Remove resources that are not always required

ministryofjustice · Oct 15, 2024 · 496348c · 496348c
1 parent b784a83
commit 496348c
Show file tree

Hide file tree

Showing 14 changed files with 1,785 additions and 1,752 deletions.
diff --git a/terraform/environments/contract-work-administration/alb.tf b/terraform/environments/contract-work-administration/alb.tf
diff --git a/terraform/environments/example/certificates.tf b/terraform/environments/example/certificates.tf
@@ -2,89 +2,89 @@
 #------------------------Comment out file if not required----------------------------------
 ###########################################################################################
 
-resource "aws_acm_certificate" "example_cert" {
-  domain_name       = "modernisation-platform.service.justice.gov.uk"
-  validation_method = "DNS"
+# resource "aws_acm_certificate" "example_cert" {
+#   domain_name       = "modernisation-platform.service.justice.gov.uk"
+#   validation_method = "DNS"
 
-  subject_alternative_names = [
-    format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", local.application_name, var.networking[0].business-unit, local.environment),
-  ]
+#   subject_alternative_names = [
+#     format("%s.%s-%s.modernisation-platform.service.justice.gov.uk", local.application_name, var.networking[0].business-unit, local.environment),
+#   ]
 
-  tags = { Name = lower(format("%s-%s-certificate", local.application_name, local.environment)) }
+#   tags = { Name = lower(format("%s-%s-certificate", local.application_name, local.environment)) }
 
-  lifecycle {
-    create_before_destroy = true
-  }
-}
+#   lifecycle {
+#     create_before_destroy = true
+#   }
+# }
 
-resource "aws_acm_certificate_validation" "example_cert" {
-  certificate_arn         = aws_acm_certificate.example_cert.arn
-  validation_record_fqdns = [for record in aws_route53_record.example_cert_validation : record.fqdn]
-  timeouts {
-    create = "10m"
-  }
-}
+# resource "aws_acm_certificate_validation" "example_cert" {
+#   certificate_arn         = aws_acm_certificate.example_cert.arn
+#   validation_record_fqdns = [for record in aws_route53_record.example_cert_validation : record.fqdn]
+#   timeouts {
+#     create = "10m"
+#   }
+# }
 
-resource "aws_route53_record" "example_cert_validation" {
-  provider = aws.core-network-services
-  for_each = {
-    for dvo in aws_acm_certificate.example_cert.domain_validation_options : dvo.domain_name => {
-      name   = dvo.resource_record_name
-      record = dvo.resource_record_value
-      type   = dvo.resource_record_type
-    }
-  }
+# resource "aws_route53_record" "example_cert_validation" {
+#   provider = aws.core-network-services
+#   for_each = {
+#     for dvo in aws_acm_certificate.example_cert.domain_validation_options : dvo.domain_name => {
+#       name   = dvo.resource_record_name
+#       record = dvo.resource_record_value
+#       type   = dvo.resource_record_type
+#     }
+#   }
 
-  allow_overwrite = true
-  name            = each.value.name
-  records         = [each.value.record]
-  ttl             = 60
-  type            = each.value.type
-  zone_id         = data.aws_route53_zone.network-services.zone_id
-}
+#   allow_overwrite = true
+#   name            = each.value.name
+#   records         = [each.value.record]
+#   ttl             = 60
+#   type            = each.value.type
+#   zone_id         = data.aws_route53_zone.network-services.zone_id
+# }
 
 
-# This will build on the core-vpc development account under platforms-development.modernisation-platform.service.justice.gov.uk, and route traffic back to example LB
-resource "aws_route53_record" "example_core_vpc" {
-  provider = aws.core-vpc
-  zone_id  = data.aws_route53_zone.external.zone_id
-  name     = "${var.networking[0].application}.${var.networking[0].business-unit}-${local.environment}.modernisation-platform-example-core-vpc.service.justice.gov.uk"
-  type     = "A"
+# # This will build on the core-vpc development account under platforms-development.modernisation-platform.service.justice.gov.uk, and route traffic back to example LB
+# resource "aws_route53_record" "example_core_vpc" {
+#   provider = aws.core-vpc
+#   zone_id  = data.aws_route53_zone.external.zone_id
+#   name     = "${var.networking[0].application}.${var.networking[0].business-unit}-${local.environment}.modernisation-platform-example-core-vpc.service.justice.gov.uk"
+#   type     = "A"
 
-  alias {
-    name                   = aws_lb.certificate_example_lb.dns_name
-    zone_id                = aws_lb.certificate_example_lb.zone_id
-    evaluate_target_health = true
-  }
-}
+#   alias {
+#     name                   = aws_lb.certificate_example_lb.dns_name
+#     zone_id                = aws_lb.certificate_example_lb.zone_id
+#     evaluate_target_health = true
+#   }
+# }
 
-# Build loadbalancer
+# # Build loadbalancer
 #tfsec:ignore:aws-elb-alb-not-public as the external lb needs to be public.
-resource "aws_lb" "certificate_example_lb" {
-  name               = "certificate-example-loadbalancer"
-  load_balancer_type = "application"
-  subnets            = data.aws_subnets.shared-public.ids
-  #checkov:skip=CKV_AWS_150:Short-lived example environment, hence no need for deletion protection
-  enable_deletion_protection = false
-  # allow 60*4 seconds before 504 gateway timeout for long-running DB operations
-  idle_timeout               = 240
-  drop_invalid_header_fields = true
+# resource "aws_lb" "certificate_example_lb" {
+#   name               = "certificate-example-loadbalancer"
+#   load_balancer_type = "application"
+#   subnets            = data.aws_subnets.shared-public.ids
+#   #checkov:skip=CKV_AWS_150:Short-lived example environment, hence no need for deletion protection
+#   enable_deletion_protection = false
+#   # allow 60*4 seconds before 504 gateway timeout for long-running DB operations
+#   idle_timeout               = 240
+#   drop_invalid_header_fields = true
 
-  security_groups = [aws_security_group.certificate_example_load_balancer_sg.id]
+#   security_groups = [aws_security_group.certificate_example_load_balancer_sg.id]
 
-  access_logs {
-    bucket  = module.s3-bucket-lb.bucket.id
-    prefix  = "test-lb"
-    enabled = true
-  }
+#   access_logs {
+#     bucket  = module.s3-bucket-lb.bucket.id
+#     prefix  = "test-lb"
+#     enabled = true
+#   }
 
-  tags       = { Name = "${local.application_name}-external-loadbalancer" }
-  depends_on = [aws_security_group.certificate_example_load_balancer_sg]
-}
+#   tags       = { Name = "${local.application_name}-external-loadbalancer" }
+#   depends_on = [aws_security_group.certificate_example_load_balancer_sg]
+# }
 
-resource "aws_security_group" "certificate_example_load_balancer_sg" {
-  name        = "certificate-example-lb-sg"
-  description = "controls access to load balancer"
-  vpc_id      = data.aws_vpc.shared.id
-  tags        = { Name = lower(format("lb-sg-%s-%s-example", local.application_name, local.environment)) }
-}
+# resource "aws_security_group" "certificate_example_load_balancer_sg" {
+#   name        = "certificate-example-lb-sg"
+#   description = "controls access to load balancer"
+#   vpc_id      = data.aws_vpc.shared.id
+#   tags        = { Name = lower(format("lb-sg-%s-%s-example", local.application_name, local.environment)) }
+# }
diff --git a/terraform/environments/example/data.tf b/terraform/environments/example/data.tf
@@ -1,14 +1,18 @@
+# ##########################################################################################
+# # ------------------------Comment out file if not required----------------------------------
+# ##########################################################################################
+
 #### This file can be used to store data specific to the member account ####
 
-# For macie code
-data "aws_s3_bucket" "bucket1" {
-  bucket = module.bastion_linux.bastion_s3_bucket.bucket.id
-}
+#For macie code
+# data "aws_s3_bucket" "bucket1" {
+#   bucket = module.bastion_linux.bastion_s3_bucket.bucket.id
+# }
 
-data "aws_s3_bucket" "bucket2" {
-  bucket = "config-20220505080423816000000003"
-}
+# data "aws_s3_bucket" "bucket2" {
+#   bucket = "config-20220505080423816000000003"
+# }
 
-data "aws_s3_bucket" "bucket3" {
-  bucket = module.s3-bucket.bucket.id
-}
+# data "aws_s3_bucket" "bucket3" {
+#   bucket = module.s3-bucket.bucket.id
+# }