diff --git a/terraform/environments/apex/ec2.tf b/terraform/environments/apex/ec2.tf index 35945089b6f..b7ad12b1934 100644 --- a/terraform/environments/apex/ec2.tf +++ b/terraform/environments/apex/ec2.tf @@ -46,6 +46,7 @@ resource "aws_security_group" "ec2" { description = "APEX DB Server Security Group" vpc_id = data.aws_vpc.shared.id + # this ingress rule to be added after the ECS has been setup in MP # ingress { # description = "database listener port access to ECS security group" # from_port = 1521 @@ -73,22 +74,8 @@ resource "aws_security_group" "ec2" { from_port = 1521 to_port = 1521 protocol = "tcp" - cidr_blocks = [local.application_data.accounts[local.environment].mp_vpc_cidr] #!ImportValue env-VpcCidr + cidr_blocks = [local.application_data.accounts[local.environment].mp_vpc_cidr] } - # ingress { - # description = "Ingress from Migration server Security Group - This should be reviewed" - # from_port = 1521 - # to_port = 1521 - # protocol = "tcp" - # security_groups = sg-8fddd6e7 #sg-migrationgw - # } - # ingress { - # description = "Ingress from RC depending on Environment" - # from_port = 1521 - # to_port = 1521 - # protocol = "tcp" - # cidr_blocks = ["172.16.4.0/20"] - # } egress { description = "Allow AWS SSM Session Manager" @@ -131,41 +118,11 @@ EOF } resource "aws_iam_role_policy" "ec2_instance_policy" { - #tfsec:ignore:aws-iam-no-policy-wildcards name = "${local.application_name}-ec2-policy" role = aws_iam_role.ec2_instance_role.id - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. policy = jsonencode({ Version = "2012-10-17" Statement = [ - # { - # Action = [ - # "ec2:Describe*", - # ] - # Effect = "Allow" - # Resource = "*" - # }, - # { - # Effect = "Allow", - # Action = [ - # "s3:ListBucket", - # ], - # Resource = [ - # "arn:aws:s3:::modernisation-platform-software20230224000709766100000001", - # "arn:aws:s3:::modernisation-platform-software20230224000709766100000001/*", - # ] - # }, - # { - # Effect = "Allow", - # Action = [ - # "s3:GetObject" - # ], - # Resource = [ - # "arn:aws:s3:::modernisation-platform-software20230224000709766100000001/*", - # ] - # }, { Effect = "Allow", Action = [ @@ -216,7 +173,6 @@ resource "aws_iam_role_policy" "ec2_instance_policy" { resource "aws_route53_record" "apex-db" { provider = aws.core-vpc zone_id = data.aws_route53_zone.inner.zone_id - # name = "${local.application_name}.${data.aws_route53_zone.inner.name}" name = "db.${local.application_name}.${data.aws_route53_zone.inner.name}" type = "A" ttl = 900 diff --git a/terraform/environments/apex/efs.tf b/terraform/environments/apex/efs.tf index fa671292424..08202b95e10 100644 --- a/terraform/environments/apex/efs.tf +++ b/terraform/environments/apex/efs.tf @@ -37,27 +37,3 @@ resource "aws_efs_mount_target" "efs_mount" { subnet_id = data.aws_subnet.private_subnets_a.id security_groups = [aws_security_group.efs_product.id] } - -# resource "aws_cloudwatch_metric_alarm" "efs_connection" { -# alarm_name = "${local.application_name}-${local.environment}-efs-connection" -# alarm_description = "If the instance has lost connection with its EFS system, please investigate." -# comparison_operator = "LessThanThreshold" -# dimensions = { -# FileSystemId = aws_efs_file_system.efs.id -# } -# evaluation_periods = "5" -# metric_name = "ClientConnections" -# namespace = "AWS/EFS" -# period = "60" -# statistic = "Sum" -# threshold = 1 -# alarm_actions = [aws_sns_topic.alerting_topic.arn] -# ok_actions = [aws_sns_topic.alerting_topic.arn] -# treat_missing_data = "breaching" -# tags = merge( -# local.tags, -# { -# Name = "${local.application_name}-${local.environment}-efs-connection" -# } -# ) -# }