diff --git a/terraform/environments/analytical-platform-ingestion/environment-configuration.tf b/terraform/environments/analytical-platform-ingestion/environment-configuration.tf index 322ed285bf7..ca69bfe9833 100644 --- a/terraform/environments/analytical-platform-ingestion/environment-configuration.tf +++ b/terraform/environments/analytical-platform-ingestion/environment-configuration.tf @@ -52,8 +52,8 @@ locals { target_buckets = ["mojap-land"] /* Transfer Server */ - transfer_server_hostname = "sftp.ingestion.analytical-platform.service.justice.gov.uk" - transfer_server_sftp_users = {} + transfer_server_hostname = "sftp.ingestion.analytical-platform.service.justice.gov.uk" + transfer_server_sftp_users = {} transfer_server_sftp_users_with_egress = { "essex-police" = { ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpNyYzfbqmy4QkViLRyASRqxrEK7G34o3Bc6Jdp8vK555/oBuAUXUxfavtenZnxuxdxsrBYBSCBFcU4+igeXN/nN2kVfaUlt1xBZBCRUaajinhmt+3CLbr8bWmHR/5vL/DhxHH+j/+gDH5A244XN/ybZQvCGX/ilgKiae8s0tiOZD2hmX0fhRTCohQFG/DIu06gqKIyxUQoHBoBJxjzaDvjqioJgqmD9893DN+Gx1KozmaQWHM+0f7iK1UFp8BkdeFBVkj8TOfx60o/EmAjWQ/U+WSHblaXo0nI+LQKZYkW52uTEnfSkbkyvs/vj8E8+vagwYi0noyTVmb5qReSuk1kyuqEP2ycKIaWKt+Z4LnwxHm7KO51SMMeBgpiFHaUTQWXZHYuU2aXVfFIgJkCtHdEjG7Qe2P8K5XU5rG+CrQ/Y9PxPrKQHk+2nox9dLfCWo2Eho1N85z9/rA7A0oNwsHkjWAl3k87lWdpg7y3VNLzqsMNF4M4HjpQV60MH73dUU= essex-police@kpvmshift04app.netr.ecis.police.uk" diff --git a/terraform/environments/apex/ecs.tf b/terraform/environments/apex/ecs.tf index 66376cc4f03..bd82cd11143 100644 --- a/terraform/environments/apex/ecs.tf +++ b/terraform/environments/apex/ecs.tf @@ -6,33 +6,33 @@ module "apex-ecs" { source = "./modules/ecs" - subnet_set_name = local.subnet_set_name - vpc_all = local.vpc_all - app_name = local.application_name - container_instance_type = local.application_data.accounts[local.environment].container_instance_type - ami_image_id = local.application_data.accounts[local.environment].ami_image_id - instance_type = local.application_data.accounts[local.environment].instance_type - user_data = local.user_data - key_name = local.application_data.accounts[local.environment].key_name - task_definition = local.task_definition - ec2_desired_capacity = local.application_data.accounts[local.environment].ec2_desired_capacity - ec2_max_size = local.application_data.accounts[local.environment].ec2_max_size - ec2_min_size = local.application_data.accounts[local.environment].ec2_min_size - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - network_mode = local.application_data.accounts[local.environment].network_mode - server_port = local.application_data.accounts[local.environment].server_port - app_count = local.application_data.accounts[local.environment].app_count - ec2_ingress_rules = local.ec2_ingress_rules - ec2_egress_rules = local.ec2_egress_rules - lb_tg_arn = module.alb.target_group_arn - tags_common = local.tags - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - ecs_target_capacity = local.ecs_target_capacity + subnet_set_name = local.subnet_set_name + vpc_all = local.vpc_all + app_name = local.application_name + container_instance_type = local.application_data.accounts[local.environment].container_instance_type + ami_image_id = local.application_data.accounts[local.environment].ami_image_id + instance_type = local.application_data.accounts[local.environment].instance_type + user_data = local.user_data + key_name = local.application_data.accounts[local.environment].key_name + task_definition = local.task_definition + ec2_desired_capacity = local.application_data.accounts[local.environment].ec2_desired_capacity + ec2_max_size = local.application_data.accounts[local.environment].ec2_max_size + ec2_min_size = local.application_data.accounts[local.environment].ec2_min_size + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + network_mode = local.application_data.accounts[local.environment].network_mode + server_port = local.application_data.accounts[local.environment].server_port + app_count = local.application_data.accounts[local.environment].app_count + ec2_ingress_rules = local.ec2_ingress_rules + ec2_egress_rules = local.ec2_egress_rules + lb_tg_arn = module.alb.target_group_arn + tags_common = local.tags + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + ecs_target_capacity = local.ecs_target_capacity ec2_instance_warmup_period = local.application_data.accounts[local.environment].ec2_instance_warmup_period - log_group_kms_key = aws_kms_key.cloudwatch_logs_key.arn - environment = local.environment + log_group_kms_key = aws_kms_key.cloudwatch_logs_key.arn + environment = local.environment } \ No newline at end of file diff --git a/terraform/environments/apex/modules/ecs/main.tf b/terraform/environments/apex/modules/ecs/main.tf index 29dfc641c1c..cf4bb36d85b 100644 --- a/terraform/environments/apex/modules/ecs/main.tf +++ b/terraform/environments/apex/modules/ecs/main.tf @@ -501,7 +501,7 @@ resource "aws_appautoscaling_policy" "ecs_target_cpu" { predefined_metric_specification { predefined_metric_type = "ECSServiceAverageCPUUtilization" } - target_value = var.ecs_scaling_cpu_threshold + target_value = var.ecs_scaling_cpu_threshold scale_in_cooldown = 300 scale_out_cooldown = 300 } @@ -517,7 +517,7 @@ resource "aws_appautoscaling_policy" "ecs_target_memory" { predefined_metric_specification { predefined_metric_type = "ECSServiceAverageMemoryUtilization" } - target_value = var.ecs_scaling_mem_threshold + target_value = var.ecs_scaling_mem_threshold scale_in_cooldown = 300 scale_out_cooldown = 300 } @@ -533,8 +533,8 @@ resource "aws_ecs_capacity_provider" "apex" { managed_scaling { # maximum_scaling_step_size = 1000 # minimum_scaling_step_size = 1 - status = "ENABLED" - target_capacity = var.ecs_target_capacity + status = "ENABLED" + target_capacity = var.ecs_target_capacity instance_warmup_period = var.ec2_instance_warmup_period } managed_draining = "ENABLED" diff --git a/terraform/environments/delius-mis/modules/mis_environment/bps.tf b/terraform/environments/delius-mis/modules/mis_environment/bps.tf index d86136d8920..bb7d7934421 100644 --- a/terraform/environments/delius-mis/modules/mis_environment/bps.tf +++ b/terraform/environments/delius-mis/modules/mis_environment/bps.tf @@ -54,7 +54,7 @@ module "bps_instance" { availability_zone = "eu-west-2a" subnet_id = var.account_config.private_subnet_ids[count.index] tags = var.tags - + cloudwatch_metric_alarms = merge( local.cloudwatch_metric_alarms.ec2 ) diff --git a/terraform/environments/delius-mis/modules/mis_environment/bws.tf b/terraform/environments/delius-mis/modules/mis_environment/bws.tf index b320e2ea93f..6acf37f2719 100644 --- a/terraform/environments/delius-mis/modules/mis_environment/bws.tf +++ b/terraform/environments/delius-mis/modules/mis_environment/bws.tf @@ -54,7 +54,7 @@ module "bws_instance" { availability_zone = "eu-west-2a" subnet_id = var.account_config.private_subnet_ids[count.index] tags = var.tags - + cloudwatch_metric_alarms = merge( local.cloudwatch_metric_alarms.ec2 ) diff --git a/terraform/environments/delius-mis/modules/mis_environment/dis.tf b/terraform/environments/delius-mis/modules/mis_environment/dis.tf index 315735405d4..f4648c50b7e 100644 --- a/terraform/environments/delius-mis/modules/mis_environment/dis.tf +++ b/terraform/environments/delius-mis/modules/mis_environment/dis.tf @@ -54,7 +54,7 @@ module "dis_instance" { availability_zone = "eu-west-2a" subnet_id = var.account_config.private_subnet_ids[count.index] tags = var.tags - + cloudwatch_metric_alarms = merge( local.cloudwatch_metric_alarms.ec2 ) diff --git a/terraform/environments/digital-prison-reporting/operational_datastore.tf b/terraform/environments/digital-prison-reporting/operational_datastore.tf index 17c860ac4ff..23be041a1b2 100644 --- a/terraform/environments/digital-prison-reporting/operational_datastore.tf +++ b/terraform/environments/digital-prison-reporting/operational_datastore.tf @@ -14,13 +14,13 @@ resource "aws_glue_connection" "glue_operational_datastore_connection" { } physical_connection_requirements { - availability_zone = data.aws_subnet.private_subnets_a.availability_zone + availability_zone = data.aws_subnet.private_subnets_a.availability_zone security_group_id_list = [aws_security_group.glue_operational_datastore_connection_sg[0].id] - subnet_id = data.aws_subnet.private_subnets_a.id + subnet_id = data.aws_subnet.private_subnets_a.id } } -resource aws_security_group "glue_operational_datastore_connection_sg" { +resource "aws_security_group" "glue_operational_datastore_connection_sg" { count = (local.environment == "development" ? 1 : 0) name = "${local.project}-operational-datastore-connection_sg" description = "Security group to allow glue access to Operational Datastore via JDBC Connection" @@ -31,18 +31,18 @@ resource aws_security_group "glue_operational_datastore_connection_sg" { # A self-referencing inbound rule for all TCP ports to enable AWS Glue to communicate between its components ingress { - from_port = 0 - to_port = 65535 - protocol = "TCP" - self = true + from_port = 0 + to_port = 65535 + protocol = "TCP" + self = true description = "Security Group can Ingress to itself on all ports - required for Glue to communicate with itself" } # Allow all traffic out egress { - from_port = 0 - to_port = 0 - protocol = "-1" + from_port = 0 + to_port = 0 + protocol = "-1" cidr_blocks = ["0.0.0.0/0"] description = "Allow all traffic out from this Security Group" } diff --git a/terraform/environments/digital-prison-reporting/policy.tf b/terraform/environments/digital-prison-reporting/policy.tf index 21346432a3b..57be680a16d 100644 --- a/terraform/environments/digital-prison-reporting/policy.tf +++ b/terraform/environments/digital-prison-reporting/policy.tf @@ -701,7 +701,7 @@ data "aws_iam_policy_document" "glue_catalog_readonly" { "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:database/raw", "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:table/raw/*", "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:database/structured", - "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:table/structured/*" + "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:table/structured/*" ] } } diff --git a/terraform/environments/digital-prison-reporting/secrets.tf b/terraform/environments/digital-prison-reporting/secrets.tf index efdc8642f26..00f27658432 100644 --- a/terraform/environments/digital-prison-reporting/secrets.tf +++ b/terraform/environments/digital-prison-reporting/secrets.tf @@ -69,12 +69,12 @@ resource "aws_secretsmanager_secret" "operational_datastore" { } resource "aws_secretsmanager_secret_version" "operational_datastore" { - count = (local.environment == "development" ? 1 : 0) - secret_id = aws_secretsmanager_secret.operational_datastore[0].id + count = (local.environment == "development" ? 1 : 0) + secret_id = aws_secretsmanager_secret.operational_datastore[0].id secret_string = jsonencode(local.operational_datastore_secrets_placeholder) lifecycle { - ignore_changes = [secret_string,] + ignore_changes = [secret_string, ] } } diff --git a/terraform/environments/electronic-monitoring-data/dms_main.tf b/terraform/environments/electronic-monitoring-data/dms_main.tf index 024da4ca36d..9d202dd80fc 100644 --- a/terraform/environments/electronic-monitoring-data/dms_main.tf +++ b/terraform/environments/electronic-monitoring-data/dms_main.tf @@ -1,7 +1,7 @@ module "dms_task" { source = "./modules/dms" - for_each = toset(local.is-production? [ + for_each = toset(local.is-production ? [ "g4s_cap_dw", "g4s_emsys_mvp" ] : ["test"]) diff --git a/terraform/environments/electronic-monitoring-data/ecr_main.tf b/terraform/environments/electronic-monitoring-data/ecr_main.tf index e65c604de5b..842648d1d81 100644 --- a/terraform/environments/electronic-monitoring-data/ecr_main.tf +++ b/terraform/environments/electronic-monitoring-data/ecr_main.tf @@ -1,9 +1,9 @@ module "ecr_lambda_repo" { - source = "./modules/ecr" - ecr_name = "lambdas/update_log_table" + source = "./modules/ecr" + ecr_name = "lambdas/update_log_table" } module "ecr_lambdas_repo" { - source = "./modules/ecr" - ecr_name = "lambda-functions-repo" + source = "./modules/ecr" + ecr_name = "lambda-functions-repo" } \ No newline at end of file diff --git a/terraform/environments/electronic-monitoring-data/lambdas_iam.tf b/terraform/environments/electronic-monitoring-data/lambdas_iam.tf index 0f88c22f56a..e44905eb51c 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_iam.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_iam.tf @@ -324,13 +324,13 @@ resource "aws_iam_role_policy_attachment" "send_table_to_ap_get_parquet_files" { # ------------------------------------------------ resource "aws_iam_role" "query_output_to_list" { - name = "query_output_to_list" - assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json + name = "query_output_to_list" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json } resource "aws_iam_role_policy_attachment" "query_output_to_list_lambda_sqs_queue_access_execution" { - role = aws_iam_role.query_output_to_list.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" + role = aws_iam_role.query_output_to_list.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" } @@ -375,13 +375,13 @@ resource "aws_iam_role_policy_attachment" "get_file_keys_for_table_list_target_s # ------------------------------------------ resource "aws_iam_role" "update_log_table" { - name = "update_log_table" - assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json + name = "update_log_table" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json } resource "aws_iam_role_policy_attachment" "update_log_table_lambda_sqs_queue_access_execution" { - role = aws_iam_role.update_log_table.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" + role = aws_iam_role.update_log_table.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" } data "aws_iam_policy_document" "get_log_s3_files" { @@ -393,21 +393,21 @@ data "aws_iam_policy_document" "get_log_s3_files" { "s3:PutObject", "s3:GetBucketLocation", "s3:DeleteObject" - ] + ] resources = [ aws_s3_bucket.dms_dv_parquet_s3_bucket.arn, "${aws_s3_bucket.dms_dv_parquet_s3_bucket.arn}/*" - ] + ] } } resource "aws_iam_policy" "get_log_s3_files" { - name = "get_log_s3_files" + name = "get_log_s3_files" policy = data.aws_iam_policy_document.get_log_s3_files.json } resource "aws_iam_role_policy_attachment" "update_log_table_get_log_s3_files" { - role = aws_iam_role.update_log_table.name - policy_arn = aws_iam_policy.get_log_s3_files.arn + role = aws_iam_role.update_log_table.name + policy_arn = aws_iam_policy.get_log_s3_files.arn } # ------------------------------------------ @@ -415,7 +415,7 @@ resource "aws_iam_role_policy_attachment" "update_log_table_get_log_s3_files" { # ------------------------------------------ resource "aws_iam_role" "output_fs_json_lambda" { - name = "output_fs_json_lambda" + name = "output_fs_json_lambda" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"] } @@ -434,9 +434,9 @@ data "aws_iam_policy_document" "output_fs_json_lambda_s3_policy_document" { } resource "aws_iam_policy" "output_fs_json_lambda_s3_policy" { - name = "output-fs-json-lambda-s3-policy" - description = "Policy for Lambda to use S3 for ${local.output_fs_json_lambda}" - policy = data.aws_iam_policy_document.output_fs_json_lambda_s3_policy_document.json + name = "output-fs-json-lambda-s3-policy" + description = "Policy for Lambda to use S3 for ${local.output_fs_json_lambda}" + policy = data.aws_iam_policy_document.output_fs_json_lambda_s3_policy_document.json } resource "aws_iam_role_policy_attachment" "output_fs_json_lambda_s3_policy_attachment" { diff --git a/terraform/environments/electronic-monitoring-data/lambdas_main.tf b/terraform/environments/electronic-monitoring-data/lambdas_main.tf index f18676e3b4b..1d1f2a5842b 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_main.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_main.tf @@ -1,8 +1,8 @@ locals { lambda_path = "lambdas" - env_name = local.is-production? "prod": "dev" + env_name = local.is-production ? "prod" : "dev" db_name = local.is-production ? "g4s_cap_dw" : "test" - + output_fs_json_lambda = "output_file_structure_as_json_from_zip" } @@ -191,27 +191,27 @@ module "send_table_to_ap" { data "archive_file" "query_output_to_list" { - type = "zip" - source_file = "${local.lambda_path}/query_output_to_list.py" - output_path = "${local.lambda_path}/query_output_to_list.zip" + type = "zip" + source_file = "${local.lambda_path}/query_output_to_list.py" + output_path = "${local.lambda_path}/query_output_to_list.zip" } module "query_output_to_list" { - source = "./modules/lambdas" - filename = "${local.lambda_path}/query_output_to_list.zip" - function_name = "query_output_to_list" - role_arn = aws_iam_role.query_output_to_list.arn - role_name = aws_iam_role.query_output_to_list.name - handler = "query_output_to_list.handler" - source_code_hash = data.archive_file.query_output_to_list.output_base64sha256 - layers = null - timeout = 900 - memory_size = 1024 - runtime = "python3.11" - security_group_ids = null - subnet_ids = null - env_account_id = local.env_account_id - environment_variables = null + source = "./modules/lambdas" + filename = "${local.lambda_path}/query_output_to_list.zip" + function_name = "query_output_to_list" + role_arn = aws_iam_role.query_output_to_list.arn + role_name = aws_iam_role.query_output_to_list.name + handler = "query_output_to_list.handler" + source_code_hash = data.archive_file.query_output_to_list.output_base64sha256 + layers = null + timeout = 900 + memory_size = 1024 + runtime = "python3.11" + security_group_ids = null + subnet_ids = null + env_account_id = local.env_account_id + environment_variables = null } # ------------------------------------------------------ @@ -220,20 +220,20 @@ module "query_output_to_list" { resource "aws_lambda_function" "update_log_table" { - function_name = "update_log_table" - role = aws_iam_role.update_log_table.arn - memory_size = 1024 - timeout = 900 - package_type = "Image" - image_uri = "${module.ecr_lambda_repo.repository_url}:${local.env_name}" - architectures = ["arm64"] - environment { - variables = { + function_name = "update_log_table" + role = aws_iam_role.update_log_table.arn + memory_size = 1024 + timeout = 900 + package_type = "Image" + image_uri = "${module.ecr_lambda_repo.repository_url}:${local.env_name}" + architectures = ["arm64"] + environment { + variables = { S3_LOG_BUCKET = aws_s3_bucket.dms_dv_parquet_s3_bucket.id DATABASE_NAME = aws_glue_catalog_database.dms_dv_glue_catalog_db.name - TABLE_NAME = "glue_df_output" - } + TABLE_NAME = "glue_df_output" } + } } #----------------------------------------------------------------------------------- @@ -249,7 +249,7 @@ data "archive_file" "output_file_structure_as_json_from_zip" { module "output_file_structure_as_json_from_zip" { source = "./modules/lambdas" filename = "${local.lambda_path}/${local.output_fs_json_lambda}.zip" - function_name = "${local.output_fs_json_lambda}" + function_name = local.output_fs_json_lambda role_arn = aws_iam_role.output_fs_json_lambda.arn role_name = aws_iam_role.output_fs_json_lambda.name handler = "${local.output_fs_json_lambda}.handler" diff --git a/terraform/environments/electronic-monitoring-data/main.tf b/terraform/environments/electronic-monitoring-data/main.tf index dd12e61cb4c..cca37131563 100644 --- a/terraform/environments/electronic-monitoring-data/main.tf +++ b/terraform/environments/electronic-monitoring-data/main.tf @@ -97,5 +97,5 @@ output "account_id" { } output "account_suffix" { - value = local.is-production? "production": "development" + value = local.is-production ? "production" : "development" } \ No newline at end of file diff --git a/terraform/environments/electronic-monitoring-data/modules/dms/endpoints_rds_s3.tf b/terraform/environments/electronic-monitoring-data/modules/dms/endpoints_rds_s3.tf index 56a2355a67a..861d1e37211 100644 --- a/terraform/environments/electronic-monitoring-data/modules/dms/endpoints_rds_s3.tf +++ b/terraform/environments/electronic-monitoring-data/modules/dms/endpoints_rds_s3.tf @@ -63,7 +63,7 @@ resource "aws_dms_s3_endpoint" "dms_s3_parquet_target" { # glue_catalog_generation = true # ignore_header_rows = 1 # include_op_for_full_load = true - max_file_size = 64000 + max_file_size = 64000 parquet_timestamp_in_millisecond = true parquet_version = "parquet-2-0" # preserve_transactions = false diff --git a/terraform/environments/electronic-monitoring-data/modules/ecr/main.tf b/terraform/environments/electronic-monitoring-data/modules/ecr/main.tf index 463acf7f3d3..369848044b2 100644 --- a/terraform/environments/electronic-monitoring-data/modules/ecr/main.tf +++ b/terraform/environments/electronic-monitoring-data/modules/ecr/main.tf @@ -1,10 +1,10 @@ resource "aws_ecr_repository" "ecr" { - name = var.ecr_name - image_tag_mutability = var.image_mutability - encryption_configuration { - encryption_type = var.encrypt_type - } - image_scanning_configuration { - scan_on_push = true - } + name = var.ecr_name + image_tag_mutability = var.image_mutability + encryption_configuration { + encryption_type = var.encrypt_type + } + image_scanning_configuration { + scan_on_push = true + } } \ No newline at end of file diff --git a/terraform/environments/electronic-monitoring-data/modules/ecr/outputs.tf b/terraform/environments/electronic-monitoring-data/modules/ecr/outputs.tf index b4c2e38aa73..aef198cdfa1 100644 --- a/terraform/environments/electronic-monitoring-data/modules/ecr/outputs.tf +++ b/terraform/environments/electronic-monitoring-data/modules/ecr/outputs.tf @@ -1,7 +1,7 @@ output "repository_url" { - value = aws_ecr_repository.ecr.repository_url + value = aws_ecr_repository.ecr.repository_url } output "arn" { - value = aws_ecr_repository.ecr.arn + value = aws_ecr_repository.ecr.arn } \ No newline at end of file diff --git a/terraform/environments/electronic-monitoring-data/modules/ecr/variables.tf b/terraform/environments/electronic-monitoring-data/modules/ecr/variables.tf index b729fa08753..3e1530eb237 100644 --- a/terraform/environments/electronic-monitoring-data/modules/ecr/variables.tf +++ b/terraform/environments/electronic-monitoring-data/modules/ecr/variables.tf @@ -1,23 +1,23 @@ variable "ecr_name" { - description = "The name of the registry" - type = any - default = null + description = "The name of the registry" + type = any + default = null } variable "image_mutability" { - description = "The image mutability" - type = string - default = "IMMUTABLE" + description = "The image mutability" + type = string + default = "IMMUTABLE" } variable "encrypt_type" { - description = "Type of encryption" - type = string - default = "KMS" + description = "Type of encryption" + type = string + default = "KMS" } variable "tags" { - description = "The maps for tagging" - type = map(string) - default = {} + description = "The maps for tagging" + type = map(string) + default = {} } \ No newline at end of file diff --git a/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf b/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf index 74a46d2b5fe..e2f7d25f83b 100644 --- a/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf +++ b/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf @@ -10,7 +10,7 @@ resource "aws_sqs_queue" "lambda_dlq" { data "external" "latest_image_update_log_table" { program = [ "bash", "-c", - "echo {}"] + "echo {}"] } resource "aws_kms_key" "lambda_env_key" { diff --git a/terraform/environments/electronic-monitoring-data/step_functions_main.tf b/terraform/environments/electronic-monitoring-data/step_functions_main.tf index 0bddb100065..84c6ba903f0 100644 --- a/terraform/environments/electronic-monitoring-data/step_functions_main.tf +++ b/terraform/environments/electronic-monitoring-data/step_functions_main.tf @@ -4,34 +4,34 @@ resource "aws_sfn_state_machine" "athena_layer" { definition = jsonencode( { - "StartAt": "GetMetadataList", - "States": { - "GetMetadataList": { - "Type": "Task", - "Resource": "${module.get_metadata_from_rds_lambda.lambda_function_arn}", - "ResultPath": "$.metadata_list", - "Next": "LoopThroughMetadataList" + "StartAt" : "GetMetadataList", + "States" : { + "GetMetadataList" : { + "Type" : "Task", + "Resource" : "${module.get_metadata_from_rds_lambda.lambda_function_arn}", + "ResultPath" : "$.metadata_list", + "Next" : "LoopThroughMetadataList" }, - "LoopThroughMetadataList": { - "Type": "Map", - "ItemsPath": "$.metadata_list.metadata_list", - "MaxConcurrency": 4, - "Iterator": { - "StartAt": "CreateAthenaTable", - "States": { - "CreateAthenaTable": { - "Type": "Task", - "Resource": "${module.create_athena_table.lambda_function_arn}", - "ResultPath": "$.result", - "End": true + "LoopThroughMetadataList" : { + "Type" : "Map", + "ItemsPath" : "$.metadata_list.metadata_list", + "MaxConcurrency" : 4, + "Iterator" : { + "StartAt" : "CreateAthenaTable", + "States" : { + "CreateAthenaTable" : { + "Type" : "Task", + "Resource" : "${module.create_athena_table.lambda_function_arn}", + "ResultPath" : "$.result", + "End" : true } } }, - "End": true + "End" : true } } } -) + ) } @@ -41,36 +41,36 @@ resource "aws_kms_key" "athena_layer_step_functions_log_key" { policy = jsonencode( { - "Id": "key-default", - "Version": "2012-10-17", - "Statement": [ + "Id" : "key-default", + "Version" : "2012-10-17", + "Statement" : [ { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::${local.env_account_id}:root" + "Sid" : "Enable IAM User Permissions", + "Effect" : "Allow", + "Principal" : { + "AWS" : "arn:aws:iam::${local.env_account_id}:root" }, - "Action": "kms:*", - "Resource": "*" + "Action" : "kms:*", + "Resource" : "*" }, { - "Sid": "Enable log service Permissions", - "Effect": "Allow", - "Principal": { - "Service": "logs.eu-west-2.amazonaws.com" + "Sid" : "Enable log service Permissions", + "Effect" : "Allow", + "Principal" : { + "Service" : "logs.eu-west-2.amazonaws.com" }, - "Action": [ + "Action" : [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*" ], - "Resource": "*" + "Resource" : "*" } ] } -) + ) } resource "aws_cloudwatch_log_group" "athena_layer" { @@ -88,87 +88,87 @@ resource "aws_sfn_state_machine" "send_database_to_ap" { definition = jsonencode( { - "StartAt": "GetValidatedTableList", - "States": { - "GetValidatedTableList": { - "Type": "Task", - "Resource": "arn:aws:states:::athena:startQueryExecution.sync", - "Parameters": { - "QueryString.$": "States.Format('SELECT database_name, split(validation_msg, \\' - \\', 2)[1] as table_name FROM \"dms_data_validation\".\"glue_df_output\" WHERE validation_msg like \\'%Validated%\\' and database_name = \\'{}\\' and table_to_ap = \\'False\\'', $.db_name)", - "WorkGroup": "primary", - "ResultConfiguration": { - "OutputLocation": "s3://em-athena-result-output/random-location/" - } - }, - "ResultPath": "$.queryResult", - "Next": "GetQueryResults" + "StartAt" : "GetValidatedTableList", + "States" : { + "GetValidatedTableList" : { + "Type" : "Task", + "Resource" : "arn:aws:states:::athena:startQueryExecution.sync", + "Parameters" : { + "QueryString.$" : "States.Format('SELECT database_name, split(validation_msg, \\' - \\', 2)[1] as table_name FROM \"dms_data_validation\".\"glue_df_output\" WHERE validation_msg like \\'%Validated%\\' and database_name = \\'{}\\' and table_to_ap = \\'False\\'', $.db_name)", + "WorkGroup" : "primary", + "ResultConfiguration" : { + "OutputLocation" : "s3://em-athena-result-output/random-location/" + } }, - "GetQueryResults": { - "Type": "Task", - "Resource": "arn:aws:states:::athena:getQueryResults", - "Parameters": { - "QueryExecutionId.$": "$.queryResult.QueryExecution.QueryExecutionId" + "ResultPath" : "$.queryResult", + "Next" : "GetQueryResults" + }, + "GetQueryResults" : { + "Type" : "Task", + "Resource" : "arn:aws:states:::athena:getQueryResults", + "Parameters" : { + "QueryExecutionId.$" : "$.queryResult.QueryExecution.QueryExecutionId" }, - "ResultPath": "$.queryOutput", - "Next": "QueryOutputToList" + "ResultPath" : "$.queryOutput", + "Next" : "QueryOutputToList" }, - "QueryOutputToList": { - "Type": "Task", - "Resource": "${module.query_output_to_list.lambda_function_arn}", - "ResultPath": "$.queryOutputList", - "Next": "LoopThroughTables" + "QueryOutputToList" : { + "Type" : "Task", + "Resource" : "${module.query_output_to_list.lambda_function_arn}", + "ResultPath" : "$.queryOutputList", + "Next" : "LoopThroughTables" }, - "LoopThroughTables": { - "Type": "Map", - "ItemsPath": "$.queryOutputList", - "MaxConcurrency": 4, - "Iterator": { - "StartAt": "GetTableFileNames", - "States": { - "GetTableFileNames": { - "Type": "Task", - "Resource": "${module.get_file_keys_for_table.lambda_function_arn}", - "ResultPath": "$.result", - "Next": "LoopThroughFileKeys" + "LoopThroughTables" : { + "Type" : "Map", + "ItemsPath" : "$.queryOutputList", + "MaxConcurrency" : 4, + "Iterator" : { + "StartAt" : "GetTableFileNames", + "States" : { + "GetTableFileNames" : { + "Type" : "Task", + "Resource" : "${module.get_file_keys_for_table.lambda_function_arn}", + "ResultPath" : "$.result", + "Next" : "LoopThroughFileKeys" }, - "LoopThroughFileKeys": { - "Type": "Map", - "ItemsPath": "$.result", - "MaxConcurrency": 4, - "Iterator": { - "StartAt": "SendTableToAp", - "States": { - "SendTableToAp": { - "Type": "Task", - "Resource": "${module.send_table_to_ap.lambda_function_arn}", - "ResultPath": "$.db_info", - "Next": "UpdateLogTable" + "LoopThroughFileKeys" : { + "Type" : "Map", + "ItemsPath" : "$.result", + "MaxConcurrency" : 4, + "Iterator" : { + "StartAt" : "SendTableToAp", + "States" : { + "SendTableToAp" : { + "Type" : "Task", + "Resource" : "${module.send_table_to_ap.lambda_function_arn}", + "ResultPath" : "$.db_info", + "Next" : "UpdateLogTable" }, - "UpdateLogTable": { - "Type": "Task", - "Resource": "${aws_lambda_function.update_log_table.arn}", - "ResultPath": "$.final_result", - "End": true - } + "UpdateLogTable" : { + "Type" : "Task", + "Resource" : "${aws_lambda_function.update_log_table.arn}", + "ResultPath" : "$.final_result", + "End" : true + } } }, - "End": true + "End" : true } } }, - "Next": "FixLogTable" + "Next" : "FixLogTable" }, - "FixLogTable": { - "Type": "Task", - "Resource": "arn:aws:states:::athena:startQueryExecution.sync", - "Parameters": { - "QueryString": "MSCK REPAIR TABLE dms_data_validation.glue_df_output", - "WorkGroup": "primary", - "ResultConfiguration": { - "OutputLocation": "s3://em-athena-result-output/random-location/" - } - }, - "End": true + "FixLogTable" : { + "Type" : "Task", + "Resource" : "arn:aws:states:::athena:startQueryExecution.sync", + "Parameters" : { + "QueryString" : "MSCK REPAIR TABLE dms_data_validation.glue_df_output", + "WorkGroup" : "primary", + "ResultConfiguration" : { + "OutputLocation" : "s3://em-athena-result-output/random-location/" + } + }, + "End" : true } } } @@ -181,36 +181,36 @@ resource "aws_kms_key" "send_database_to_ap_step_functions_log_key" { policy = jsonencode( { - "Id": "key-default", - "Version": "2012-10-17", - "Statement": [ + "Id" : "key-default", + "Version" : "2012-10-17", + "Statement" : [ { - "Sid": "Enable IAM User Permissions", - "Effect": "Allow", - "Principal": { - "AWS": "arn:aws:iam::${local.env_account_id}:root" + "Sid" : "Enable IAM User Permissions", + "Effect" : "Allow", + "Principal" : { + "AWS" : "arn:aws:iam::${local.env_account_id}:root" }, - "Action": "kms:*", - "Resource": "*" + "Action" : "kms:*", + "Resource" : "*" }, { - "Sid": "Enable log service Permissions", - "Effect": "Allow", - "Principal": { - "Service": "logs.eu-west-2.amazonaws.com" + "Sid" : "Enable log service Permissions", + "Effect" : "Allow", + "Principal" : { + "Service" : "logs.eu-west-2.amazonaws.com" }, - "Action": [ + "Action" : [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*" ], - "Resource": "*" + "Resource" : "*" } ] } -) + ) } resource "aws_cloudwatch_log_group" "send_database_to_ap" { diff --git a/terraform/environments/mlra/modules/alb/main.tf b/terraform/environments/mlra/modules/alb/main.tf index 26a7214c121..ee5a03c6bda 100644 --- a/terraform/environments/mlra/modules/alb/main.tf +++ b/terraform/environments/mlra/modules/alb/main.tf @@ -388,7 +388,7 @@ resource "aws_cloudfront_distribution" "external" { #checkov:skip=CKV2_AWS_47:TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390 #checkov:skip=CKV_AWS_305:TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390 #checkov:skip=CKV_AWS_310:TODO Will be addressed as part of https://dsdmoj.atlassian.net/browse/LASB-3390 - http_version = var.cloudfront_http_version + http_version = var.cloudfront_http_version origin { domain_name = aws_lb.loadbalancer.dns_name origin_id = aws_lb.loadbalancer.id diff --git a/terraform/environments/nomis-combined-reporting/locals_preproduction.tf b/terraform/environments/nomis-combined-reporting/locals_preproduction.tf index 8f362fcef23..a811ddbf555 100644 --- a/terraform/environments/nomis-combined-reporting/locals_preproduction.tf +++ b/terraform/environments/nomis-combined-reporting/locals_preproduction.tf @@ -269,8 +269,8 @@ locals { pp-ncr-client-a = merge(local.jumpserver_ec2_default, { # cloudwatch_metric_alarms = local.client_cloudwatch_metric_alarms # comment in when commissioned config = merge(local.jumpserver_ec2_default.config, { - ami_name = "hmpps_windows_server_2019_release_2024-05-02T00-00-37.552Z" - availability_zone = "eu-west-2a" + ami_name = "hmpps_windows_server_2019_release_2024-05-02T00-00-37.552Z" + availability_zone = "eu-west-2a" instance_profile_policies = concat(local.jumpserver_ec2_default.config.instance_profile_policies, [ "Ec2PPReportingPolicy", ]) diff --git a/terraform/modules/baseline/variables.tf b/terraform/modules/baseline/variables.tf index 53a95695a08..78780ed4c58 100644 --- a/terraform/modules/baseline/variables.tf +++ b/terraform/modules/baseline/variables.tf @@ -86,7 +86,7 @@ variable "bastion_linux" { # cannot define a type without fully defining the entire cloudwatch dashboard json structure # tflint-ignore: terraform_typed_variables variable "cloudwatch_dashboards" { - + description = "map of cloudwatch dashboards where key is the dashboard name. Use widget_groups if you want baseline to work out x,y,width,height" #type = map(object({ # account_name = optional(string) # for monitoring account, limit to given account @@ -475,8 +475,8 @@ variable "efs" { default = {} } - # tflint-ignore: terraform_typed_variables - variable "environment" { +# tflint-ignore: terraform_typed_variables +variable "environment" { # Not defining 'type' as it is defined in the output of the environment module description = "Standard environmental data resources from the environment module" }