From 9d5c9a92a85ed4c98a23d31026c305d626bf455f Mon Sep 17 00:00:00 2001 From: Shahzad Chaudhry Date: Fri, 20 Oct 2023 12:18:39 +0100 Subject: [PATCH 1/2] NIT-889 ECS service removed in favour of EC2 based Oracle DB --- .../environment_all_components/db_service.tf | 156 +++++++++--------- 1 file changed, 78 insertions(+), 78 deletions(-) diff --git a/terraform/environments/delius-core/modules/environment_all_components/db_service.tf b/terraform/environments/delius-core/modules/environment_all_components/db_service.tf index e0ad8791981..b9865b01440 100644 --- a/terraform/environments/delius-core/modules/environment_all_components/db_service.tf +++ b/terraform/environments/delius-core/modules/environment_all_components/db_service.tf @@ -1,81 +1,81 @@ -module "testing_db_container" { - count = var.env_name == "dev" ? 1 : 0 - source = "git::https://github.com/cloudposse/terraform-aws-ecs-container-definition.git?ref=tags/0.59.0" - container_name = "${var.env_name}-${var.delius_db_container_config.fully_qualified_name}" - container_image = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/${var.delius_db_container_config.image_name}-ecr-repo:${var.delius_db_container_config.image_tag}" - container_memory = 4096 - container_cpu = 1024 - essential = true - readonly_root_filesystem = false - port_mappings = [ - { - containerPort = var.delius_db_container_config.port - hostPort = var.delius_db_container_config.port - protocol = "tcp" - }, - ] - log_configuration = { - logDriver = "awslogs" - options = { - "awslogs-group" = aws_cloudwatch_log_group.delius_core_testing_db_log_group.name - "awslogs-region" = "eu-west-2" - "awslogs-stream-prefix" = var.delius_db_container_config.fully_qualified_name - } - } -} - -module "db_ecs_policies" { - count = var.env_name == "dev" ? 1 : 0 - source = "../ecs_policies" - env_name = var.env_name - service_name = "testing-db" - tags = local.tags -} - -module "testing_db_service" { - count = var.env_name == "dev" ? 1 : 0 - source = "git::https://github.com/ministryofjustice/modernisation-platform-terraform-ecs-cluster//service?ref=c195026bcf0a1958fa4d3cc2efefc56ed876507e" - container_definition_json = module.testing_db_container[0].json_map_encoded_list - ecs_cluster_arn = module.ecs.ecs_cluster_arn - name = "testing-db" - vpc_id = var.account_config.shared_vpc_id - - launch_type = "FARGATE" - network_mode = "awsvpc" - - task_cpu = "1024" - task_memory = "4096" - - ephemeral_storage_size = 40 - - # terraform will not let you use module.weblogic_ecs_policies.service_role.arn as it is not created yet and can't evaluate the count in this module - service_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].service_role.name}" - task_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].task_role.name}" - task_exec_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].task_exec_role.name}" - - environment = var.env_name - namespace = var.app_name - - security_group_ids = [aws_security_group.delius_db_security_group.id] - - subnet_ids = var.account_config.private_subnet_ids - - exec_enabled = true - - ignore_changes_task_definition = false - redeploy_on_apply = false - force_new_deployment = false -} - -resource "aws_route53_record" "delius-core-db" { - count = var.env_name == "dev" ? 1 : 0 - provider = aws.core-vpc - zone_id = var.account_config.route53_inner_zone_info.zone_id - name = "${var.app_name}-${var.env_name}-${var.delius_db_container_config.fully_qualified_name}.${var.account_config.route53_inner_zone_info.name}" - type = "A" - ttl = 300 - records = ["10.26.26.95"] -} +# module "testing_db_container" { +# count = var.env_name == "dev" ? 1 : 0 +# source = "git::https://github.com/cloudposse/terraform-aws-ecs-container-definition.git?ref=tags/0.59.0" +# container_name = "${var.env_name}-${var.delius_db_container_config.fully_qualified_name}" +# container_image = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/${var.delius_db_container_config.image_name}-ecr-repo:${var.delius_db_container_config.image_tag}" +# container_memory = 4096 +# container_cpu = 1024 +# essential = true +# readonly_root_filesystem = false +# port_mappings = [ +# { +# containerPort = var.delius_db_container_config.port +# hostPort = var.delius_db_container_config.port +# protocol = "tcp" +# }, +# ] +# log_configuration = { +# logDriver = "awslogs" +# options = { +# "awslogs-group" = aws_cloudwatch_log_group.delius_core_testing_db_log_group.name +# "awslogs-region" = "eu-west-2" +# "awslogs-stream-prefix" = var.delius_db_container_config.fully_qualified_name +# } +# } +# } + +# module "db_ecs_policies" { +# count = var.env_name == "dev" ? 1 : 0 +# source = "../ecs_policies" +# env_name = var.env_name +# service_name = "testing-db" +# tags = local.tags +# } + +# module "testing_db_service" { +# count = var.env_name == "dev" ? 1 : 0 +# source = "git::https://github.com/ministryofjustice/modernisation-platform-terraform-ecs-cluster//service?ref=c195026bcf0a1958fa4d3cc2efefc56ed876507e" +# container_definition_json = module.testing_db_container[0].json_map_encoded_list +# ecs_cluster_arn = module.ecs.ecs_cluster_arn +# name = "testing-db" +# vpc_id = var.account_config.shared_vpc_id + +# launch_type = "FARGATE" +# network_mode = "awsvpc" + +# task_cpu = "1024" +# task_memory = "4096" + +# ephemeral_storage_size = 40 + +# # terraform will not let you use module.weblogic_ecs_policies.service_role.arn as it is not created yet and can't evaluate the count in this module +# service_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].service_role.name}" +# task_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].task_role.name}" +# task_exec_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].task_exec_role.name}" + +# environment = var.env_name +# namespace = var.app_name + +# security_group_ids = [aws_security_group.delius_db_security_group.id] + +# subnet_ids = var.account_config.private_subnet_ids + +# exec_enabled = true + +# ignore_changes_task_definition = false +# redeploy_on_apply = false +# force_new_deployment = false +# } + +# resource "aws_route53_record" "delius-core-db" { +# count = var.env_name == "dev" ? 1 : 0 +# provider = aws.core-vpc +# zone_id = var.account_config.route53_inner_zone_info.zone_id +# name = "${var.app_name}-${var.env_name}-${var.delius_db_container_config.fully_qualified_name}.${var.account_config.route53_inner_zone_info.name}" +# type = "A" +# ttl = 300 +# records = ["10.26.26.95"] +# } resource "aws_security_group" "delius_db_security_group" { name = format("%s - Delius Core DB", var.env_name) From f454f797f963c6c68e5e06b743a82023fa761357 Mon Sep 17 00:00:00 2001 From: Shahzad Chaudhry Date: Fri, 20 Oct 2023 13:52:28 +0100 Subject: [PATCH 2/2] NIT-889 ECS service removed in favour of EC2 based Oracle DB --- .../environment_all_components/db_ec2.tf | 54 +++++--- .../environment_all_components/db_service.tf | 119 ------------------ 2 files changed, 40 insertions(+), 133 deletions(-) delete mode 100644 terraform/environments/delius-core/modules/environment_all_components/db_service.tf diff --git a/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf b/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf index 838603c66af..95dcdc47ac4 100644 --- a/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf +++ b/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf @@ -112,20 +112,6 @@ module "ebs_volume" { ] } -# resource "aws_route53_record" "db_ec2_primary_instance" { -# provider = aws.core-vpc -# zone_id = var.account_config.route53_inner_zone_info.zone_id -# name = "${var.app_name}-${var.env_name}-oracle_db.${var.account_config.route53_inner_zone_info.name}" -# type = "A" - -# alias { -# name = aws_instance.db_ec2_primary_instance.private_dns -# zone_id = var.account_config.route53_inner_zone_info.zone_id -# evaluate_target_health = true # Could be true or false based on https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values-alias.html#rrsets-values-alias-evaluate-target-health -# } -# } - - resource "aws_route53_record" "db_ec2_primary_instance" { provider = aws.core-vpc zone_id = var.account_config.route53_inner_zone_info.zone_id @@ -134,3 +120,43 @@ resource "aws_route53_record" "db_ec2_primary_instance" { ttl = 300 records = [aws_instance.db_ec2_primary_instance.private_dns] } + +resource "aws_security_group" "delius_db_security_group" { + name = format("%s - Delius Core DB", var.env_name) + description = "Rules for the delius testing db ecs service" + vpc_id = var.account_config.shared_vpc_id + tags = local.tags +} + +resource "aws_vpc_security_group_ingress_rule" "delius_db_security_group_ingress_private_subnets" { + security_group_id = aws_security_group.delius_db_security_group.id + description = "weblogic to testing db" + from_port = var.delius_db_container_config.port + to_port = var.delius_db_container_config.port + ip_protocol = "tcp" + referenced_security_group_id = aws_security_group.weblogic_service.id +} + +resource "aws_vpc_security_group_ingress_rule" "delius_db_security_group_ingress_bastion" { + security_group_id = aws_security_group.delius_db_security_group.id + description = "bastion to testing db" + from_port = var.delius_db_container_config.port + to_port = var.delius_db_container_config.port + ip_protocol = "tcp" + referenced_security_group_id = var.bastion.security_group_id +} + +resource "aws_vpc_security_group_egress_rule" "delius_db_security_group_egress_internet" { + security_group_id = aws_security_group.delius_db_security_group.id + description = "outbound from the testing db ecs service" + ip_protocol = "tcp" + to_port = 443 + from_port = 443 + cidr_ipv4 = "0.0.0.0/0" +} + +resource "aws_cloudwatch_log_group" "delius_core_testing_db_log_group" { + name = format("%s-%s", var.env_name, var.delius_db_container_config.fully_qualified_name) + retention_in_days = 7 + tags = local.tags +} diff --git a/terraform/environments/delius-core/modules/environment_all_components/db_service.tf b/terraform/environments/delius-core/modules/environment_all_components/db_service.tf deleted file mode 100644 index b9865b01440..00000000000 --- a/terraform/environments/delius-core/modules/environment_all_components/db_service.tf +++ /dev/null @@ -1,119 +0,0 @@ -# module "testing_db_container" { -# count = var.env_name == "dev" ? 1 : 0 -# source = "git::https://github.com/cloudposse/terraform-aws-ecs-container-definition.git?ref=tags/0.59.0" -# container_name = "${var.env_name}-${var.delius_db_container_config.fully_qualified_name}" -# container_image = "${var.platform_vars.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.eu-west-2.amazonaws.com/${var.delius_db_container_config.image_name}-ecr-repo:${var.delius_db_container_config.image_tag}" -# container_memory = 4096 -# container_cpu = 1024 -# essential = true -# readonly_root_filesystem = false -# port_mappings = [ -# { -# containerPort = var.delius_db_container_config.port -# hostPort = var.delius_db_container_config.port -# protocol = "tcp" -# }, -# ] -# log_configuration = { -# logDriver = "awslogs" -# options = { -# "awslogs-group" = aws_cloudwatch_log_group.delius_core_testing_db_log_group.name -# "awslogs-region" = "eu-west-2" -# "awslogs-stream-prefix" = var.delius_db_container_config.fully_qualified_name -# } -# } -# } - -# module "db_ecs_policies" { -# count = var.env_name == "dev" ? 1 : 0 -# source = "../ecs_policies" -# env_name = var.env_name -# service_name = "testing-db" -# tags = local.tags -# } - -# module "testing_db_service" { -# count = var.env_name == "dev" ? 1 : 0 -# source = "git::https://github.com/ministryofjustice/modernisation-platform-terraform-ecs-cluster//service?ref=c195026bcf0a1958fa4d3cc2efefc56ed876507e" -# container_definition_json = module.testing_db_container[0].json_map_encoded_list -# ecs_cluster_arn = module.ecs.ecs_cluster_arn -# name = "testing-db" -# vpc_id = var.account_config.shared_vpc_id - -# launch_type = "FARGATE" -# network_mode = "awsvpc" - -# task_cpu = "1024" -# task_memory = "4096" - -# ephemeral_storage_size = 40 - -# # terraform will not let you use module.weblogic_ecs_policies.service_role.arn as it is not created yet and can't evaluate the count in this module -# service_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].service_role.name}" -# task_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].task_role.name}" -# task_exec_role_arn = "arn:aws:iam::${var.account_info.id}:role/${module.db_ecs_policies[0].task_exec_role.name}" - -# environment = var.env_name -# namespace = var.app_name - -# security_group_ids = [aws_security_group.delius_db_security_group.id] - -# subnet_ids = var.account_config.private_subnet_ids - -# exec_enabled = true - -# ignore_changes_task_definition = false -# redeploy_on_apply = false -# force_new_deployment = false -# } - -# resource "aws_route53_record" "delius-core-db" { -# count = var.env_name == "dev" ? 1 : 0 -# provider = aws.core-vpc -# zone_id = var.account_config.route53_inner_zone_info.zone_id -# name = "${var.app_name}-${var.env_name}-${var.delius_db_container_config.fully_qualified_name}.${var.account_config.route53_inner_zone_info.name}" -# type = "A" -# ttl = 300 -# records = ["10.26.26.95"] -# } - -resource "aws_security_group" "delius_db_security_group" { - name = format("%s - Delius Core DB", var.env_name) - description = "Rules for the delius testing db ecs service" - vpc_id = var.account_config.shared_vpc_id - tags = local.tags -} - -resource "aws_vpc_security_group_ingress_rule" "delius_db_security_group_ingress_private_subnets" { - security_group_id = aws_security_group.delius_db_security_group.id - description = "weblogic to testing db" - from_port = var.delius_db_container_config.port - to_port = var.delius_db_container_config.port - ip_protocol = "tcp" - referenced_security_group_id = aws_security_group.weblogic_service.id -} - -resource "aws_vpc_security_group_ingress_rule" "delius_db_security_group_ingress_bastion" { - security_group_id = aws_security_group.delius_db_security_group.id - description = "bastion to testing db" - from_port = var.delius_db_container_config.port - to_port = var.delius_db_container_config.port - ip_protocol = "tcp" - referenced_security_group_id = var.bastion.security_group_id -} - -resource "aws_vpc_security_group_egress_rule" "delius_db_security_group_egress_internet" { - security_group_id = aws_security_group.delius_db_security_group.id - description = "outbound from the testing db ecs service" - ip_protocol = "tcp" - to_port = 443 - from_port = 443 - cidr_ipv4 = "0.0.0.0/0" -} - -resource "aws_cloudwatch_log_group" "delius_core_testing_db_log_group" { - name = format("%s-%s", var.env_name, var.delius_db_container_config.fully_qualified_name) - retention_in_days = 7 - tags = local.tags -} -