diff --git a/terraform/environments/delius-core/dms.tf b/terraform/environments/delius-core/dms.tf index 3b81d14500d..b6b073d0e49 100644 --- a/terraform/environments/delius-core/dms.tf +++ b/terraform/environments/delius-core/dms.tf @@ -4,10 +4,10 @@ module "dms" { account_info = local.account_info tags = local.tags env_name = local.environment - dms_config = lookup(local.dms_config, terraform.workspace, { - replication_instance_class = "dms.t3.small" - engine_version = "3.5.1" - }) + dms_config = lookup(local.dms_config, terraform.workspace, { + replication_instance_class = "dms.t3.small" + engine_version = "3.5.1" + }) providers = { aws = aws aws.bucket-replication = aws @@ -15,14 +15,14 @@ module "dms" { } locals { - dms_config = { - "delius-core-development" = { - replication_instance_class = "dms.t3.small" - engine_version = "3.5.1" - } - "delius-core-test" = { - replication_instance_class = "dms.t3.medium" - engine_version = "3.5.1" - } + dms_config = { + "delius-core-development" = { + replication_instance_class = "dms.t3.small" + engine_version = "3.5.1" } + "delius-core-test" = { + replication_instance_class = "dms.t3.medium" + engine_version = "3.5.1" + } + } } \ No newline at end of file diff --git a/terraform/environments/delius-core/modules/helpers/delius_microservice/ecs.tf b/terraform/environments/delius-core/modules/helpers/delius_microservice/ecs.tf index 3559bf0241b..3ca74ce02c2 100644 --- a/terraform/environments/delius-core/modules/helpers/delius_microservice/ecs.tf +++ b/terraform/environments/delius-core/modules/helpers/delius_microservice/ecs.tf @@ -23,10 +23,10 @@ module "container_definition" { } module "ecs_policies" { - source = "../ecs_policies" - env_name = var.env_name - service_name = var.name - tags = var.tags + source = "../ecs_policies" + env_name = var.env_name + service_name = var.name + tags = var.tags extra_task_role_policies = var.extra_task_role_policies } diff --git a/terraform/environments/delius-core/modules/helpers/delius_microservice/locals.tf b/terraform/environments/delius-core/modules/helpers/delius_microservice/locals.tf index de7c6bd5bc4..cf0096fb700 100644 --- a/terraform/environments/delius-core/modules/helpers/delius_microservice/locals.tf +++ b/terraform/environments/delius-core/modules/helpers/delius_microservice/locals.tf @@ -45,7 +45,7 @@ locals { rds_secrets = var.rds_password_secret_variable != "" ? { (var.rds_password_secret_variable) = "${aws_db_instance.this[0].master_user_secret[0].secret_arn}:password::" - (var.rds_user_secret_variable) = "${aws_db_instance.this[0].master_user_secret[0].secret_arn}:username::" + (var.rds_user_secret_variable) = "${aws_db_instance.this[0].master_user_secret[0].secret_arn}:username::" } : {} elasticache_env_vars = var.elasticache_endpoint_environment_variable != "" ? { diff --git a/terraform/environments/delius-core/modules/helpers/delius_microservice/outputs.tf b/terraform/environments/delius-core/modules/helpers/delius_microservice/outputs.tf index b98507fdeda..c63accd2571 100644 --- a/terraform/environments/delius-core/modules/helpers/delius_microservice/outputs.tf +++ b/terraform/environments/delius-core/modules/helpers/delius_microservice/outputs.tf @@ -15,7 +15,7 @@ output "task_role_arn" { } output "elasticache_endpoint" { - value = var.create_elasticache ? aws_elasticache_cluster.this[0].cache_nodes[0].address : null + value = var.create_elasticache ? aws_elasticache_cluster.this[0].cache_nodes[0].address : null } output "elasticache_port" { diff --git a/terraform/environments/delius-core/patch_manager.tf b/terraform/environments/delius-core/patch_manager.tf index 46a0cfddc2f..16166c76b8c 100644 --- a/terraform/environments/delius-core/patch_manager.tf +++ b/terraform/environments/delius-core/patch_manager.tf @@ -3,8 +3,8 @@ module "ssm-auto-patching" { providers = { aws.bucket-replication = aws } - account_number = local.environment_management.account_ids[terraform.workspace] - application_name = local.application_name + account_number = local.environment_management.account_ids[terraform.workspace] + application_name = local.application_name tags = merge( local.tags, { diff --git a/terraform/environments/delius-jitbit/lb.tf b/terraform/environments/delius-jitbit/lb.tf index 5896a3d1e46..414f1d7114a 100644 --- a/terraform/environments/delius-jitbit/lb.tf +++ b/terraform/environments/delius-jitbit/lb.tf @@ -31,7 +31,7 @@ resource "aws_security_group" "load_balancer_security_group" { name_prefix = "${local.application_name}-loadbalancer-security-group" description = "controls access to lb" vpc_id = data.aws_vpc.shared.id - + tags = merge( local.tags, { @@ -40,13 +40,13 @@ resource "aws_security_group" "load_balancer_security_group" { ) lifecycle { - create_before_destroy = true + create_before_destroy = true } } resource "aws_vpc_security_group_ingress_rule" "load_balancer_ingress_rule" { for_each = toset(local.internal_security_group_cidrs) - description = "Allow ingress from allow listed CIDRs" + description = "Allow ingress from allow listed CIDRs" security_group_id = aws_security_group.load_balancer_security_group.id from_port = 443 to_port = 443 @@ -56,7 +56,7 @@ resource "aws_vpc_security_group_ingress_rule" "load_balancer_ingress_rule" { resource "aws_vpc_security_group_ingress_rule" "load_balancer_ingress_rule_ipv6" { for_each = toset(local.ipv6_cidr_blocks) - description = "Allow ingress from allow listed CIDRs" + description = "Allow ingress from allow listed CIDRs" security_group_id = aws_security_group.load_balancer_security_group.id from_port = 443 to_port = 443 @@ -66,12 +66,12 @@ resource "aws_vpc_security_group_ingress_rule" "load_balancer_ingress_rule_ipv6" resource "aws_vpc_security_group_egress_rule" "load_balancer_egress_rule" { for_each = toset([data.aws_subnet.private_subnets_a.cidr_block, data.aws_subnet.private_subnets_b.cidr_block, data.aws_subnet.private_subnets_c.cidr_block]) - description = "Allow egress to ECS instances" + description = "Allow egress to ECS instances" security_group_id = aws_security_group.load_balancer_security_group.id from_port = local.app_port to_port = local.app_port - ip_protocol = "tcp" - cidr_ipv4 = each.value + ip_protocol = "tcp" + cidr_ipv4 = each.value } resource "aws_lb_listener" "listener" { diff --git a/terraform/environments/delius-jitbit/locals.tf b/terraform/environments/delius-jitbit/locals.tf index 69817a3bdf3..561d1ffa9e0 100644 --- a/terraform/environments/delius-jitbit/locals.tf +++ b/terraform/environments/delius-jitbit/locals.tf @@ -37,7 +37,7 @@ locals { internal_security_group_cidrs = distinct(flatten([ module.ip_addresses.moj_cidrs.trusted_moj_digital_staff_public, module.ip_addresses.moj_cidrs.trusted_moj_enduser_internal, - module.ip_addresses.moj_cidrs.trusted_mojo_public, + module.ip_addresses.moj_cidrs.trusted_mojo_public, module.ip_addresses.moj_cidr.ark_dc_external_internet, module.ip_addresses.moj_cidr.vodafone_dia_networks, module.ip_addresses.moj_cidr.palo_alto_primsa_access_corporate, @@ -55,13 +55,13 @@ locals { ] ])) - ipv6_cidr_blocks = [ - # Route53 Healthcheck Access Cidrs IPv6 - "2406:da18:7ff:f800::/53", # ap-southeast-1 Region - "2406:da18:fff:f800::/53", # ap-southeast-1 Region - "2a05:d018:fff:f800::/53", # eu-west-1 Region - "2a05:d018:7ff:f800::/53", # eu-west-1 Region - "2600:1f18:7fff:f800::/53", # us-east-1 Region - "2600:1f18:3fff:f800::/53", # us-east-1 Region - ] + ipv6_cidr_blocks = [ + # Route53 Healthcheck Access Cidrs IPv6 + "2406:da18:7ff:f800::/53", # ap-southeast-1 Region + "2406:da18:fff:f800::/53", # ap-southeast-1 Region + "2a05:d018:fff:f800::/53", # eu-west-1 Region + "2a05:d018:7ff:f800::/53", # eu-west-1 Region + "2600:1f18:7fff:f800::/53", # us-east-1 Region + "2600:1f18:3fff:f800::/53", # us-east-1 Region + ] } diff --git a/terraform/environments/delius-jitbit/sandbox_lb.tf b/terraform/environments/delius-jitbit/sandbox_lb.tf index 1a5059a1db4..d268ab5d0ee 100644 --- a/terraform/environments/delius-jitbit/sandbox_lb.tf +++ b/terraform/environments/delius-jitbit/sandbox_lb.tf @@ -1,5 +1,5 @@ resource "aws_lb_listener_rule" "listener_rule" { - count = local.is-development ? 1 : 0 + count = local.is-development ? 1 : 0 listener_arn = aws_lb_listener.listener.arn priority = 10 diff --git a/terraform/environments/delius-jitbit/ses_bounce.tf b/terraform/environments/delius-jitbit/ses_bounce.tf index 0d2fd5a3d01..6b0484daaf9 100644 --- a/terraform/environments/delius-jitbit/ses_bounce.tf +++ b/terraform/environments/delius-jitbit/ses_bounce.tf @@ -40,9 +40,9 @@ resource "aws_lambda_function" "bounce_email_notification" { environment { variables = { - RATE_LIMIT = 5 + RATE_LIMIT = 5 DYNAMODB_TABLE = aws_dynamodb_table.bounce_email_notification.name - FROM_ADDRESS = "notifications@${aws_sesv2_email_identity.jitbit.email_identity}" + FROM_ADDRESS = "notifications@${aws_sesv2_email_identity.jitbit.email_identity}" } } @@ -83,7 +83,7 @@ data "aws_iam_policy_document" "lambda_policy_bounce_email_notification" { ] resources = ["arn:aws:logs:*:*:*"] } - + statement { actions = [ "dynamodb:PutItem", @@ -124,18 +124,18 @@ resource "aws_cloudwatch_log_group" "bounce_email_notification" { resource "aws_dynamodb_table" "bounce_email_notification" { - name = "bounce_email_notification" - billing_mode = "PAY_PER_REQUEST" - hash_key = "email_ticket_id" + name = "bounce_email_notification" + billing_mode = "PAY_PER_REQUEST" + hash_key = "email_ticket_id" server_side_encryption { - enabled = true + enabled = true kms_key_arn = data.aws_kms_key.general_shared.arn } ttl { attribute_name = "expireAt" - enabled = true + enabled = true } attribute { diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_service.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_service.tf index a61a5fb61b8..d7392d7ca4e 100644 --- a/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_service.tf +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_service.tf @@ -90,8 +90,8 @@ module "nextcloud_service" { db_ingress_security_groups = [aws_security_group.cluster.id] rds_endpoint_environment_variable = "MYSQL_HOST" - rds_password_secret_variable = "MYSQL_PASSWORD" - rds_user_secret_variable = "MYSQL_USER" + rds_password_secret_variable = "MYSQL_PASSWORD" + rds_user_secret_variable = "MYSQL_USER" elasticache_endpoint_environment_variable = "REDIS_HOST" container_vars_default = { @@ -100,7 +100,7 @@ module "nextcloud_service" { REDIS_PASSWORD = "password" NEXTCLOUD_ADMIN_USER = "admin" NEXTCLOUD_TRUSTED_DOMAINS = aws_route53_record.nextcloud_external.fqdn - S3_BUCKET_CONFIG = module.s3_bucket_config.bucket.id + S3_BUCKET_CONFIG = module.s3_bucket_config.bucket.id } container_vars_env_specific = {} diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/s3.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/s3.tf index e02acbd4a51..c4762342b4a 100644 --- a/terraform/environments/delius-nextcloud/modules/components/nextcloud/s3.tf +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/s3.tf @@ -5,7 +5,7 @@ module "s3_bucket_config" { aws.bucket-replication = aws } - bucket_prefix = "${var.env_name}-config" + bucket_prefix = "${var.env_name}-config" versioning_enabled = true sse_algorithm = "AES256" # Useful guide - https://aws.amazon.com/blogs/storage/how-to-use-aws-datasync-to-migrate-data-between-amazon-s3-buckets/ @@ -18,7 +18,7 @@ module "s3_bucket_config" { principals = { type = "AWS" identifiers = [ - module.nextcloud_service.task_role_arn, + module.nextcloud_service.task_role_arn, ] } }] @@ -65,9 +65,9 @@ resource "aws_ssm_parameter" "nextcloud_secret" { type = "SecureString" value = "replace_me" lifecycle { - ignore_changes = [ + ignore_changes = [ value - ] + ] } } @@ -81,29 +81,29 @@ resource "aws_s3_object" "config" { content = templatefile("${path.module}/templates/nextcloud-conf.json.tftpl", { nextcloud_passwordsalt = random_password.nextcloud_password_salt.result, - nextcloud_secret = data.aws_ssm_parameter.nextcloud_secret.value, - nextcloud_id = "nextcloud", + nextcloud_secret = data.aws_ssm_parameter.nextcloud_secret.value, + nextcloud_id = "nextcloud", redis = { host = module.nextcloud_service.elasticache_endpoint port = module.nextcloud_service.elasticache_port }, mail = { - server = "replace" + server = "replace" from_address = "replace" - domain = "replace" + domain = "replace" } nextcloud_s01ldap_agent_password = "replace" - fileshare_user_base = "replace" - standard_user_base = "replace" - fs_group_prefix = "replace" - ldap_host = "ldap.dev.delius-core.hmpps-development.modernisation-platform.internal" - pwm_url = "pwm.dev.delius-core.hmpps-development.modernisation-platform.service.justice.gov.uk" + fileshare_user_base = "replace" + standard_user_base = "replace" + fs_group_prefix = "replace" + ldap_host = "ldap.dev.delius-core.hmpps-development.modernisation-platform.internal" + pwm_url = "pwm.dev.delius-core.hmpps-development.modernisation-platform.service.justice.gov.uk" fileshare_base_groups = "replace" - fileshare_user_base = "replace" - standard_user_base = "replace" + fileshare_user_base = "replace" + standard_user_base = "replace" - ldap_user = "cn=admin,ou=Users,dc=moj,dc=com" + ldap_user = "cn=admin,ou=Users,dc=moj,dc=com" nextcloud_s01ldap_agent_password = "replace" } ) diff --git a/terraform/environments/delius-nextcloud/modules/environment/nextcloud.tf b/terraform/environments/delius-nextcloud/modules/environment/nextcloud.tf index 1280d16a4c5..a845dfeffb0 100644 --- a/terraform/environments/delius-nextcloud/modules/environment/nextcloud.tf +++ b/terraform/environments/delius-nextcloud/modules/environment/nextcloud.tf @@ -4,7 +4,7 @@ module "nextcloud" { providers = { aws.core-network-services = aws.core-network-services aws.core-vpc = aws.core-vpc - aws = aws + aws = aws } env_name = "dev"