change lb module ref, add variable definition, add to nomis-dev env (#…

…6926) * change lb module ref, add variable definition, add to planetfm envs * formatting * trial in nomis-development env first * update other environments * set empty variables default * add default rule * add default * change loadbalancer logs lifecycle rules, over-ride for prod envs * add lifecycle rule over-ride for oasys production * formatting
ministryofjustice · Jul 8, 2024 · 0948bf5 · 0948bf5
1 parent 1876003
commit 0948bf5
Show file tree

Hide file tree

Showing 6 changed files with 52 additions and 11 deletions.
diff --git a/terraform/environments/nomis/locals_development.tf b/terraform/environments/nomis/locals_development.tf
@@ -351,6 +351,7 @@ locals {
 
     lbs = {
       private = merge(local.lbs.private, {
+
         instance_target_groups = {
           dev-nomis-web-a-http-7777 = merge(local.ec2_autoscaling_groups.web.lb_target_groups.http-7777, {
             attachments = [

diff --git a/terraform/environments/nomis/locals_production.tf b/terraform/environments/nomis/locals_production.tf
@@ -343,6 +343,7 @@ locals {
     lbs = {
       private = merge(local.lbs.private, {
 
+        access_logs_lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.general_purpose_one_year]
         listeners = merge(local.lbs.private.listeners, {
           https = merge(local.lbs.private.listeners.https, {
             certificate_names_or_arns = ["nomis_wildcard_cert"]

diff --git a/terraform/environments/oasys/locals_production.tf b/terraform/environments/oasys/locals_production.tf
@@ -387,16 +387,17 @@ locals {
 
     lbs = {
       public = {
-        access_logs              = true
-        enable_delete_protection = false
-        existing_target_groups   = {}
-        force_destroy_bucket     = true
-        idle_timeout             = 3600 # 60 is default
-        internal_lb              = false
-        s3_versioning            = false
-        security_groups          = ["public_lb"]
-        subnets                  = module.environment.subnets["public"].ids
-        tags                     = local.tags
+        access_logs                = true
+        access_logs_lifecycle_rule = [module.baseline_presets.s3_lifecycle_rules.general_purpose_one_year]
+        enable_delete_protection   = false
+        existing_target_groups     = {}
+        force_destroy_bucket       = true
+        idle_timeout               = 3600 # 60 is default
+        internal_lb                = false
+        s3_versioning              = false
+        security_groups            = ["public_lb"]
+        subnets                    = module.environment.subnets["public"].ids
+        tags                       = local.tags
 
         listeners = {
           https = {

diff --git a/terraform/environments/planetfm/locals_production.tf b/terraform/environments/planetfm/locals_production.tf
@@ -274,6 +274,7 @@ locals {
 
     lbs = {
       private = {
+        # access_logs_lifecycle_rule       = [module.baseline_presets.s3_lifecycle_rules.general_purpose_one_year]
         enable_cross_zone_load_balancing = true
         enable_delete_protection         = false
         idle_timeout                     = 3600

diff --git a/terraform/modules/baseline/lb.tf b/terraform/modules/baseline/lb.tf
@@ -110,7 +110,7 @@ module "lb" {
 
   for_each = var.lbs
 
-  source = "git::https://github.com/ministryofjustice/modernisation-platform-terraform-loadbalancer.git?ref=v4.1.0"
+  source = "git::https://github.com/ministryofjustice/modernisation-platform-terraform-loadbalancer.git?ref=9c9e0b6d1f186d780dc3dfe7283a2cdbffaa1e60"
 
   providers = {
     aws.bucket-replication = aws
@@ -128,6 +128,7 @@ module "lb" {
   enable_cross_zone_load_balancing = each.value.enable_cross_zone_load_balancing
   dns_record_client_routing_policy = each.value.dns_record_client_routing_policy
   s3_versioning                    = each.value.s3_versioning
+  access_logs_lifecycle_rule                   = each.value.access_logs_lifecycle_rule
 
   existing_bucket_name = try(module.s3_bucket[each.value.existing_bucket_name].bucket.id, each.value.existing_bucket_name)
 

diff --git a/terraform/modules/baseline/variables.tf b/terraform/modules/baseline/variables.tf
@@ -592,6 +592,42 @@ variable "lbs" {
     idle_timeout                     = optional(string)
     internal_lb                      = optional(bool, false)
     access_logs                      = optional(bool, true)
+    access_logs_lifecycle_rule       = optional(list(object({
+      id = optional(string)
+      enabled = optional(string)
+      prefix = optional(string)
+      tags = optional(map(string), {})
+      transition = optional(list(object({
+        days = optional(number)
+        storage_class = optional(string)
+      })))
+      expiration = optional(object({
+        days = optional(number)
+      }))
+      noncurrent_version_transition = optional(list(object({
+        days = optional(number)
+        storage_class = optional(string)
+      })))
+      noncurrent_version_expiration = optional(object({
+        days = optional(number)
+      }))  
+    })), [
+      {
+      enabled = "Enabled"
+      id      = "loadbalancer_three_months"
+      prefix  = ""
+      tags = {
+        rule      = "log"
+        autoclean = "true"
+      }
+
+      transition = [
+        { days = 31, storage_class = "STANDARD_IA" }
+      ]
+      expiration = { days = 90 }
+      noncurrent_version_transition = []
+      noncurrent_version_expiration = { days = 7 }
+    }])
     load_balancer_type               = optional(string, "application")
     security_groups                  = list(string)
     subnets                          = list(string)