From 2ffa03b4a2a104bf2355b85c8d8129c970651ab9 Mon Sep 17 00:00:00 2001 From: Dominic Robinson <65237317+drobinson-moj@users.noreply.github.com> Date: Tue, 24 Dec 2024 09:27:59 +0000 Subject: [PATCH] TM-784: nomis link to reporting improved redundancy (#9184) * add additional web server * - * - * - --- .../nomis-combined-reporting/locals_lbs.tf | 20 ++---------- .../locals_preproduction.tf | 28 ++++++++++++++-- .../locals_production.tf | 32 ------------------- .../locals_security_groups.tf | 7 ++++ .../nomis-combined-reporting/locals_test.tf | 31 ++++++++++++++++-- 5 files changed, 64 insertions(+), 54 deletions(-) diff --git a/terraform/environments/nomis-combined-reporting/locals_lbs.tf b/terraform/environments/nomis-combined-reporting/locals_lbs.tf index 4bda66a515b..efc99886094 100644 --- a/terraform/environments/nomis-combined-reporting/locals_lbs.tf +++ b/terraform/environments/nomis-combined-reporting/locals_lbs.tf @@ -35,26 +35,10 @@ locals { } } listeners = { - http = { - port = 80 + http-7777 = { + port = 7777 protocol = "HTTP" - default_action = { - type = "redirect" - redirect = { - port = 443 - protocol = "HTTPS" - status_code = "HTTP_301" - } - } - } - https = { - certificate_names_or_arns = ["nomis_combined_reporting_wildcard_cert"] - cloudwatch_metric_alarms = module.baseline_presets.cloudwatch_metric_alarms.lb - port = 443 - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" - default_action = { type = "fixed-response" fixed_response = { diff --git a/terraform/environments/nomis-combined-reporting/locals_preproduction.tf b/terraform/environments/nomis-combined-reporting/locals_preproduction.tf index 455ec2b90b2..75a20b6b00f 100644 --- a/terraform/environments/nomis-combined-reporting/locals_preproduction.tf +++ b/terraform/environments/nomis-combined-reporting/locals_preproduction.tf @@ -294,9 +294,32 @@ locals { lbs = { private = merge(local.lbs.private, { + instance_target_groups = { + private-pp-http-7777 = merge(local.lbs.public.instance_target_groups.http-7777, { + attachments = [ + { ec2_instance_name = "pp-ncr-web-1" }, + ] + }) + } listeners = merge(local.lbs.private.listeners, { - https = merge(local.lbs.private.listeners.https, { - certificate_names_or_arns = ["nomis_combined_reporting_wildcard_cert"] + http-7777 = merge(local.lbs.private.listeners.http-7777, { + alarm_target_group_names = [] + rules = { + web = { + priority = 200 + actions = [{ + type = "forward" + target_group_name = "private-pp-http-7777" + }] + conditions = [{ + host_header = { + values = [ + "int.preproduction.reporting.nomis.service.justice.gov.uk", + ] + } + }] + } + } }) }) }) @@ -366,6 +389,7 @@ locals { lb_alias_records = [ { name = "", type = "A", lbs_map_key = "public" }, { name = "admin", type = "A", lbs_map_key = "public" }, + { name = "int", type = "A", lbs_map_key = "private" }, ] } } diff --git a/terraform/environments/nomis-combined-reporting/locals_production.tf b/terraform/environments/nomis-combined-reporting/locals_production.tf index 74dd9d90a03..0e5ebee949d 100644 --- a/terraform/environments/nomis-combined-reporting/locals_production.tf +++ b/terraform/environments/nomis-combined-reporting/locals_production.tf @@ -118,38 +118,6 @@ locals { lbs = { private = merge(local.lbs.private, { - - instance_target_groups = { - pd-ncr-web = merge(local.lbs.private.instance_target_groups.web, { - attachments = [ - # { ec2_instance_name = "pd-ncr-web-1-a" }, - # add more instances here when deployed - ] - }) - } - listeners = merge(local.lbs.private.listeners, { - https = merge(local.lbs.private.listeners.https, { - certificate_names_or_arns = ["nomis_combined_reporting_wildcard_cert"] - - rules = { - pd-ncr-web = { - priority = 4580 - actions = [{ - type = "forward" - target_group_name = "pd-ncr-web" - }] - conditions = [{ - host_header = { - values = [ - "production.reporting.nomis.service.justice.gov.uk", - "reporting.nomis.service.justice.gov.uk", - ] - } - }] - } - } - }) - }) }) } diff --git a/terraform/environments/nomis-combined-reporting/locals_security_groups.tf b/terraform/environments/nomis-combined-reporting/locals_security_groups.tf index d8edce322bb..69755c9df96 100644 --- a/terraform/environments/nomis-combined-reporting/locals_security_groups.tf +++ b/terraform/environments/nomis-combined-reporting/locals_security_groups.tf @@ -77,6 +77,13 @@ locals { protocol = "tcp" cidr_blocks = local.security_group_cidrs.enduserclient_internal } + http7777 = { + description = "Allow http7777 ingress" + from_port = 7777 + to_port = 7777 + protocol = "tcp" + cidr_blocks = local.security_group_cidrs.http7xxx + } https = { description = "Allow https ingress" from_port = 443 diff --git a/terraform/environments/nomis-combined-reporting/locals_test.tf b/terraform/environments/nomis-combined-reporting/locals_test.tf index 8262f32ef38..0903eaaa9ec 100644 --- a/terraform/environments/nomis-combined-reporting/locals_test.tf +++ b/terraform/environments/nomis-combined-reporting/locals_test.tf @@ -144,8 +144,34 @@ locals { lbs = { private = merge(local.lbs.private, { - instance_target_groups = {} - listeners = {} + instance_target_groups = { + private-t1-http-7777 = merge(local.lbs.public.instance_target_groups.http-7777, { + attachments = [ + { ec2_instance_name = "t1-ncr-web-1" }, + ] + }) + } + listeners = merge(local.lbs.private.listeners, { + http-7777 = merge(local.lbs.private.listeners.http-7777, { + alarm_target_group_names = [] + rules = { + web = { + priority = 200 + actions = [{ + type = "forward" + target_group_name = "private-t1-http-7777" + }] + conditions = [{ + host_header = { + values = [ + "t1-int.test.reporting.nomis.service.justice.gov.uk", + ] + } + }] + } + } + }) + }) }) public = merge(local.lbs.public, { @@ -187,6 +213,7 @@ locals { ] lb_alias_records = [ { name = "t1", type = "A", lbs_map_key = "public" }, + { name = "t1-int", type = "A", lbs_map_key = "private" }, ] } }