$p_!#H0i{tE+n^qIwnlW)^0s$g1spE&V|cw+i=?
zm7|-XJ0(0zH^X+d!OR9oa+5fLyc1WJhGiDi%v2oxs88!yYCVoYH3b?5==kLsYGa7m
zn65JrxPDV-YyAy@a4MSgE=d@!MQ)A(vq<DZ!M5kxktf8ZKuR^dE9ZxKXGT;}8<Gyo
z*D22*d=d3YGa2Ucme6wjBUH4Jnbe>FjR1sVTfEWLpVKznqc5r+u9ed)Vs5pO_}iby
zLy3L7cfBh$Zj@sVE);B-EMKhXPnH*qcJHFo3Fv_lmvB<!&qh9he8}_@z3bC^ojWSJ
zRwy`T)Ew~n69OY@>#>)aE47{@nA;{YDRxZ4@S*EONeCj%Fn6(YUlej`#gx>Q56zWq
zLHg34AhTn*>?h;sQb|CANlWd0tJ&YRKMchdyd!}VS@zSma$Tm0x8MxWgrR225-=3w
zGos~3To8r~Ns%WMOz(0VpzH*)$9%7g@#QJ&q*SRFMhu^p{>JhdtX=@oQr^8g2Y#DS
zBCiMrmLoP?zMoVFltP}(f~0KBn1JwT{+)Wu3qJfa%<0c9jtPqxh;ehLmeH4B(8V48
z3N|#jM<55GA_Gohl5c==RGTn)Zdy0pJEmiBP}Klo5T}%q7!k&M?yf3Did^lR@u<i5
zL1r^<iX-Vsz^r_%j%XT1BjILs0DOKER1V7(q-~MQoPRVqGs(z;9z6__K+jBek4L=;
zsQIvlI?o`UAD`xEq7TBNc|ltdDHXDcJ#%tMwF7JR8d<(T(d5dXP|7_-7Pr>GzALy>
zlCgyxrMsH~zkYQsT^H%JvQq5vxx2{Gd!Hwr5J{_hZtz6IazBFT@j9J`%Ob04vJt_>
zljd|h`tfRGY3*QR@cQwH_lnQ6V6QQEWZ~Qn@Wb}3U~oC47Idur<^Yg9lF|0DUiGxp
zW9b?fYMjm9yS{%-;kIRIsON?C^XPyZwTEZHdjQ0Ja#19vp1E!ok|t~1WTG4%9_pYH
z&-Sc|&pgF@?!WYKZ@P%zZaYM4lt37vR23all|QchXqh^s98zXI1QNUWJUjrvvLQfz
zQvtAB$Vil{JHo@0-(UaaK^unKUsFvhaSeA~vxrTWCZ>POS$+lSp$xC#a-vl~;`fa@
zdJX9Ws#9UYiw$-yL-xvi2=bah5V7%<p>ab@rJ@7hieQqC&|z-(MuhkZUdB3rLk!N;
z24p2buAq-XnVekrdb={e0h$1sKkcHa-JR#;1bciB&7(T0iynz3{!v?zV`Z&_=WQYS
zJfpc)*vz&$V-uJlv}IgQMpJLuqvu^9ly+aC!_p#cGOj$OhMP{P8^NcWo$L3I)ep^5
zKo!QbYNp{bP^~3m`9c8dUtKtj%%#I4x_9ey%H?d(i#{2qjD+sESvd82<7{}^UBV53
zn0*R)hvZ2d%8v3B@wNHOy@DdZEOc?<R1~9K7f;~u924e8S(-HI^@6u2Zv#WzZD=a0
zt-YiX98BNOIeQ;7FIAHAXcCB$oP8yur;Glh>KAfku>c#+QPtc7)^97-FY2P%pC^~x
zm9M-@=9uphO!ksVT)PnkJzUp)+@I#W2N8dKRPH6v5$%7CQI>^ejG+MHK$(=#5*l_5
zt&k-jHrkL;Ok?D#vJ0@w2xY=D?wC2k^wL)4E^%{op!jb!FOiZJsaJnvB=_Yw&{uUl
zQ@H@qLZc~?a?;pRJqV!-5K+?g=9GM*V44T5z;1D@p2P(}Of6d)PT4ftnO3eq!YtWL
zlfu{xA04+$IHY-4uia_6W%<^E7EfGW0R65lvhypW=K8A0YUZUPm=Isy9<DJ7GqZGb
z(zABCaf3?p>xm*lQV;-eCJMo{ATJ7YK0ysRU0vJ2sr77_P9;9O74P}>*NK)#cemTo
z;#me-XALng5`?brmu{&kGL%^fNN{)9q3j=F&^o=iQU~k$Y$0t=_shbJb(etF^=g?~
zJt^LqgZOgr<Qr=&@_0dRXnWnR6q#dtZFZqpgw2~oa;<I_hv+D@IirXK!B&3MAMM^#
zZlGX=YbGLy6Hg;)8^!0hv9JhI38csd<~>q`cD!@~EnO>d7%%p!ufIq#YFOgZ#Th$-
z`l)pu#mnzYW+!RpmdIb5W$Ri-+tx_B#2o4mr>yoC<y<l$h(9<Y`0cS>b*LyO?-m<V
z7W?iT=HaYoe$j~iJ}2<zoX)g{O3)Cz7@W<u`^oD127|YqkT%RnZ+D(}m3uz9-=n*9
z%ZlY9Ycyc3TU3F=5tp2D(@u)?^U#B+_qTU12FEi+b&B!Dm#wDI4YZcPj=hP|rQS?H
zQ_OkY0`sOr0_`|c5&%nY?8UH-r}0f?#X-0Gr`ZRqoh7YmU;oO&n+KGu%RM*p<q!d~
zsc$$kIP@w)yB4jsP}bBQrPtC<#r^@a*^<tbif|!RROwpNIoj`DJj9Rie5iViE&AU2
zx8c>fDIkdXdkL}}g@-0Yo<d8G70OA~%CiM8*m7>#-=kE<UF)a0!b$jlt0wpGxw${&
zfA@dDF>WH}$pQ-oCQbR@fCKR_;GnZ}0J{7^9a^>^E_Cm+O4RG7BBeD4mI;{8_N{|`
zl5%mGbHxb$Ibz60VKZ^c1cd`WdZBSvI)pUV_6;6$0;pQ)xMPTWm-g2$iNM7>5-hA`
zBK4Q~Nn0dELpcfJa<${Ju~)!2`_V7z7$H)(zKT~sc7sM!XrmV*4AfkNph36QXlUJD
zcwZ5~>ViWO<)uz1_GE;O=d$4_)e~WaRGx@VM=_v{I~c6V03lpfm*;7c)-QKaQtmzg
zH%P$R6{lw7M^3yRgjckx&sel7XI{3E`l3tjv4oxgOYS$YRB2*eU&x@{y>Ap{x}HS7
z86@;&zRVn*7&w-*9xM>%ap)frI(4R3*bs>Oi!5AKBe<2@ntKnE&`AS6yJZ*LHrC?|
zCHC=@`piKK=M2!@b6_B3%r64V>hl0af<S`Iic}?aPF^+_FoW=4V4;=KDcCx1>5AO)
zW97$d2gk-JyMg>NPoekogYJFC#bGMRRs5DeBaH{Unv1~+)!mbpAW8_c*aKp|>8m}5
zAhCGzzQc8Y;pD8dg7y3V0gJr<1&fOc-YT9EOiT_F8IBZEC=t8&!{j;3K_LT&In<LH
zxtz3?Cw0ZG);0Nv-XwVdp*llpiUF6F{8!s5R}#wkP=~x?6bW#&JCbA&;oVZcX7I$m
z0QoM9#PWb}U)Zp(j)<Kv-0W~2`tBTr7+l4rA7p+I<hCJFUr`I8VNFw89-AXXHg>21
zl9VlKiNI=rNLY)nFGe$>Q~Fe7hDI!xqn;?Ta8O>>QwjUpUX`cgK0zJGdcR>H8)S2H
z#|=YQct%)v+lm8wj5c)|Z!%a^2YFoRjtN1nv65~Bht`c;g(P%JMJun#9L8#2`vH*#
zNIi6O{_N(aF(ejgx-(?1ar<TIU0c(KdiJ_-EG3d&Lez{cjJACDFDQH}`@W1uKFvfk
zFlfRdVf(Y+tlyWER>Ty@URafR3Z%iBVHzSxvTef)nDCk=miy9_9PobEE*zPM;*Pl{
zN@F+azD$UGQSxyRC+Zg`WIy=X&f7}FyR0pD-5VnLwpsMz=FM{&)mrGfw_@*c$&vS7
zds6Z&LH4J1O+5F7ojs3s1dETUc;QvrILgS&`B&X#SqIClTqx)EwzN-e(R;36bk8gV
zCGWJCJx`at4^|kv#vuwph3~JoHv${ic0DayQNdjOFf=<bP1wRR@&LzqOv;A`2tld>
zHjzg1M9C^>g*ZW%ivaf)+)LZivxAL3xwtC}=w&h*#$5G8CauA$cJ#6xE+verhGHB1
z?zJ*zZnh?8)>k#Q1+$JA_i9oE_>XSa*)6EUxcho@X@{=i)@xD&<21y`Z%Ulqjr^HO
z?aYp3`Zu3P(vtfUY7wgxDN!Th@|)qp<Ua)QPDqQ`_>EZFA;KkM|AgzqA@3vANFa{)
z6X8?EGnOF+V`>626Gc}r$VE+D?7y5(YrFtW1e<BF(NtY8Y6?PHf0M;=UG!)yaeHk=
zu7$M@uBV0Q{mjt%w0}fX9X@&f1V^ljSiVcZGmQgv9o*RxQf;e0xANeKv6HtG=Yv~h
zl=!Ys>>NsJ0cDt*5pb5Y-vDj!k*{8ExtKRaOsh`&+-|_Bl%-xz?xeIR;<4jqhRE}U
zuRi1#SYSL^oTCV{Uh<GE@enXmVDD~-OLAtvGg0zDW%B;X3~An>bc}LoKp!-r^mK4D
z^HZkpLon&;W>_CyRD@4?{Kmp#o`5E?;G?qWVqwAUbmP3z(>Mn%l5^wAK?B!`s;Q3!
z|E$11^+3wIhS84QZf&5&y<FKiKg4RJBkIXY_FX@y@pimyl14(MV#?X~_%qd9AQ*&s
zSTGZbvI-O$hAJU;kYW1`4wHdgx+XXHVn?9%hSAXEE^ZiFRjxbtLVvXXR?re@S7od^
zN-Da4)3N@X-I?<fsO&de;Hsh|@{q!jyiZ6n)cA}QpK^3^8fZ^+b{gL;JhgbFKXv46
z?^8MN$9|m-NF(6VX>30dm_Ina;Tb>LgaAKTc|CpoIe+GH@)EUmj7`fJ7vQ{6BHtU+
z_U7ag97R7?$-pocRvR(3Gc`o9g|_Rj<gcOpq0|M1oDQ4vXz}Q%TpmyRn$j%{*2euT
z_%m_Kd{*>WdmX+kB8_m80?I%fV-c?|g$c`$sfu)0Gei#3h@gmF^q5ep%R^*Onkm;2
zyT**mtj>w^c9Qvs$oNd8X=2>@8ES&qJKesU^Nhj5a3}^s!%>-vw*D*9%$621@Zp(Y
z2$*+TIe19v<Wi_2k@BUgcGpZ-9f+A_BAJ}f`Cta@7;%SM{A5H?6)mkEJAq&M<r2qf
z;s%G5>m=ew1Bgo%uN%c4X3YxJPU~qNlcOfTMO}IO!Q*$%x&vx;jBRDCgf~2JQo~`}
ztTJJua$0KS$)zO`${If9zdQYQhXtn+yx)$@if!t@b;`ldqWtMOL6+}Lkl|Ep_;M*L
zJPqXx^jYnb$JSB&GtWg<Mz<b>m;x$S1UjZ4M}7<j)(f-1DB6q3`AkY3dwlWXk!h6G
z?0gBVp8scjR}Zc&p{^^7Vb~Fc8m@kIZWV9-yMV>ZDKzz$8BXCRB~yc=iB)*$1Vdiy
ziFS>I_K(yXq+saTb3F!KzQypY^BkU*c1pA1`NUn)Y$RoH01N+EY5^J1t!2FTSa|zu
z+*&MP1qt!R_-|S9mR)_E2OjsF`}c7)ipUg8{mMJh)WXe~NRdOf=;d!eJlzr#U_fmE
z0d(a7)$^Cx>C!jI|D%hrb(|^uUvxqJU+Dtlf9S%<*2cu#l);*g!P>ywhTh5KUy#wJ
zvSxY2j_HlE?ZZ)ozl=~1aW_?gf1Pc8$=H%qHb^vtBa{?Ph^E0Dmp+#8d?s8&*l$yt
z#7m39B(dkY=ehQf&7y9bvZQH;$3B*Lo4iOH%N6aYM0J-l%8u>cFv$=*t<Z@%%;aE(
zI9x|Xc9hb+4^nZlf4Gu!`;u6FV9dp2<_zQjH(*FwI%6%q$0mH|aGuv0-*MywKB3*s
zhN?r^>0H5cNC}?`=)lkFoLWatgy?IQP~fB>75xe@gW`f{M8j5H(^5Vo6Af<LMNhK>
z0|p2v)s5}rRdlApzpSjjaVBXs1%t~*>ET7Ixfw$}V*0qPFk!f278^oMP3cp-u8MzX
zdAjOb<hIkn)Kowr1hfM_J^4(AoldA{C(3ia^A96OpRU%1h<3}fUcNf3rktn7_ySay
zFHP(Qsbw;0)cJk8A~Ry8#19=0I$;O^5X)DYxtJAUQ7I}f&*Y<U$@qauG8rX0y+x+G
zGO6fks3z6$VR06l<Cn3(RAE!aH?wzH!^>TnR6n}dFH%>%(azUM<*g^!N6k%%So|ax
zfG!mFxAo2fBBD+_g-#Knw$Kx)CuqX!M$?K^)O9wJ{0O?JCB664#8@NJsEbSQY*Q_p
zXmo7yXd;%bqoZ9hJUJpLo64Id6&;R*4dR^gWmUh@QhzcDP$~L&FD0ZmD4$_M$-}|6
z#D=u;X)l^)*nvPo20PkSZhV+6gP|+g4g3sq&U7?S|JHiddp(-e>ubuBkpIK6IKK1k
z<VrU$XNVGL^Vzc2LMDnn2Gtw{QEqGxgZa79I%i9no93{MAb{|wwc}^<?Vv2kEf5=B
z@i9nYpH=4VayOO!z1+3=#S?M(EZ2fn%F4YA_sAOS+AG&5S!ZeG;{0q1pRVE+?8Y>t
zR|~OJPE!%Z=5C%+mm?xUh^7|AkWz1~AN&`DQtzRl36UqLWm6Rj>rBN6{S!1P#e;GH
zm=Z`1KZKQ{10smx-)=5&KX;2WO#H>>u#+{Y*Wh4auQ30O&9VQndTgDY?3|q(|6D*$
zQPoiajHn_W(yt-0{Jz28HUTqg%R07nRj`l?1G=BWa-KbmQ56)cPR7!{@C|;0q)2Lz
zJn1o{;s|I}?FicKS*Qfp$@R*I-#{(8GpJUOX!^d+JY{dy-88gMNS*TLcX9Isu_g@N
zr}vfcvnFrd)S>#BO%(PTn`%+&BA4d<%m&L71@n_jn5c=I%;k}MabwaWzLxau7wG>>
z6to@N+?l`n)$qSQO#XA-6Xzd~YUg0<Vr~p{_}jy#M+;hZ37`g@`M+&cXSNndc+|=l
z<!38OCkn|Ku;xPNTAH%QDn6e97sZUCGo%O78qYkoGy;<V4fm%mVETY?q%#K`!W1!t
z>Fy)YHm?_s!EFNIg6Gk<9y|KLEzpSzcWr!XaCq_O1_PpjYJQs1;=JG+WQ})mCQq6V
zka$b{zLq-hs?21v>jeDBCe$)*q35~!xOY}`Ea${=|2s}Y5aS`W2BXlzHzyt1^y4Qd
zc}MeB<JG#9^5A}(y@eB2s}$7f^FXx=FImHb?;4n!H6c>rE7YuQCB@XdZ4kw(TF`>p
zgOl&`X<<*eFQo?F8t|7XzT%}Pcc#a(?oZp=^>qCeLZa`BJ>Y)%6!lja{r~&b#lXSb
zz|ac#H@_ytGFf&rq6WDJymfc$#C7^jEeaO`@+Xp9Sl>Tcl@7#l49W@*`Y^;Pnth|a
zaKc%6;yYdWZjQ%OWk5=}S3?;thc2o$S`_$0CvR(RVx$~{XhtpQtOl%Wl_^ROf><P#
z>Gf>UHAh>1?z`ZPr;LD%0H9;DxnCd3uTLQr&G_-2B<k*r;lB5g`V(^9KI(Lr{F8uR
zX$?pEx2dtluH2ekuJ(v<j|ExUh{m2Js`6^!^>N*b<C|V!@{&57l9xvXnX03-L;k=~
z56M|_sz(nbB>q{#I4c#(r`v$mDoz*|m&|f=h{#tmM~cRw<r}E;L#oKUdAE-++$4Lw
z4xU}{bH&9X+y|zP4#_go-~!Iq<*&D@T1ro?bxxGw-EzNz_kT<H;B}|hAAh;r`@gyz
z>u;fKYwY~n+ZK+tf1S?=+f|e=`gQ%XOF+4DjiS8bl%JgrbGU#uFF8F_kY<Itz`t&q
zk#9*z^=tI|`p@tA_eM+a1axpPFtK&8rnj;+vZOaNvijFXt2`|jek_RucJAR5#{WYt
zHCc*0aj5Hx1i_yqj52hSwD=>-8&LOdVufXx(%aRXNWzwoW?Nh_@ww{d2H0*>-@e<R
z*J#_2Wz&$w%<j>i(Y|P{cl-F*{IKWJwzFgC{L>S3JMGQQN9euqYF6m#vBG={;(c(u
zTGkz(2Q_3hxVQh%bMWv%Xx+Ivuyboo=f52oc4^zb^8TU2m-Q;gce2O8;NrD7|8RNR
z>)lM$_(srh@_}Lg#dGO&@5p7lutLs`#|p%iRna*7W9f+Z98`(V-+4EYG5B=Ck8)SH
zCH-XIp80ltv4ipiI=J4;dK|wh#PfOEx%08)-nkmD%o<PLTl4DBJA6d>^6LIPdROPu
z{tQb8*VIkohnTu8ojYzfTvD;^halx|%1lF#Y!)z|kdm-{F5#TMBWSi1XCQE74PC)E
zK#?czDuunv#%YnDq7Rfg@9p6trV<j8NSUnBG=y%PO>8QSv`YwF<>_V{{T6(rsj6A9
zGW+EAU4kqgnu8ukSgb(-5nP3wj+2dWFvv5ABa!1yChg848Gi0VeyNfHi#~%5;v$mO
zkYb`HlSgejorl2;fvlFHsJ?B)G0#IRJbQ*e1W1Cwmy1XBXb>W;2=0b9j?c@^2p*pr
zLHKOvQqkvo9zlW1k!2Jv3u;rb>p?0XWRHHnpNyi-0*0v+2Iee4sQ1NB(bkMDb(fJa
z35`YM6Q}a%Ttqsf#|SR=s5>W}T_&mkFfbYkPg)8+v1qm5kM|wIk64_WQ!5V4rS!}W
zB-j~IB|?%`u>B8-2S^6J0-Jb-i}6faFzZ3pnttr5T>)gluA>A93-$){H>J=Sxkq?|
z1QV&!G<6`z;}L5_lmtYY`kk(oG;oxUq-3~4Q7AJd_20<cvrxzK<vUeM$<3QpZ9nwq
zVBc*Vu`T#PbgIIeY<YeMukLMoiz6$MM<MtqRp*OpRX`D9T<OpGqx&*3-kQrU92nh=
zYDouijK`Mq3-q!DBz-%c{H-YUw|6;q$pqeasaTPf6-9@~L-7=8lYC-_RbxOeV`3C+
zWwQ(tm{ZjP1O%^peM%cl$2fYbeLFf|>wf#S%>Q@cuXfvLazTKB`TpwW$xFWj#{~Q9
zEY_cWz29fC{%-#`nf1@ff7a-JxBmXJv0noxlfO3t|2g|l2LD~h`^)&z|26yXRlR>o
z{0SnzbI4zof%jYDKco9UmHyo4e}l_k1|s~s(!ar&e~SINx&20izpRhw?_&QJ6#gmq
zXX5_591+Ri<^Jvd_)ob%Q}XX@|Chy*{weqGa{oWI{tT_ZzW``5u>YFU<)xv1K^EAr
Q`@?~K{S~TV<iAJ%5BwC(X8-^I

literal 0
HcmV?d00001