diff --git a/terraform/environments/dacp/README.md b/terraform/environments/dacp/README.md index 49751a69374..af6f5f8f5b7 100644 --- a/terraform/environments/dacp/README.md +++ b/terraform/environments/dacp/README.md @@ -17,11 +17,11 @@ The Divorce Section Search Service (DACP) application is a business critical app ### **Service URLs:** -Dev: https://dacp.hmcts-development.modernisation-platform.service.justice.gov.uk +Dev: -Preproduction: https://dacp.hmcts-preproduction.modernisation-platform.service.justice.gov.uk +Preproduction: -Prod: https://divorce-section-search.service.justice.gov.uk +Prod: ### **Incident response hours:** @@ -45,7 +45,7 @@ Modernisation Platform ### **Other URLs:** -The service's GitHub repository can be found at: https://github.com/ministryofjustice/Dacp +The service's GitHub repository can be found at: ### **Expected speed and frequency of releases:** diff --git a/terraform/environments/data-and-insights-wepi/bastion_linux.json b/terraform/environments/data-and-insights-wepi/bastion_linux.json index 4d21b49e29b..0536bd08588 100644 --- a/terraform/environments/data-and-insights-wepi/bastion_linux.json +++ b/terraform/environments/data-and-insights-wepi/bastion_linux.json @@ -3,7 +3,11 @@ "preproduction": { "simonytta": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeBrsu9K2qVs2r/fueve0V+5WBY/ZZTNq1UJYhuXIZp simona.treivase@justice.gov.uk" }, - "development": {"simonytta": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeBrsu9K2qVs2r/fueve0V+5WBY/ZZTNq1UJYhuXIZp simona.treivase@justice.gov.uk"}, - "production": {"simonytta": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeBrsu9K2qVs2r/fueve0V+5WBY/ZZTNq1UJYhuXIZp simona.treivase@justice.gov.uk"} + "development": { + "simonytta": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeBrsu9K2qVs2r/fueve0V+5WBY/ZZTNq1UJYhuXIZp simona.treivase@justice.gov.uk" + }, + "production": { + "simonytta": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeBrsu9K2qVs2r/fueve0V+5WBY/ZZTNq1UJYhuXIZp simona.treivase@justice.gov.uk" + } } } diff --git a/terraform/environments/data-and-insights-wepi/json/wepi_iam_role_glue.json b/terraform/environments/data-and-insights-wepi/json/wepi_iam_role_glue.json index 4873267832e..ed383b64ab6 100644 --- a/terraform/environments/data-and-insights-wepi/json/wepi_iam_role_glue.json +++ b/terraform/environments/data-and-insights-wepi/json/wepi_iam_role_glue.json @@ -1,13 +1,13 @@ { - "Version": "2012-10-17", - "Statement": [ - { - "Action": "sts:AssumeRole", - "Principal": { - "Service": "glue.amazonaws.com" - }, - "Effect": "Allow", - "Sid": "" - } - ] - } \ No newline at end of file + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Principal": { + "Service": "glue.amazonaws.com" + }, + "Effect": "Allow", + "Sid": "" + } + ] +} diff --git a/terraform/environments/data-platform/application_variables.auto.tfvars.json b/terraform/environments/data-platform/application_variables.auto.tfvars.json index eeba0d7753f..80ddb4d5091 100644 --- a/terraform/environments/data-platform/application_variables.auto.tfvars.json +++ b/terraform/environments/data-platform/application_variables.auto.tfvars.json @@ -29,4 +29,4 @@ "preproduction": "1.1.0", "production": "1.1.0" } -} \ No newline at end of file +} diff --git a/terraform/environments/data-platform/iam.tf b/terraform/environments/data-platform/iam.tf index 3bd3fc9684b..3232d9d9999 100644 --- a/terraform/environments/data-platform/iam.tf +++ b/terraform/environments/data-platform/iam.tf @@ -189,9 +189,9 @@ data "aws_iam_policy_document" "iam_policy_document_for_presigned_url_lambda" { actions = ["s3:ListBucket"] resources = [module.s3-bucket.bucket.arn] condition { - test = "StringLike" + test = "StringLike" variable = "s3:prefix" - values = ["code/*"] + values = ["code/*"] } } } diff --git a/terraform/environments/delius-core/README.md b/terraform/environments/delius-core/README.md index 0a3159013c2..61417eb07a5 100644 --- a/terraform/environments/delius-core/README.md +++ b/terraform/environments/delius-core/README.md @@ -87,5 +87,5 @@ For example, resource name takes the form - where environmentname is the name for the delius environment, NOT the Modernisation Platform account name, e.g. `dev`, `stage`, `preprod` - resourceidentifier is an identifier for the resource that together with the environmentname gives full clarity about what the resource represents, e.g. `ldap-efs` or `delius-db-1` e.g. -`dev-ldap-efs` -`preprod-delius-db-1` +`dev-ldap-efs` +`preprod-delius-db-1` diff --git a/terraform/environments/delius-core/locals_environments_higher.tf b/terraform/environments/delius-core/locals_environments_higher.tf index aa88347e985..85a2da830a7 100644 --- a/terraform/environments/delius-core/locals_environments_higher.tf +++ b/terraform/environments/delius-core/locals_environments_higher.tf @@ -6,6 +6,6 @@ locals { } db_config_higher_environments = { - name = "db_for_higher_environments" + name = "db_for_higher_environments" } } diff --git a/terraform/environments/delius-iaps/application_variables.json b/terraform/environments/delius-iaps/application_variables.json index a5e1e66b9b4..ae99b373765 100644 --- a/terraform/environments/delius-iaps/application_variables.json +++ b/terraform/environments/delius-iaps/application_variables.json @@ -15,10 +15,7 @@ "db_multi_az": "false", "db_iam_database_authentication_enabled": "false", "db_monitoring_interval": "5", - "db_enabled_cloudwatch_logs_exports": [ - "alert", - "listener" - ], + "db_enabled_cloudwatch_logs_exports": ["alert", "listener"], "db_performance_insights_enabled": "false", "db_skip_final_snapshot": "true", "ec2_iaps_instance_type": "t3.medium", diff --git a/terraform/environments/delius-jitbit/application_variables.json b/terraform/environments/delius-jitbit/application_variables.json index fb5c3c89c91..a2ed97e675a 100644 --- a/terraform/environments/delius-jitbit/application_variables.json +++ b/terraform/environments/delius-jitbit/application_variables.json @@ -18,10 +18,7 @@ "db_multi_az": "false", "db_iam_database_authentication_enabled": "false", "db_monitoring_interval": "5", - "db_enabled_cloudwatch_logs_exports": [ - "agent", - "error" - ], + "db_enabled_cloudwatch_logs_exports": ["agent", "error"], "db_performance_insights_enabled": "false", "db_deletion_protection": "true", "db_delete_automated_backups": "false", @@ -46,10 +43,7 @@ "db_multi_az": "false", "db_iam_database_authentication_enabled": "false", "db_monitoring_interval": "5", - "db_enabled_cloudwatch_logs_exports": [ - "agent", - "error" - ], + "db_enabled_cloudwatch_logs_exports": ["agent", "error"], "db_performance_insights_enabled": "false", "db_deletion_protection": "true", "db_delete_automated_backups": "false", @@ -74,10 +68,7 @@ "db_multi_az": "false", "db_iam_database_authentication_enabled": "false", "db_monitoring_interval": "5", - "db_enabled_cloudwatch_logs_exports": [ - "agent", - "error" - ], + "db_enabled_cloudwatch_logs_exports": ["agent", "error"], "db_performance_insights_enabled": "false", "db_deletion_protection": "true", "db_delete_automated_backups": "false", @@ -102,10 +93,7 @@ "db_multi_az": "true", "db_iam_database_authentication_enabled": "false", "db_monitoring_interval": "5", - "db_enabled_cloudwatch_logs_exports": [ - "agent", - "error" - ], + "db_enabled_cloudwatch_logs_exports": ["agent", "error"], "db_performance_insights_enabled": "true", "db_deletion_protection": "true", "db_skip_final_snapshot": "false", @@ -114,4 +102,4 @@ "db_final_snapshot_identifier": "jitbit-prod-final" } } -} \ No newline at end of file +} diff --git a/terraform/environments/delius-jitbit/lb.tf b/terraform/environments/delius-jitbit/lb.tf index 80af0eba00c..8377340ac3a 100644 --- a/terraform/environments/delius-jitbit/lb.tf +++ b/terraform/environments/delius-jitbit/lb.tf @@ -62,7 +62,7 @@ resource "aws_security_group" "load_balancer_security_group" { # Temporary until we can validate ACM cert during migration of production # The LB SG will block inbound on HTTP 80 but this is to get the apply to work resource "aws_lb_listener" "listener-prod" { - count = local.is-production ? 1 : 0 + count = local.is-production ? 1 : 0 load_balancer_arn = aws_lb.external.id port = 80 protocol = "HTTP" @@ -81,7 +81,7 @@ resource "aws_lb_listener" "listener-prod" { } resource "aws_lb_listener" "listener" { - count = local.is-production ? 0 : 1 + count = local.is-production ? 0 : 1 load_balancer_arn = aws_lb.external.id port = 443 protocol = "HTTPS" diff --git a/terraform/environments/delius-jitbit/route53.tf b/terraform/environments/delius-jitbit/route53.tf index 0b09b1dfed8..82119597f0b 100644 --- a/terraform/environments/delius-jitbit/route53.tf +++ b/terraform/environments/delius-jitbit/route53.tf @@ -1,5 +1,5 @@ data "aws_route53_zone" "network-services-production" { - count = local.is-production ? 1 : 0 + count = local.is-production ? 1 : 0 provider = aws.core-network-services name = "jitbit.cr.probation.service.justice.gov.uk." @@ -89,7 +89,7 @@ resource "aws_route53_record" "external_validation_subdomain" { # } resource "aws_acm_certificate_validation" "external" { - count = local.is-production ? 0 : 1 # Temporary until we have a production dns delegation in place + count = local.is-production ? 0 : 1 # Temporary until we have a production dns delegation in place certificate_arn = aws_acm_certificate.external.arn validation_record_fqdns = [local.domain_name_main[0], local.domain_name_sub[0]] } diff --git a/terraform/environments/digital-prison-reporting/data.tf b/terraform/environments/digital-prison-reporting/data.tf index f77b174427f..e5b987f475d 100644 --- a/terraform/environments/digital-prison-reporting/data.tf +++ b/terraform/environments/digital-prison-reporting/data.tf @@ -53,7 +53,7 @@ data "aws_secretsmanager_secret" "slack_integration" { } data "aws_secretsmanager_secret_version" "slack_integration" { - count = local.enable_slack_alerts ? 1 : 0 + count = local.enable_slack_alerts ? 1 : 0 secret_id = data.aws_secretsmanager_secret.slack_integration[0].id } diff --git a/terraform/environments/digital-prison-reporting/domain_builder.tf b/terraform/environments/digital-prison-reporting/domain_builder.tf index abfb25eced9..2fa17c93c35 100644 --- a/terraform/environments/digital-prison-reporting/domain_builder.tf +++ b/terraform/environments/digital-prison-reporting/domain_builder.tf @@ -3,7 +3,7 @@ ########################## # Generate API Secret for Serverless Lambda Gateway module "domain_builder_api_key" { - count = local.enable_dbuilder_lambda || local.enable_domain_builder_agent ? 1 : 0 + count = local.enable_dbuilder_lambda || local.enable_domain_builder_agent ? 1 : 0 source = "./modules/secrets_manager" name = "${local.project}-domain-api-key-${local.environment}" @@ -20,7 +20,7 @@ module "domain_builder_api_key" { Resource_Group = "domain-builder" Jira = "DPR-604" Resource_Type = "Secret" - Name = "${local.project}-domain-api-key-${local.environment}" + Name = "${local.project}-domain-api-key-${local.environment}" } ) } @@ -63,7 +63,7 @@ module "domain_builder_backend_Lambda" { Resource_Group = "domain-builder" Jira = "DPR-407" Resource_Type = "lambda" - Name = local.lambda_dbuilder_name + Name = local.lambda_dbuilder_name } ) @@ -125,19 +125,19 @@ module "domain_builder_cli_agent" { app_key = "domain-builder" env_vars = { - DOMAIN_API_KEY = tostring(try(module.domain_builder_api_key[0].secret, null)) - REST_API_EXEC_ARN = tostring(try(module.domain_builder_api_gateway[0].rest_api_execution_arn, null)) - REST_API_ID = tostring(try(module.domain_builder_api_gateway[0].rest_api_id, null)) - ENV = local.env + DOMAIN_API_KEY = tostring(try(module.domain_builder_api_key[0].secret, null)) + REST_API_EXEC_ARN = tostring(try(module.domain_builder_api_gateway[0].rest_api_execution_arn, null)) + REST_API_ID = tostring(try(module.domain_builder_api_gateway[0].rest_api_id, null)) + ENV = local.env } tags = merge( local.all_tags, { - Name = "${local.project}-domain-builder-agent-${local.env}" - Resource_Type = "EC2 Instance" - Resource_Group = "domain-builder" - Name = "${local.project}-domain-builder-agent-${local.env}" + Name = "${local.project}-domain-builder-agent-${local.env}" + Resource_Type = "EC2 Instance" + Resource_Group = "domain-builder" + Name = "${local.project}-domain-builder-agent-${local.env}" } ) @@ -148,26 +148,26 @@ module "domain_builder_cli_agent" { module "domain_builder_flyway_Lambda" { source = "./modules/lambdas/generic" - enable_lambda = local.enable_dbuilder_flyway_lambda - name = local.flyway_dbuilder_name - s3_bucket = local.flyway_dbuilder_code_s3_bucket - s3_key = local.flyway_dbuilder_code_s3_key - handler = local.flyway_dbuilder_handler - runtime = local.flyway_dbuilder_runtime - policies = local.flyway_dbuilder_policies - tracing = local.flyway_dbuilder_tracing - timeout = 60 - lambda_trigger = true - trigger_bucket_arn = module.s3_artifacts_store.bucket_arn + enable_lambda = local.enable_dbuilder_flyway_lambda + name = local.flyway_dbuilder_name + s3_bucket = local.flyway_dbuilder_code_s3_bucket + s3_key = local.flyway_dbuilder_code_s3_key + handler = local.flyway_dbuilder_handler + runtime = local.flyway_dbuilder_runtime + policies = local.flyway_dbuilder_policies + tracing = local.flyway_dbuilder_tracing + timeout = 60 + lambda_trigger = true + trigger_bucket_arn = module.s3_artifacts_store.bucket_arn env_vars = { - "DB_CONNECTION_STRING" = "jdbc:postgresql://${module.domain_builder_backend_db.rds_host}/${local.rds_dbuilder_db_identifier}" - "DB_USERNAME" = local.rds_dbuilder_user - "DB_PASSWORD" = module.domain_builder_backend_db.master_password - "FLYWAY_METHOD" = "migrate" - "GIT_BRANCH" = "main" - "GIT_FOLDERS" = "backend/src/main/resources/db/migration" - "GIT_REPOSITORY" = "https://github.com/ministryofjustice/digital-prison-reporting-domain-builder" + "DB_CONNECTION_STRING" = "jdbc:postgresql://${module.domain_builder_backend_db.rds_host}/${local.rds_dbuilder_db_identifier}" + "DB_USERNAME" = local.rds_dbuilder_user + "DB_PASSWORD" = module.domain_builder_backend_db.master_password + "FLYWAY_METHOD" = "migrate" + "GIT_BRANCH" = "main" + "GIT_FOLDERS" = "backend/src/main/resources/db/migration" + "GIT_REPOSITORY" = "https://github.com/ministryofjustice/digital-prison-reporting-domain-builder" } vpc_settings = { @@ -178,8 +178,8 @@ module "domain_builder_flyway_Lambda" { tags = merge( local.all_tags, { - Name = local.flyway_dbuilder_name - Jira = "DPR-584" + Name = local.flyway_dbuilder_name + Jira = "DPR-584" Resource_Group = "domain-builder" Resource_Type = "lambda" } @@ -189,13 +189,13 @@ module "domain_builder_flyway_Lambda" { # Deploy API GW VPC Link module "domain_builder_gw_vpclink" { - count = local.include_dbuilder_gw_vpclink == true ? 1 : 0 + count = local.include_dbuilder_gw_vpclink == true ? 1 : 0 - source = "./modules/vpc_endpoint" - vpc_id = local.dpr_vpc - region = local.account_region - subnet_ids = [data.aws_subnet.data_subnets_a.id, data.aws_subnet.data_subnets_b.id, data.aws_subnet.data_subnets_c.id] - security_group_ids = local.enable_dbuilder_serverless_gw ? [aws_security_group.gateway_endpoint_sg[0].id, ] : [] + source = "./modules/vpc_endpoint" + vpc_id = local.dpr_vpc + region = local.account_region + subnet_ids = [data.aws_subnet.data_subnets_a.id, data.aws_subnet.data_subnets_b.id, data.aws_subnet.data_subnets_c.id] + security_group_ids = local.enable_dbuilder_serverless_gw ? [aws_security_group.gateway_endpoint_sg[0].id, ] : [] tags = merge( local.all_tags, @@ -209,16 +209,16 @@ module "domain_builder_gw_vpclink" { # Domain Builder API Gateway module "domain_builder_api_gateway" { - count = local.enable_dbuilder_serverless_gw == true ? 1 : 0 - - source = "./modules/apigateway/serverless-lambda-gw" - enable_gateway = local.enable_dbuilder_serverless_gw - name = local.serverless_gw_dbuilder_name - lambda_arn = module.domain_builder_backend_Lambda.lambda_invoke_arn - lambda_name = module.domain_builder_backend_Lambda.lambda_name - subnet_ids = [data.aws_subnet.data_subnets_a.id, data.aws_subnet.data_subnets_b.id, data.aws_subnet.data_subnets_c.id] - security_group_ids = local.enable_dbuilder_serverless_gw ? [aws_security_group.serverless_gw[0].id, ] : [] - endpoint_ids = [data.aws_vpc_endpoint.api.id, ] # This Endpoint is managed and provisioned by MP Team, Dev "vpce-05d9421e74348aafb" + count = local.enable_dbuilder_serverless_gw == true ? 1 : 0 + + source = "./modules/apigateway/serverless-lambda-gw" + enable_gateway = local.enable_dbuilder_serverless_gw + name = local.serverless_gw_dbuilder_name + lambda_arn = module.domain_builder_backend_Lambda.lambda_invoke_arn + lambda_name = module.domain_builder_backend_Lambda.lambda_name + subnet_ids = [data.aws_subnet.data_subnets_a.id, data.aws_subnet.data_subnets_b.id, data.aws_subnet.data_subnets_c.id] + security_group_ids = local.enable_dbuilder_serverless_gw ? [aws_security_group.serverless_gw[0].id, ] : [] + endpoint_ids = [data.aws_vpc_endpoint.api.id, ] # This Endpoint is managed and provisioned by MP Team, Dev "vpce-05d9421e74348aafb" tags = merge( local.all_tags, diff --git a/terraform/environments/digital-prison-reporting/locals.tf b/terraform/environments/digital-prison-reporting/locals.tf index c2d43618c5d..920d8f20c30 100644 --- a/terraform/environments/digital-prison-reporting/locals.tf +++ b/terraform/environments/digital-prison-reporting/locals.tf @@ -4,31 +4,31 @@ locals { project = local.application_data.accounts[local.environment].project_short_id # glue_db = local.application_data.accounts[local.environment].glue_db_name # glue_db_data_domain = local.application_data.accounts[local.environment].glue_db_data_domain - description = local.application_data.accounts[local.environment].db_description - create_db = local.application_data.accounts[local.environment].create_database - glue_job = local.application_data.accounts[local.environment].glue_job_name - create_job = local.application_data.accounts[local.environment].create_job - create_sec_conf = local.application_data.accounts[local.environment].create_security_conf - env = local.environment - s3_kms_arn = aws_kms_key.s3.arn - kinesis_kms_arn = aws_kms_key.kinesis-kms-key.arn - kinesis_kms_id = data.aws_kms_key.kinesis_kms_key.key_id - create_bucket = local.application_data.accounts[local.environment].setup_buckets - account_id = data.aws_caller_identity.current.account_id - account_region = data.aws_region.current.name - create_kinesis = local.application_data.accounts[local.environment].create_kinesis_streams - kinesis_retention_hours = local.application_data.accounts[local.environment].kinesis_retention_hours - enable_glue_registry = local.application_data.accounts[local.environment].create_glue_registries - setup_buckets = local.application_data.accounts[local.environment].setup_s3_buckets - create_glue_connection = local.application_data.accounts[local.environment].create_glue_connections - image_id = local.application_data.accounts[local.environment].ami_image_id - instance_type = local.application_data.accounts[local.environment].ec2_instance_type - create_datamart = local.application_data.accounts[local.environment].setup_redshift - redshift_cluster_name = "${local.application_data.accounts[local.environment].project_short_id}-redshift-${local.environment}" - kinesis_stream_ingestor = "${local.application_data.accounts[local.environment].project_short_id}-kinesis-ingestor-${local.environment}" + description = local.application_data.accounts[local.environment].db_description + create_db = local.application_data.accounts[local.environment].create_database + glue_job = local.application_data.accounts[local.environment].glue_job_name + create_job = local.application_data.accounts[local.environment].create_job + create_sec_conf = local.application_data.accounts[local.environment].create_security_conf + env = local.environment + s3_kms_arn = aws_kms_key.s3.arn + kinesis_kms_arn = aws_kms_key.kinesis-kms-key.arn + kinesis_kms_id = data.aws_kms_key.kinesis_kms_key.key_id + create_bucket = local.application_data.accounts[local.environment].setup_buckets + account_id = data.aws_caller_identity.current.account_id + account_region = data.aws_region.current.name + create_kinesis = local.application_data.accounts[local.environment].create_kinesis_streams + kinesis_retention_hours = local.application_data.accounts[local.environment].kinesis_retention_hours + enable_glue_registry = local.application_data.accounts[local.environment].create_glue_registries + setup_buckets = local.application_data.accounts[local.environment].setup_s3_buckets + create_glue_connection = local.application_data.accounts[local.environment].create_glue_connections + image_id = local.application_data.accounts[local.environment].ami_image_id + instance_type = local.application_data.accounts[local.environment].ec2_instance_type + create_datamart = local.application_data.accounts[local.environment].setup_redshift + redshift_cluster_name = "${local.application_data.accounts[local.environment].project_short_id}-redshift-${local.environment}" + kinesis_stream_ingestor = "${local.application_data.accounts[local.environment].project_short_id}-kinesis-ingestor-${local.environment}" # TODO: DPR-622: Delete when done - kinesis_stream_ingestor_experimental = "${local.application_data.accounts[local.environment].project_short_id}-kinesis-ingestor-experimental-${local.environment}" + kinesis_stream_ingestor_experimental = "${local.application_data.accounts[local.environment].project_short_id}-kinesis-ingestor-experimental-${local.environment}" kinesis_endpoint = "https://kinesis.eu-west-2.amazonaws.com" cloud_platform_cidr = "172.20.0.0/16" @@ -36,37 +36,37 @@ locals { generic_lambda = "${local.project}-generic-lambda" enable_generic_lambda_sg = true # True for all Envs, Common SG Group # DMS Specific - setup_dms_instance = local.application_data.accounts[local.environment].setup_dms_instance - enable_replication_task = local.application_data.accounts[local.environment].enable_dms_replication_task + setup_dms_instance = local.application_data.accounts[local.environment].setup_dms_instance + enable_replication_task = local.application_data.accounts[local.environment].enable_dms_replication_task # DataMart Specific - datamart_endpoint = jsondecode(data.aws_secretsmanager_secret_version.datamart.secret_string)["host"] - datamart_port = jsondecode(data.aws_secretsmanager_secret_version.datamart.secret_string)["port"] - datamart_username = jsondecode(data.aws_secretsmanager_secret_version.datamart.secret_string)["username"] - datamart_password = jsondecode(data.aws_secretsmanager_secret_version.datamart.secret_string)["password"] + datamart_endpoint = jsondecode(data.aws_secretsmanager_secret_version.datamart.secret_string)["host"] + datamart_port = jsondecode(data.aws_secretsmanager_secret_version.datamart.secret_string)["port"] + datamart_username = jsondecode(data.aws_secretsmanager_secret_version.datamart.secret_string)["username"] + datamart_password = jsondecode(data.aws_secretsmanager_secret_version.datamart.secret_string)["password"] # Glue Job parameters # Reporting Hub Job - reporting_hub_driver_mem = local.application_data.accounts[local.environment].reporting_hub_spark_driver_mem - reporting_hub_executor_mem = local.application_data.accounts[local.environment].reporting_hub_spark_executor_mem - reporting_hub_worker_type = local.application_data.accounts[local.environment].reporting_hub_worker_type - reporting_hub_num_workers = local.application_data.accounts[local.environment].reporting_hub_num_workers - reporting_hub_log_level = local.application_data.accounts[local.environment].reporting_hub_spark_log_level + reporting_hub_driver_mem = local.application_data.accounts[local.environment].reporting_hub_spark_driver_mem + reporting_hub_executor_mem = local.application_data.accounts[local.environment].reporting_hub_spark_executor_mem + reporting_hub_worker_type = local.application_data.accounts[local.environment].reporting_hub_worker_type + reporting_hub_num_workers = local.application_data.accounts[local.environment].reporting_hub_num_workers + reporting_hub_log_level = local.application_data.accounts[local.environment].reporting_hub_spark_log_level reporting_hub_kinesis_reader_batch_duration_seconds = local.application_data.accounts[local.environment].reporting_hub_kinesis_reader_batch_duration_seconds # Refresh Job - refresh_job_worker_type = local.application_data.accounts[local.environment].refresh_job_worker_type - refresh_job_num_workers = local.application_data.accounts[local.environment].refresh_job_num_workers - refresh_job_log_level = local.application_data.accounts[local.environment].refresh_job_log_level + refresh_job_worker_type = local.application_data.accounts[local.environment].refresh_job_worker_type + refresh_job_num_workers = local.application_data.accounts[local.environment].refresh_job_num_workers + refresh_job_log_level = local.application_data.accounts[local.environment].refresh_job_log_level # Common Policies - kms_read_access_policy = "${local.project}_kms_read_policy" - s3_read_access_policy = "${local.project}_s3_read_policy" - apigateway_get_policy = "${local.project}_apigateway_get_policy" + kms_read_access_policy = "${local.project}_kms_read_policy" + s3_read_access_policy = "${local.project}_s3_read_policy" + apigateway_get_policy = "${local.project}_apigateway_get_policy" # DPR Alerts - enable_slack_alerts = local.application_data.accounts[local.environment].enable_slack_alerts - enable_pagerduty_alerts = local.application_data.accounts[local.environment].enable_pagerduty_alerts + enable_slack_alerts = local.application_data.accounts[local.environment].enable_slack_alerts + enable_pagerduty_alerts = local.application_data.accounts[local.environment].enable_pagerduty_alerts # Domain Builder, Variables dpr_vpc = data.aws_vpc.shared.id @@ -90,7 +90,7 @@ locals { lambda_dbuilder_handler = "io.micronaut.function.aws.proxy.MicronautLambdaHandler" lambda_dbuilder_code_s3_bucket = module.s3_artifacts_store.bucket_id lambda_dbuilder_code_s3_key = "build-artifacts/domain-builder/jars/domain-builder-backend-api-vLatest-all.jar" - lambda_dbuilder_policies = [ + lambda_dbuilder_policies = [ "arn:aws:iam::${local.account_id}:policy/${local.s3_read_access_policy}", "arn:aws:iam::${local.account_id}:policy/${local.kms_read_access_policy}", "arn:aws:iam::${local.account_id}:policy/${local.project}-domain-builder-preview-policy", @@ -106,7 +106,7 @@ locals { flyway_dbuilder_policies = ["arn:aws:iam::${local.account_id}:policy/${local.s3_read_access_policy}", data.aws_iam_policy.rds_full_access.arn, ] flyway_dbuilder_tracing = "Active" enable_dbuilder_serverless_gw = local.application_data.accounts[local.environment].enable_dbuilder_serverless_gw - include_dbuilder_gw_vpclink = local.application_data.accounts[local.environment].include_dbuilder_gw_vpclink + include_dbuilder_gw_vpclink = local.application_data.accounts[local.environment].include_dbuilder_gw_vpclink serverless_gw_dbuilder_name = "${local.project}-serverless-lambda" domain_preview_database = "curated" domain_preview_s3_bucket = module.s3_domain_preview_bucket.bucket_id diff --git a/terraform/environments/digital-prison-reporting/main.tf b/terraform/environments/digital-prison-reporting/main.tf index a85e4dba90d..a0f2b5d81f9 100644 --- a/terraform/environments/digital-prison-reporting/main.tf +++ b/terraform/environments/digital-prison-reporting/main.tf @@ -417,13 +417,13 @@ module "s3_artifacts_store" { name = "${local.project}-artifact-store-${local.environment}" custom_kms_key = local.s3_kms_arn enable_notification = true # - + # Dynamic, supports multiple notifications blocks bucket_notifications = { - "lambda_function_arn" = "${module.domain_builder_flyway_Lambda.lambda_function}" - "events" = ["s3:ObjectCreated:*"] - "filter_prefix" = "build-artifacts/domain-builder/jars/" - "filter_suffix" = ".jar" + "lambda_function_arn" = "${module.domain_builder_flyway_Lambda.lambda_function}" + "events" = ["s3:ObjectCreated:*"] + "filter_prefix" = "build-artifacts/domain-builder/jars/" + "filter_suffix" = ".jar" } dependency_lambda = [module.domain_builder_flyway_Lambda.lambda_function] # Required if bucket_notications is enabled @@ -608,7 +608,7 @@ module "datamart" { # DMS Nomis Data Collector module "dms_nomis_ingestor" { source = "./modules/dms" - setup_dms_instance = local.setup_dms_instance # Disable all DMS Resources + setup_dms_instance = local.setup_dms_instance # Disable all DMS Resources enable_replication_task = local.enable_replication_task # Disable Replication Task name = "${local.project}-dms-nomis-ingestor-${local.env}" vpc_cidr = [data.aws_vpc.shared.cidr_block] @@ -633,7 +633,7 @@ module "dms_nomis_ingestor" { vpc_role_dependency = [aws_iam_role.dmsvpcrole] cloudwatch_role_dependency = [aws_iam_role.dms_cloudwatch_logs_role] - extra_attributes = "supportResetlog=TRUE" + extra_attributes = "supportResetlog=TRUE" kinesis_settings = { "include_null_and_empty" = "true" @@ -659,7 +659,7 @@ module "dms_nomis_ingestor" { # TODO: DPR-622: Delete when done module "dms_nomis_ingestor_full_load" { source = "./modules/dms_experimental" - setup_dms_instance = local.setup_dms_instance # Disable all DMS Resources + setup_dms_instance = local.setup_dms_instance # Disable all DMS Resources enable_replication_task = local.enable_replication_task # Disable Replication Task name = "${local.project}-dms-nomis-ingestor-full-load-${local.env}" vpc_cidr = [data.aws_vpc.shared.cidr_block] @@ -684,7 +684,7 @@ module "dms_nomis_ingestor_full_load" { vpc_role_dependency = [aws_iam_role.dmsvpcrole] cloudwatch_role_dependency = [aws_iam_role.dms_cloudwatch_logs_role] - extra_attributes = "supportResetlog=TRUE" + extra_attributes = "supportResetlog=TRUE" kinesis_settings = { "include_null_and_empty" = "true" diff --git a/terraform/environments/digital-prison-reporting/modules/apigateway/serverless-lambda-gw/outputs.tf b/terraform/environments/digital-prison-reporting/modules/apigateway/serverless-lambda-gw/outputs.tf index 25d2baf6946..b5ed7da6a76 100644 --- a/terraform/environments/digital-prison-reporting/modules/apigateway/serverless-lambda-gw/outputs.tf +++ b/terraform/environments/digital-prison-reporting/modules/apigateway/serverless-lambda-gw/outputs.tf @@ -1,14 +1,14 @@ output "rest_api_id" { description = "The ID of the REST API ID" - value = aws_api_gateway_rest_api.this.id + value = aws_api_gateway_rest_api.this.id } output "rest_api_arn" { description = "The ARN of the REST API ARN" - value = aws_api_gateway_rest_api.this.arn + value = aws_api_gateway_rest_api.this.arn } output "rest_api_execution_arn" { description = "The ARN of the REST API ARN" - value = aws_api_gateway_rest_api.this.execution_arn + value = aws_api_gateway_rest_api.this.execution_arn } \ No newline at end of file diff --git a/terraform/environments/digital-prison-reporting/modules/apigateway/serverless-lambda-gw/variables.tf b/terraform/environments/digital-prison-reporting/modules/apigateway/serverless-lambda-gw/variables.tf index f76b258c9cc..bd33d0f45e4 100644 --- a/terraform/environments/digital-prison-reporting/modules/apigateway/serverless-lambda-gw/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/apigateway/serverless-lambda-gw/variables.tf @@ -44,7 +44,7 @@ variable "subnet_ids" { variable "security_group_ids" { description = "An List of VPC SGroups" type = list(string) - default = [] + default = [] } variable "endpoint_ids" { diff --git a/terraform/environments/digital-prison-reporting/modules/compute_node/iam.tf b/terraform/environments/digital-prison-reporting/modules/compute_node/iam.tf index e587eecb916..e90e2f30e29 100644 --- a/terraform/environments/digital-prison-reporting/modules/compute_node/iam.tf +++ b/terraform/environments/digital-prison-reporting/modules/compute_node/iam.tf @@ -45,14 +45,14 @@ resource "aws_iam_instance_profile" "profile" { } resource "aws_iam_role_policy_attachment" "ec2-ssm-core" { - count = var.enable_compute_node ? 1 : 0 + count = var.enable_compute_node ? 1 : 0 role = aws_iam_role.instance-role[0].name policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } resource "aws_iam_role_policy_attachment" "ec2-ssm" { - count = var.enable_compute_node ? 1 : 0 + count = var.enable_compute_node ? 1 : 0 role = aws_iam_role.instance-role[0].name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM" diff --git a/terraform/environments/digital-prison-reporting/modules/compute_node/main.tf b/terraform/environments/digital-prison-reporting/modules/compute_node/main.tf index c8d88c8f028..2bc536acb36 100644 --- a/terraform/environments/digital-prison-reporting/modules/compute_node/main.tf +++ b/terraform/environments/digital-prison-reporting/modules/compute_node/main.tf @@ -134,10 +134,10 @@ resource "aws_autoscaling_group" "bastion_linux_daily" { propagate_at_launch = true } -instance_refresh { + instance_refresh { strategy = "Rolling" triggers = ["launch_template", "desired_capacity"] # You can add any argument from ASG here, if those has changes, ASG Instance Refresh will trigger - } + } dynamic "tag" { for_each = var.tags diff --git a/terraform/environments/digital-prison-reporting/modules/dms/main.tf b/terraform/environments/digital-prison-reporting/modules/dms/main.tf index 68758794fdc..0944464c8a1 100644 --- a/terraform/environments/digital-prison-reporting/modules/dms/main.tf +++ b/terraform/environments/digital-prison-reporting/modules/dms/main.tf @@ -1,6 +1,6 @@ # Create a new DMS replication instance resource "aws_dms_replication_instance" "dms" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 allocated_storage = var.replication_instance_storage apply_immediately = true @@ -38,7 +38,7 @@ data "template_file" "table-mappings" { } resource "aws_dms_replication_task" "dms-replication" { - count = var.setup_dms_instance && var.enable_replication_task ? 1 : 0 + count = var.setup_dms_instance && var.enable_replication_task ? 1 : 0 migration_type = var.migration_type replication_instance_arn = aws_dms_replication_instance.dms[0].replication_instance_arn @@ -61,7 +61,7 @@ resource "aws_dms_replication_task" "dms-replication" { # Create an endpoint for the source database resource "aws_dms_endpoint" "source" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 database_name = var.source_db_name endpoint_id = "${var.project_id}-dms-${var.short_name}-${var.dms_source_name}-source" @@ -84,7 +84,7 @@ resource "aws_dms_endpoint" "source" { # Create an endpoint for the target Kinesis resource "aws_dms_endpoint" "target" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 endpoint_id = "${var.project_id}-dms-${var.short_name}-${var.dms_target_name}-target" endpoint_type = "target" @@ -114,7 +114,7 @@ resource "aws_dms_endpoint" "target" { # Create a subnet group using existing VPC subnets resource "aws_dms_replication_subnet_group" "dms" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 replication_subnet_group_description = "DMS replication subnet group" replication_subnet_group_id = "${var.project_id}-dms-${var.short_name}-${var.dms_source_name}-${var.dms_target_name}-subnet-group" @@ -123,10 +123,10 @@ resource "aws_dms_replication_subnet_group" "dms" { # Security Groups resource "aws_security_group" "dms_sec_group" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 - name = "${var.project_id}-dms-${var.short_name}-${var.dms_source_name}-${var.dms_target_name}-security-group" - vpc_id = var.vpc + name = "${var.project_id}-dms-${var.short_name}-${var.dms_source_name}-${var.dms_target_name}-security-group" + vpc_id = var.vpc ingress { from_port = 443 diff --git a/terraform/environments/digital-prison-reporting/modules/dms/variables.tf b/terraform/environments/digital-prison-reporting/modules/dms/variables.tf index 492a0c2003b..f3939ab9acb 100644 --- a/terraform/environments/digital-prison-reporting/modules/dms/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/dms/variables.tf @@ -11,7 +11,7 @@ variable "enable_replication_task" { variable "setup_dms_instance" { description = "Enable DMS Instance, True or False" type = bool - default = false + default = false } variable "project_id" { diff --git a/terraform/environments/digital-prison-reporting/modules/dms_experimental/main.tf b/terraform/environments/digital-prison-reporting/modules/dms_experimental/main.tf index 2cfca79cbeb..e6fba79ddf9 100644 --- a/terraform/environments/digital-prison-reporting/modules/dms_experimental/main.tf +++ b/terraform/environments/digital-prison-reporting/modules/dms_experimental/main.tf @@ -1,6 +1,6 @@ # Create a new DMS replication instance resource "aws_dms_replication_instance" "dms-experimental" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 allocated_storage = var.replication_instance_storage apply_immediately = true @@ -38,7 +38,7 @@ data "template_file" "table-mappings_experimental" { } resource "aws_dms_replication_task" "dms-replication-experimental" { - count = var.setup_dms_instance && var.enable_replication_task ? 1 : 0 + count = var.setup_dms_instance && var.enable_replication_task ? 1 : 0 migration_type = var.migration_type replication_instance_arn = aws_dms_replication_instance.dms-experimental[0].replication_instance_arn @@ -62,7 +62,7 @@ resource "aws_dms_replication_task" "dms-replication-experimental" { # Create an endpoint for the source database resource "aws_dms_endpoint" "source-experimental" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 database_name = var.source_db_name endpoint_id = "${var.project_id}-dms-experimental-${var.short_name}-${var.dms_source_name}-source" @@ -84,7 +84,7 @@ resource "aws_dms_endpoint" "source-experimental" { } resource "aws_dms_endpoint" "target-experimental" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 endpoint_id = "${var.project_id}-dms-experimental-${var.short_name}-${var.dms_target_name}-target" endpoint_type = "target" @@ -114,7 +114,7 @@ resource "aws_dms_endpoint" "target-experimental" { # Create a subnet group using existing VPC subnets resource "aws_dms_replication_subnet_group" "dms-experimental" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 replication_subnet_group_description = "DMS experimental replication subnet group" replication_subnet_group_id = "${var.project_id}-dms-experimental-${var.short_name}-${var.dms_source_name}-${var.dms_target_name}-subnet-group" @@ -123,10 +123,10 @@ resource "aws_dms_replication_subnet_group" "dms-experimental" { # Security Groups resource "aws_security_group" "dms_sec_group_experimental" { - count = var.setup_dms_instance ? 1 : 0 + count = var.setup_dms_instance ? 1 : 0 - name = "${var.project_id}-dms-experimental-${var.short_name}-${var.dms_source_name}-${var.dms_target_name}-security-group" - vpc_id = var.vpc + name = "${var.project_id}-dms-experimental-${var.short_name}-${var.dms_source_name}-${var.dms_target_name}-security-group" + vpc_id = var.vpc ingress { from_port = 443 diff --git a/terraform/environments/digital-prison-reporting/modules/dms_experimental/variables.tf b/terraform/environments/digital-prison-reporting/modules/dms_experimental/variables.tf index 492a0c2003b..f3939ab9acb 100644 --- a/terraform/environments/digital-prison-reporting/modules/dms_experimental/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/dms_experimental/variables.tf @@ -11,7 +11,7 @@ variable "enable_replication_task" { variable "setup_dms_instance" { description = "Enable DMS Instance, True or False" type = bool - default = false + default = false } variable "project_id" { diff --git a/terraform/environments/digital-prison-reporting/modules/lambdas/generic/variables.tf b/terraform/environments/digital-prison-reporting/modules/lambdas/generic/variables.tf index 6bd669bc59c..9befa1f194e 100644 --- a/terraform/environments/digital-prison-reporting/modules/lambdas/generic/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/lambdas/generic/variables.tf @@ -110,7 +110,7 @@ variable "vpc_settings" { variable "lambda_trigger" { description = "Set Permissions for LAMBDA Triggers," - default = false + default = false } variable "trigger_bucket_arn" { diff --git a/terraform/environments/digital-prison-reporting/modules/lambdas/layer/variables.tf b/terraform/environments/digital-prison-reporting/modules/lambdas/layer/variables.tf index 74aef427a33..a3f248ec677 100644 --- a/terraform/environments/digital-prison-reporting/modules/lambdas/layer/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/lambdas/layer/variables.tf @@ -56,5 +56,5 @@ variable "layers" { variable "create_layer" { type = bool default = false - description = "(Optional) Create Lambda Layer, Yes Or NO" + description = "(Optional) Create Lambda Layer, Yes Or NO" } \ No newline at end of file diff --git a/terraform/environments/digital-prison-reporting/modules/notifications/eventbridge/variables.tf b/terraform/environments/digital-prison-reporting/modules/notifications/eventbridge/variables.tf index f42bc1c90b3..1fb79136b23 100644 --- a/terraform/environments/digital-prison-reporting/modules/notifications/eventbridge/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/notifications/eventbridge/variables.tf @@ -4,7 +4,7 @@ variable "rule_name" { } variable "event_pattern" { - type = string + type = string description = "(Required) Digital Prison Reporting rule event pattern." } diff --git a/terraform/environments/digital-prison-reporting/modules/s3_bucket/main.tf b/terraform/environments/digital-prison-reporting/modules/s3_bucket/main.tf index 19d6740d5a6..cfd3fde6390 100644 --- a/terraform/environments/digital-prison-reporting/modules/s3_bucket/main.tf +++ b/terraform/environments/digital-prison-reporting/modules/s3_bucket/main.tf @@ -140,16 +140,16 @@ POLICY # S3 bucket lambda trigger resource "aws_s3_bucket_notification" "aws-lambda-trigger" { - count = var.create_s3 && var.enable_notification ? 1 : 0 + count = var.create_s3 && var.enable_notification ? 1 : 0 bucket = aws_s3_bucket.storage[0].id dynamic "lambda_function" { for_each = var.bucket_notifications != null ? [true] : [] content { - lambda_function_arn = lookup(var.bucket_notifications, "lambda_function_arn", null) - events = lookup(var.bucket_notifications, "events", null) - filter_prefix = lookup(var.bucket_notifications, "filter_prefix", null) - filter_suffix = lookup(var.bucket_notifications, "filter_suffix", null) + lambda_function_arn = lookup(var.bucket_notifications, "lambda_function_arn", null) + events = lookup(var.bucket_notifications, "events", null) + filter_prefix = lookup(var.bucket_notifications, "filter_prefix", null) + filter_suffix = lookup(var.bucket_notifications, "filter_suffix", null) } } diff --git a/terraform/environments/digital-prison-reporting/modules/s3_bucket/variables.tf b/terraform/environments/digital-prison-reporting/modules/s3_bucket/variables.tf index 5c91e415bb5..f0e7d939485 100644 --- a/terraform/environments/digital-prison-reporting/modules/s3_bucket/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/s3_bucket/variables.tf @@ -80,14 +80,14 @@ variable "enable_notification" { #} variable "bucket_notifications" { - type = any + type = any description = "AWS S3 Bucket Notifications" default = { lambda_function_arn = null, - events = [], - filter_prefix = null, - filter_suffix = null - } + events = [], + filter_prefix = null, + filter_suffix = null + } } variable "dependency_lambda" { diff --git a/terraform/environments/digital-prison-reporting/modules/secrets_manager/main.tf b/terraform/environments/digital-prison-reporting/modules/secrets_manager/main.tf index 9dc091a2240..61ab2fa4ed4 100644 --- a/terraform/environments/digital-prison-reporting/modules/secrets_manager/main.tf +++ b/terraform/environments/digital-prison-reporting/modules/secrets_manager/main.tf @@ -1,5 +1,5 @@ resource "random_password" "random_string" { - count = var.generate_random ? 1 : 0 + count = var.generate_random ? 1 : 0 length = var.length lower = var.use_lower numeric = var.use_number @@ -27,7 +27,7 @@ resource "aws_secretsmanager_secret" "secret" { # value managed on ui/console resource "aws_secretsmanager_secret_version" "secret_val_remote" { - count = var.type == "MONO" && var.ignore_secret_string == true ? 1 : 0 + count = var.type == "MONO" && var.ignore_secret_string == true ? 1 : 0 secret_id = aws_secretsmanager_secret.secret.id secret_string = var.generate_random ? random_password.random_string[0].result : var.secret_value @@ -38,7 +38,7 @@ resource "aws_secretsmanager_secret_version" "secret_val_remote" { } resource "aws_secretsmanager_secret_version" "secret_val" { - count = var.type == "MONO" && var.ignore_secret_string == false ? 1 : 0 + count = var.type == "MONO" && var.ignore_secret_string == false ? 1 : 0 secret_id = aws_secretsmanager_secret.secret.id secret_string = var.generate_random ? random_password.random_string[0].result : var.secret_value @@ -46,7 +46,7 @@ resource "aws_secretsmanager_secret_version" "secret_val" { # value managed on ui/console resource "aws_secretsmanager_secret_version" "secret_key_val_remote" { - count = var.type == "KEY_VALUE" && var.ignore_secret_string == true ? 1 : 0 + count = var.type == "KEY_VALUE" && var.ignore_secret_string == true ? 1 : 0 secret_id = aws_secretsmanager_secret.secret.id secret_string = var.generate_random ? random_password.random_string[0].result : jsonencode("${var.secrets}") @@ -57,7 +57,7 @@ resource "aws_secretsmanager_secret_version" "secret_key_val_remote" { } resource "aws_secretsmanager_secret_version" "secret_key_val" { - count = var.type == "KEY_VALUE" && var.ignore_secret_string == false ? 1 : 0 + count = var.type == "KEY_VALUE" && var.ignore_secret_string == false ? 1 : 0 secret_id = aws_secretsmanager_secret.secret.id secret_string = var.generate_random ? random_password.random_string[0].result : jsonencode("${var.secrets}") diff --git a/terraform/environments/digital-prison-reporting/modules/secrets_manager/variables.tf b/terraform/environments/digital-prison-reporting/modules/secrets_manager/variables.tf index f7ea749015e..56bbce062f3 100644 --- a/terraform/environments/digital-prison-reporting/modules/secrets_manager/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/secrets_manager/variables.tf @@ -148,8 +148,8 @@ variable "type" { } variable "secret_value" { - type = string - default = "" + type = string + default = "" description = "(Optional) Value if the type is set to MONO" } diff --git a/terraform/environments/digital-prison-reporting/modules/vpc_endpoint/main.tf b/terraform/environments/digital-prison-reporting/modules/vpc_endpoint/main.tf index 64500d87050..a8038a401a1 100644 --- a/terraform/environments/digital-prison-reporting/modules/vpc_endpoint/main.tf +++ b/terraform/environments/digital-prison-reporting/modules/vpc_endpoint/main.tf @@ -6,5 +6,5 @@ resource "aws_vpc_endpoint" "this" { security_group_ids = var.security_group_ids vpc_endpoint_type = "Interface" - tags = var.tags + tags = var.tags } \ No newline at end of file diff --git a/terraform/environments/digital-prison-reporting/modules/vpc_endpoint/variables.tf b/terraform/environments/digital-prison-reporting/modules/vpc_endpoint/variables.tf index e07dd2182f7..1e857f44abc 100644 --- a/terraform/environments/digital-prison-reporting/modules/vpc_endpoint/variables.tf +++ b/terraform/environments/digital-prison-reporting/modules/vpc_endpoint/variables.tf @@ -29,7 +29,7 @@ variable "subnet_ids" { variable "security_group_ids" { description = "An List of VPC SGroups" type = list(string) - default = [] + default = [] } variable "vpc_id" { diff --git a/terraform/environments/digital-prison-reporting/notifications.tf b/terraform/environments/digital-prison-reporting/notifications.tf index 89787584c7a..e0392c64bea 100644 --- a/terraform/environments/digital-prison-reporting/notifications.tf +++ b/terraform/environments/digital-prison-reporting/notifications.tf @@ -21,7 +21,7 @@ module "notifications_sns" { module "slack_alerts" { count = local.enable_slack_alerts ? 1 : 0 - source = "./modules/notifications/email" + source = "./modules/notifications/email" sns_topic_arn = module.notifications_sns.sns_topic_arn email_url = local.enable_slack_alerts ? data.aws_secretsmanager_secret_version.slack_integration[0].secret_string : "no@email.com" @@ -40,7 +40,7 @@ module "slack_alerts" { # PagerDuty notifications module "pagerduty_notifications" { - count = local.enable_pagerduty_alerts ? 1 : 0 + count = local.enable_pagerduty_alerts ? 1 : 0 source = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v2.0.0" sns_topics = ["${local.project}-notification-topic-${local.environment}"] diff --git a/terraform/environments/digital-prison-reporting/secrets.tf b/terraform/environments/digital-prison-reporting/secrets.tf index 7f0d1be4ee9..7609fe2cd63 100644 --- a/terraform/environments/digital-prison-reporting/secrets.tf +++ b/terraform/environments/digital-prison-reporting/secrets.tf @@ -49,14 +49,14 @@ resource "aws_secretsmanager_secret_version" "redshift" { # Slack Alerts URL module "slack_alerts_url" { - count = local.enable_slack_alerts ? 1 : 0 + count = local.enable_slack_alerts ? 1 : 0 - source = "./modules/secrets_manager" - name = "${local.project}-slack-alerts-url-${local.environment}" - description = "DPR Slack Alerts URL" - type = "MONO" - secret_value = "PLACEHOLDER@EMAIL.COM" - ignore_secret_string = true + source = "./modules/secrets_manager" + name = "${local.project}-slack-alerts-url-${local.environment}" + description = "DPR Slack Alerts URL" + type = "MONO" + secret_value = "PLACEHOLDER@EMAIL.COM" + ignore_secret_string = true tags = merge( local.all_tags, @@ -64,21 +64,21 @@ module "slack_alerts_url" { Resource_Group = "monitoring" Jira = "DPR-569" Resource_Type = "Secret" - Name = "${local.project}-slack-alerts-url-${local.environment}" + Name = "${local.project}-slack-alerts-url-${local.environment}" } ) } # PagerDuty Integration Key module "pagerduty_integration_key" { - count = local.enable_pagerduty_alerts ? 1 : 0 + count = local.enable_pagerduty_alerts ? 1 : 0 - source = "./modules/secrets_manager" - name = "${local.project}-pagerduty-integration-key-${local.environment}" - description = "DPR PagerDuty Integration Key" - type = "MONO" - secret_value = "PLACEHOLDER@EMAIL.COM" - ignore_secret_string = true + source = "./modules/secrets_manager" + name = "${local.project}-pagerduty-integration-key-${local.environment}" + description = "DPR PagerDuty Integration Key" + type = "MONO" + secret_value = "PLACEHOLDER@EMAIL.COM" + ignore_secret_string = true tags = merge( local.all_tags, diff --git a/terraform/environments/digital-prison-reporting/sg.tf b/terraform/environments/digital-prison-reporting/sg.tf index 5641fb7f90e..9761e4873db 100644 --- a/terraform/environments/digital-prison-reporting/sg.tf +++ b/terraform/environments/digital-prison-reporting/sg.tf @@ -92,7 +92,7 @@ resource "aws_security_group_rule" "serverless_gw_egress" { # VPC Gateway Endpoint SG resource "aws_security_group" "gateway_endpoint_sg" { - count = local.include_dbuilder_gw_vpclink ? 1 : 0 + count = local.include_dbuilder_gw_vpclink ? 1 : 0 name = "${local.serverless_gw_dbuilder_name}-sg" description = "Allow HTTPS inbound traffic" diff --git a/terraform/environments/digital-prison-reporting/transfer_component.tf b/terraform/environments/digital-prison-reporting/transfer_component.tf index 16afd7e0c09..f2adb3c8169 100644 --- a/terraform/environments/digital-prison-reporting/transfer_component.tf +++ b/terraform/environments/digital-prison-reporting/transfer_component.tf @@ -1,38 +1,38 @@ # Domain Builder Flyway Lambda module "transfer_comp_lambda_layer" { - source = "./modules/lambdas/layer" - - create_layer = local.create_transfercomp_lambda_layer - layer_name = local.lambda_transfercomp_layer_name - description = "Redshift JDBC Depedency Jar for Flyway Lambda" - license_info = "HMPPS, MOJ Reporting Team" - local_file = "transfer-component/redshift_dependency.zip" - compatible_runtimes = ["java11"] + source = "./modules/lambdas/layer" + + create_layer = local.create_transfercomp_lambda_layer + layer_name = local.lambda_transfercomp_layer_name + description = "Redshift JDBC Depedency Jar for Flyway Lambda" + license_info = "HMPPS, MOJ Reporting Team" + local_file = "transfer-component/redshift_dependency.zip" + compatible_runtimes = ["java11"] } module "transfer_comp_Lambda" { - source = "./modules/lambdas/generic" - - enable_lambda = local.enable_transfercomp_lambda - name = local.lambda_transfercomp_name - s3_bucket = local.lambda_transfercomp_code_s3_bucket - s3_key = local.lambda_transfercomp_code_s3_key - handler = local.lambda_transfercomp_handler - runtime = local.lambda_transfercomp_runtime - policies = local.lambda_transfercomp_policies - tracing = local.lambda_transfercomp_tracing - timeout = 60 - lambda_trigger = false - layers = [ module.transfer_comp_lambda_layer.lambda_layer_arn, ] + source = "./modules/lambdas/generic" + + enable_lambda = local.enable_transfercomp_lambda + name = local.lambda_transfercomp_name + s3_bucket = local.lambda_transfercomp_code_s3_bucket + s3_key = local.lambda_transfercomp_code_s3_key + handler = local.lambda_transfercomp_handler + runtime = local.lambda_transfercomp_runtime + policies = local.lambda_transfercomp_policies + tracing = local.lambda_transfercomp_tracing + timeout = 60 + lambda_trigger = false + layers = [module.transfer_comp_lambda_layer.lambda_layer_arn, ] env_vars = { - "DB_CONNECTION_STRING" = "jdbc:redshift://${local.datamart_endpoint}/datamart" - "DB_USERNAME" = local.datamart_username - "DB_PASSWORD" = local.datamart_password - "FLYWAY_METHOD" = "check" - "GIT_FOLDERS" = "migrations/development/redshift/sql" # Comma Seperated - "GIT_REPOSITORY" = "https://github.com/ministryofjustice/digital-prison-reporting-transfer-component" + "DB_CONNECTION_STRING" = "jdbc:redshift://${local.datamart_endpoint}/datamart" + "DB_USERNAME" = local.datamart_username + "DB_PASSWORD" = local.datamart_password + "FLYWAY_METHOD" = "check" + "GIT_FOLDERS" = "migrations/development/redshift/sql" # Comma Seperated + "GIT_REPOSITORY" = "https://github.com/ministryofjustice/digital-prison-reporting-transfer-component" } vpc_settings = { @@ -43,8 +43,8 @@ module "transfer_comp_Lambda" { tags = merge( local.all_tags, { - Name = local.lambda_transfercomp_name - Jira = "DPR-504" + Name = local.lambda_transfercomp_name + Jira = "DPR-504" Resource_Group = "transfer-component" Resource_Type = "lambda" } diff --git a/terraform/environments/long-term-storage/remote-supervision.tf b/terraform/environments/long-term-storage/remote-supervision.tf index 6452ceafe24..57ddf555158 100644 --- a/terraform/environments/long-term-storage/remote-supervision.tf +++ b/terraform/environments/long-term-storage/remote-supervision.tf @@ -4,14 +4,14 @@ module "remote_supervision_s3" { source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0" - bucket_prefix = "remote-supervision" - versioning_enabled = true + bucket_prefix = "remote-supervision" + versioning_enabled = true # to disable ACLs in preference of BucketOwnership controls as per https://aws.amazon.com/blogs/aws/heads-up-amazon-s3-security-changes-are-coming-in-april-of-2023/ set: ownership_controls = "BucketOwnerEnforced" # Refer to the below section "Replication" before enabling replication - replication_enabled = false + replication_enabled = false # Below two variables and providers configuration are only relevant if 'replication_enabled' is set to true # replication_region = "eu-west-2" # replication_role_arn = module.s3-bucket-replication-role.role.arn diff --git a/terraform/environments/mojfin/locals.tf b/terraform/environments/mojfin/locals.tf index 98ca0d83c8a..da8d375c14f 100644 --- a/terraform/environments/mojfin/locals.tf +++ b/terraform/environments/mojfin/locals.tf @@ -41,9 +41,9 @@ locals { read_latency_evaluation_period = "5" # PagerDuty Integration - sns_topic_name = "${local.application_name}-${local.environment}-alerting-topic" - pagerduty_integration_keys = jsondecode(data.aws_secretsmanager_secret_version.pagerduty_integration_keys.secret_string) - pagerduty_integration_key_name = local.application_data.accounts[local.environment].pagerduty_integration_key_name + sns_topic_name = "${local.application_name}-${local.environment}-alerting-topic" + pagerduty_integration_keys = jsondecode(data.aws_secretsmanager_secret_version.pagerduty_integration_keys.secret_string) + pagerduty_integration_key_name = local.application_data.accounts[local.environment].pagerduty_integration_key_name # DB Link Secrets dblink_secrets = { diff --git a/terraform/environments/mojfin/rds.tf b/terraform/environments/mojfin/rds.tf index 056988edb2b..7eba13bb06a 100644 --- a/terraform/environments/mojfin/rds.tf +++ b/terraform/environments/mojfin/rds.tf @@ -194,9 +194,9 @@ resource "aws_db_instance" "appdb1" { storage_encrypted = true apply_immediately = false # snapshot_identifier = format("arn:aws:rds:eu-west-2:%s:snapshot:%s", data.aws_caller_identity.current.account_id,local.application_data.accounts[local.environment].mojfinrdssnapshotid) - kms_key_id = data.aws_kms_key.rds_shared.arn - multi_az = true - option_group_name = aws_db_option_group.mojfin.name + kms_key_id = data.aws_kms_key.rds_shared.arn + multi_az = true + option_group_name = aws_db_option_group.mojfin.name # restore_to_point_in_time { # restore_time = "2023-07-04T14:54:00Z" diff --git a/terraform/environments/ncas/README.md b/terraform/environments/ncas/README.md index 391e756f5f9..99a1f2792b5 100644 --- a/terraform/environments/ncas/README.md +++ b/terraform/environments/ncas/README.md @@ -17,11 +17,11 @@ The Neutral Citation Allocation System (NCAS) is a business critical application ### **Service URLs:** -Dev: https://ncas.hmcts-development.modernisation-platform.service.justice.gov.uk/ +Dev: -Preproduction: https://ncas.hmcts-preproduction.modernisation-platform.service.justice.gov.uk/ +Preproduction: -Prod: https://neutral-citation-allocation.service.justice.gov.uk +Prod: ### **Incident response hours:** diff --git a/terraform/environments/nomis-combined-reporting/locals_bip.tf b/terraform/environments/nomis-combined-reporting/locals_bip.tf index 66bcc61d072..09f82391415 100644 --- a/terraform/environments/nomis-combined-reporting/locals_bip.tf +++ b/terraform/environments/nomis-combined-reporting/locals_bip.tf @@ -3,12 +3,12 @@ locals { bip_ssm_parameters = { prefix = "/bi-platform/" parameters = { - bobj_account_password = { description = "bobj account password" } - oracle_account_password = { description = "oracle account password" } - product_key = { description = "BIP product key" } - oracle_cms_tnsname = { description = "Oracle TNS name for CMS repository" } - oracle_cms_username = { description = "Oracle username for CMS repository" } - oracle_cms_password = { description = "Oracle password for CMS repository" } + bobj_account_password = { description = "bobj account password" } + oracle_account_password = { description = "oracle account password" } + product_key = { description = "BIP product key" } + oracle_cms_tnsname = { description = "Oracle TNS name for CMS repository" } + oracle_cms_username = { description = "Oracle username for CMS repository" } + oracle_cms_password = { description = "Oracle password for CMS repository" } } } @@ -104,7 +104,7 @@ locals { instance_type = "t3.large" vpc_security_group_ids = ["private"] }) - + user_data_cloud_init = module.baseline_presets.ec2_instance.user_data_cloud_init.ssm_agent_and_ansible autoscaling_group = module.baseline_presets.ec2_autoscaling_group.default diff --git a/terraform/environments/nomis-combined-reporting/locals_database.tf b/terraform/environments/nomis-combined-reporting/locals_database.tf index fff7d5a4bc6..f0c22fd01c7 100644 --- a/terraform/environments/nomis-combined-reporting/locals_database.tf +++ b/terraform/environments/nomis-combined-reporting/locals_database.tf @@ -12,15 +12,15 @@ locals { user_data_cloud_init = module.baseline_presets.ec2_instance.user_data_cloud_init.ssm_agent_and_ansible ebs_volumes = { - "/dev/sdb" = { type = "gp3", label = "app", size = 100 } # /u01 - "/dev/sdc" = { type = "gp3", label = "app", size = 100 } # /u02 - "/dev/sde" = { type = "gp3", label = "data"} # DATA01 - "/dev/sdf" = { type = "gp3", label = "data"} # DATA02 - "/dev/sdg" = { type = "gp3", label = "data"} # DATA03 - "/dev/sdh" = { type = "gp3", label = "data"} # DATA04 - "/dev/sdi" = { type = "gp3", label = "data"} # DATA05 - "/dev/sdj" = { type = "gp3", label = "flash" } # FLASH01 - "/dev/sdk" = { type = "gp3", label = "flash" } # FLASH02 + "/dev/sdb" = { type = "gp3", label = "app", size = 100 } # /u01 + "/dev/sdc" = { type = "gp3", label = "app", size = 100 } # /u02 + "/dev/sde" = { type = "gp3", label = "data" } # DATA01 + "/dev/sdf" = { type = "gp3", label = "data" } # DATA02 + "/dev/sdg" = { type = "gp3", label = "data" } # DATA03 + "/dev/sdh" = { type = "gp3", label = "data" } # DATA04 + "/dev/sdi" = { type = "gp3", label = "data" } # DATA05 + "/dev/sdj" = { type = "gp3", label = "flash" } # FLASH01 + "/dev/sdk" = { type = "gp3", label = "flash" } # FLASH02 "/dev/sds" = { type = "gp3", label = "swap" } } diff --git a/terraform/environments/nomis-combined-reporting/locals_production.tf b/terraform/environments/nomis-combined-reporting/locals_production.tf index 706badb1e0f..b1029b58843 100644 --- a/terraform/environments/nomis-combined-reporting/locals_production.tf +++ b/terraform/environments/nomis-combined-reporting/locals_production.tf @@ -15,7 +15,7 @@ locals { } "production.reporting.nomis.service.justice.gov.uk" = { } - + } } diff --git a/terraform/environments/nomis-combined-reporting/locals_test.tf b/terraform/environments/nomis-combined-reporting/locals_test.tf index e1b395dd623..d41d2878e1b 100644 --- a/terraform/environments/nomis-combined-reporting/locals_test.tf +++ b/terraform/environments/nomis-combined-reporting/locals_test.tf @@ -35,28 +35,28 @@ locals { baseline_ssm_parameters = { # T1 - "t1-ncr-tomcat" = local.tomcat_ssm_parameters - "t1-ncr-bip" = local.bip_ssm_parameters + "t1-ncr-tomcat" = local.tomcat_ssm_parameters + "t1-ncr-bip" = local.bip_ssm_parameters } baseline_ec2_instances = { t1-ncr-bip-cmc = merge(local.bi-platform_ec2_default, { tags = merge(local.bi-platform_ec2_default.tags, { - description = "For testing SAP BI CMC installation and configurations" - server-type = "ncr-bip-cmc" + description = "For testing SAP BI CMC installation and configurations" + server-type = "ncr-bip-cmc" nomis-combined-reporting-environment = "t1" }) }) t1-ncr-db-1-a = merge(local.database_ec2_default, { tags = merge(local.database_ec2_default.tags, { - description = "T1 NCR DATABASE" + description = "T1 NCR DATABASE" nomis-combined-reporting-environment = "t1" - oracle-sids = "T1BIPSYS T1BIPAUD" - instance-scheduling = "skip-scheduling" + oracle-sids = "T1BIPSYS T1BIPAUD" + instance-scheduling = "skip-scheduling" }) }) } - + baseline_ec2_autoscaling_groups = { t1-ncr-tomcat = merge(local.tomcat_ec2_default, { @@ -66,7 +66,7 @@ locals { vpc_zone_identifier = module.environment.subnets["private"].ids } tags = merge(local.tomcat_ec2_default.tags, { - description = "For testing SAP tomcat installation and configurations" + description = "For testing SAP tomcat installation and configurations" nomis-combined-reporting-environment = "t1" }) }) @@ -78,7 +78,7 @@ locals { vpc_zone_identifier = module.environment.subnets["private"].ids } tags = merge(local.bi-platform_ec2_default.tags, { - description = "For testing BIP 4.3 installation and configurations" + description = "For testing BIP 4.3 installation and configurations" nomis-combined-reporting-environment = "t1" }) }) diff --git a/terraform/environments/nomis-combined-reporting/locals_tomcat.tf b/terraform/environments/nomis-combined-reporting/locals_tomcat.tf index f4557c08778..c69d28ad60b 100644 --- a/terraform/environments/nomis-combined-reporting/locals_tomcat.tf +++ b/terraform/environments/nomis-combined-reporting/locals_tomcat.tf @@ -3,11 +3,11 @@ locals { tomcat_ssm_parameters = { prefix = "/tomcat/" parameters = { - bobj_password = { description = "bobj account password" } - oracle_password = { description = "oracle account password" } - product_key = { description = "BIP product key" } - cms_name = { description = "Name of the BIP CMS machine" } - cms_password = { description = "CMS password for host machine" } + bobj_password = { description = "bobj account password" } + oracle_password = { description = "oracle account password" } + product_key = { description = "BIP product key" } + cms_name = { description = "Name of the BIP CMS machine" } + cms_password = { description = "CMS password for host machine" } } } @@ -98,7 +98,7 @@ locals { tomcat_ec2_default = { config = merge(module.baseline_presets.ec2_instance.config.default, { - ami_name = "base_rhel_8_5_*" + ami_name = "base_rhel_8_5_*" ssm_parameters_prefix = "tomcat/" iam_resource_names_prefix = "ec2-tomcat" }) diff --git a/terraform/environments/nomis-data-hub/locals.tf b/terraform/environments/nomis-data-hub/locals.tf index cee25c4fb0e..01dfea4ac97 100644 --- a/terraform/environments/nomis-data-hub/locals.tf +++ b/terraform/environments/nomis-data-hub/locals.tf @@ -10,7 +10,7 @@ locals { production = local.production_config } baseline_environment_config = local.environment_configs[local.environment] - environment_config = local.environment_configs[local.environment] + environment_config = local.environment_configs[local.environment] ndh_secrets = [ "ndh_admin_user", "ndh_admin_pass", @@ -38,7 +38,7 @@ locals { } } } - + baseline_s3_buckets = { s3-bucket = { iam_policies = module.baseline_presets.s3_iam_policies diff --git a/terraform/environments/oasys/locals.tf b/terraform/environments/oasys/locals.tf index 021164e16fd..0ecd86f179d 100644 --- a/terraform/environments/oasys/locals.tf +++ b/terraform/environments/oasys/locals.tf @@ -44,7 +44,7 @@ locals { }) cloudwatch_metric_alarms = {} user_data_cloud_init = module.baseline_presets.ec2_instance.user_data_cloud_init.ssm_agent_ansible_no_tags - autoscaling_schedules = { + autoscaling_schedules = { "scale_up" = { recurrence = "0 5 * * Mon-Fri" } @@ -53,7 +53,7 @@ locals { recurrence = "0 19 * * Mon-Fri" } } - autoscaling_group = module.baseline_presets.ec2_autoscaling_group.default + autoscaling_group = module.baseline_presets.ec2_autoscaling_group.default lb_target_groups = { pv-http-8080 = local.target_group_http_8080 pb-http-8080 = local.target_group_http_8080 @@ -219,8 +219,8 @@ locals { availability_zone = "${local.region}a" }) instance = merge(module.baseline_presets.ec2_instance.instance.default, { - instance_type = "t3.xlarge" - monitoring = true + instance_type = "t3.xlarge" + monitoring = true }) cloudwatch_metric_alarms = {} user_data_cloud_init = module.baseline_presets.ec2_instance.user_data_cloud_init.ssm_agent_ansible_no_tags diff --git a/terraform/environments/oasys/locals_security_groups.tf b/terraform/environments/oasys/locals_security_groups.tf index c35f532c8bf..a0f26bc0e54 100644 --- a/terraform/environments/oasys/locals_security_groups.tf +++ b/terraform/environments/oasys/locals_security_groups.tf @@ -179,7 +179,7 @@ locals { local.security_group_cidrs.https_internal, local.security_group_cidrs.https_external, ])) - security_groups = ["private_lb","public_lb"] + security_groups = ["private_lb", "public_lb"] } http8080 = { description = "Allow http8080 ingress" @@ -190,7 +190,7 @@ locals { local.security_group_cidrs.https_internal, local.security_group_cidrs.https_external, ])) - security_groups = ["private_lb","public_lb"] + security_groups = ["private_lb", "public_lb"] } } egress = { diff --git a/terraform/environments/oasys/locals_test.tf b/terraform/environments/oasys/locals_test.tf index c9118fdb98b..cbaba54b33e 100644 --- a/terraform/environments/oasys/locals_test.tf +++ b/terraform/environments/oasys/locals_test.tf @@ -32,7 +32,7 @@ locals { # "${local.application_name}-environment" = "t2" # }) # }) - + ## ## T1 ## @@ -164,10 +164,10 @@ locals { enable_delete_protection = false existing_target_groups = { } - idle_timeout = 60 # 60 is default - security_groups = ["public_lb"] - public_subnets = module.environment.subnets["public"].ids - tags = local.tags + idle_timeout = 60 # 60 is default + security_groups = ["public_lb"] + public_subnets = module.environment.subnets["public"].ids + tags = local.tags listeners = { https = { @@ -245,8 +245,8 @@ locals { } } private = { - internal_lb = true - access_logs = false + internal_lb = true + access_logs = false # s3_versioning = false force_destroy_bucket = true enable_delete_protection = false @@ -342,8 +342,8 @@ locals { # # "${local.application_name}.service.justice.gov.uk" = { # lb_alias_records = [ - # { name = "t2", type = "A", lbs_map_key = "public" }, # t2.oasys.service.justice.gov.uk # need to add an ns record to oasys.service.justice.gov.uk -> t2, - # { name = "db.t2", type = "A", lbs_map_key = "public" }, # db.t2.oasys.service.justice.gov.uk currently pointing to azure db T2ODL0009 + # { name = "t2", type = "A", lbs_map_key = "public" }, # t2.oasys.service.justice.gov.uk # need to add an ns record to oasys.service.justice.gov.uk -> t2, + # { name = "db.t2", type = "A", lbs_map_key = "public" }, # db.t2.oasys.service.justice.gov.uk currently pointing to azure db T2ODL0009 # ] # } # "t1.${local.application_name}.service.justice.gov.uk" = { diff --git a/terraform/environments/performance-hub/application_variables.json b/terraform/environments/performance-hub/application_variables.json index ce55c282ad9..d6260a02783 100644 --- a/terraform/environments/performance-hub/application_variables.json +++ b/terraform/environments/performance-hub/application_variables.json @@ -16,7 +16,7 @@ "container_memory": "3072", "task_definition_volume": "upload_volume", "network_mode": "none", - "db_enabled" : false, + "db_enabled": false, "db_instance_class": "db.m5.large", "db_user": "admin", "db_allocated_storage": "100", diff --git a/terraform/environments/portal/acm_certificate.tf b/terraform/environments/portal/acm_certificate.tf index 891aa1c334d..b2a1fa44e67 100644 --- a/terraform/environments/portal/acm_certificate.tf +++ b/terraform/environments/portal/acm_certificate.tf @@ -1,10 +1,10 @@ resource "aws_acm_certificate" "legalservices_cert" { - domain_name = "${local.application_data.accounts[local.environment].acm_alt_domain_name}" + domain_name = local.application_data.accounts[local.environment].acm_alt_domain_name # subject_alternative_names = ["${local.application_data.accounts[local.environment].acm_alt_domain_name}"] validation_method = "DNS" - - - tags = merge( + + + tags = merge( local.tags, { Name = "laa-${local.application_name}-${local.environment}" } ) diff --git a/terraform/environments/portal/application_variables.json b/terraform/environments/portal/application_variables.json index 9093f1cbd37..d40d8d1705e 100644 --- a/terraform/environments/portal/application_variables.json +++ b/terraform/environments/portal/application_variables.json @@ -36,9 +36,8 @@ "hosted_zone": "aws.dev.legalservices.gov.uk", "acm_domain_name": "dev.legalservices.gov.uk", "acm_alt_domain_name": "*.dev.legalservices.gov.uk", - "fqdn": "portal.dev.legalservices.gov.uk", + "fqdn": "portal.dev.legalservices.gov.uk", "landing_zone_vpc_cidr": "10.202.0.0/20" - }, "test": { "example_var": "test-data", diff --git a/terraform/environments/portal/cloudfront.tf b/terraform/environments/portal/cloudfront.tf index b1f8dbfad5a..6888ba6324e 100644 --- a/terraform/environments/portal/cloudfront.tf +++ b/terraform/environments/portal/cloudfront.tf @@ -1,5 +1,5 @@ locals { -cloudfront_validation_records = { + cloudfront_validation_records = { for dvo in aws_acm_certificate.cloudfront.domain_validation_options : dvo.domain_name => { name = dvo.resource_record_name record = dvo.resource_record_value @@ -18,7 +18,7 @@ cloudfront_validation_records = { } } -validation_records_cloudfront = { + validation_records_cloudfront = { for key, value in local.cloudfront_validation_records : key => { name = value.name record = value.record @@ -106,7 +106,7 @@ resource "aws_s3_bucket_server_side_encryption_configuration" "cloudfront" { } resource "aws_s3_bucket_public_access_block" "cloudfront" { - bucket = aws_s3_bucket.cloudfront.id + bucket = aws_s3_bucket.cloudfront.id block_public_acls = true block_public_policy = true ignore_public_acls = true @@ -136,7 +136,7 @@ data "aws_iam_policy_document" "portal_error_page_bucket_policy" { } resource "aws_cloudfront_distribution" "external" { - http_version = "http2" + http_version = "http2" origin { domain_name = aws_lb.external.dns_name origin_id = aws_lb.external.id @@ -158,10 +158,10 @@ resource "aws_cloudfront_distribution" "external" { } } origin { - domain_name = aws_s3_bucket.portalerrorpagebucket.bucket_regional_domain_name - origin_id = local.s3_origin_id + domain_name = aws_s3_bucket.portalerrorpagebucket.bucket_regional_domain_name + origin_id = local.s3_origin_id s3_origin_config { - origin_access_identity = aws_cloudfront_origin_access_identity.portalerrorpagebucket.cloudfront_access_identity_path + origin_access_identity = aws_cloudfront_origin_access_identity.portalerrorpagebucket.cloudfront_access_identity_path } origin_shield { enabled = false @@ -179,118 +179,118 @@ resource "aws_cloudfront_distribution" "external" { forwarded_values { query_string = true cookies { - forward = "all" + forward = "all" } } viewer_protocol_policy = "redirect-to-https" } ordered_cache_behavior { - target_origin_id = local.s3_origin_id - smooth_streaming = false - path_pattern = "/error-pages/*" - min_ttl = 0 - default_ttl = 0 - allowed_methods = ["GET", "HEAD"] - cached_methods = ["HEAD", "GET"] - forwarded_values { - query_string = false - cookies { - forward = "all" - } + target_origin_id = local.s3_origin_id + smooth_streaming = false + path_pattern = "/error-pages/*" + min_ttl = 0 + default_ttl = 0 + allowed_methods = ["GET", "HEAD"] + cached_methods = ["HEAD", "GET"] + forwarded_values { + query_string = false + cookies { + forward = "all" } - viewer_protocol_policy = "redirect-to-https" } + viewer_protocol_policy = "redirect-to-https" + } - ordered_cache_behavior { - target_origin_id = aws_lb.external.id - smooth_streaming = false - path_pattern = "*.png" - min_ttl = 0 - default_ttl = 0 - allowed_methods = ["GET", "HEAD"] - cached_methods = ["HEAD", "GET"] - forwarded_values { - query_string = false - headers = ["Host", "User-Agent"] - cookies { - forward = "all" - } + ordered_cache_behavior { + target_origin_id = aws_lb.external.id + smooth_streaming = false + path_pattern = "*.png" + min_ttl = 0 + default_ttl = 0 + allowed_methods = ["GET", "HEAD"] + cached_methods = ["HEAD", "GET"] + forwarded_values { + query_string = false + headers = ["Host", "User-Agent"] + cookies { + forward = "all" } - viewer_protocol_policy = "redirect-to-https" } + viewer_protocol_policy = "redirect-to-https" + } - ordered_cache_behavior { - target_origin_id = aws_lb.external.id - smooth_streaming = false - path_pattern = "*.jpg" - min_ttl = 0 - default_ttl = 0 - allowed_methods = ["GET", "HEAD"] - cached_methods = ["HEAD", "GET"] - forwarded_values { - query_string = false - headers = ["Host", "User-Agent"] - cookies { - forward = "all" - } + ordered_cache_behavior { + target_origin_id = aws_lb.external.id + smooth_streaming = false + path_pattern = "*.jpg" + min_ttl = 0 + default_ttl = 0 + allowed_methods = ["GET", "HEAD"] + cached_methods = ["HEAD", "GET"] + forwarded_values { + query_string = false + headers = ["Host", "User-Agent"] + cookies { + forward = "all" } - viewer_protocol_policy = "redirect-to-https" } + viewer_protocol_policy = "redirect-to-https" + } - ordered_cache_behavior { - target_origin_id = aws_lb.external.id - smooth_streaming = false - path_pattern = "*.gif" - min_ttl = 0 - default_ttl = 0 - allowed_methods = ["GET", "HEAD"] - cached_methods = ["HEAD", "GET"] - forwarded_values { - query_string = false - headers = ["Host", "User-Agent"] - cookies { - forward = "all" - } + ordered_cache_behavior { + target_origin_id = aws_lb.external.id + smooth_streaming = false + path_pattern = "*.gif" + min_ttl = 0 + default_ttl = 0 + allowed_methods = ["GET", "HEAD"] + cached_methods = ["HEAD", "GET"] + forwarded_values { + query_string = false + headers = ["Host", "User-Agent"] + cookies { + forward = "all" } - viewer_protocol_policy = "redirect-to-https" } + viewer_protocol_policy = "redirect-to-https" + } - ordered_cache_behavior { - target_origin_id = aws_lb.external.id - smooth_streaming = false - path_pattern = "*.css" - min_ttl = 0 - default_ttl = 0 - allowed_methods = ["GET", "HEAD"] - cached_methods = ["HEAD", "GET"] - forwarded_values { - query_string = false - headers = ["Host", "User-Agent"] - cookies { - forward = "all" - } + ordered_cache_behavior { + target_origin_id = aws_lb.external.id + smooth_streaming = false + path_pattern = "*.css" + min_ttl = 0 + default_ttl = 0 + allowed_methods = ["GET", "HEAD"] + cached_methods = ["HEAD", "GET"] + forwarded_values { + query_string = false + headers = ["Host", "User-Agent"] + cookies { + forward = "all" } - viewer_protocol_policy = "redirect-to-https" } + viewer_protocol_policy = "redirect-to-https" + } - ordered_cache_behavior { - target_origin_id = aws_lb.external.id - smooth_streaming = false - path_pattern = "*.js" - min_ttl = 0 - default_ttl = 0 - allowed_methods = ["GET", "HEAD"] - cached_methods = ["HEAD", "GET"] - forwarded_values { - query_string = false - headers = ["Host", "User-Agent"] - cookies { - forward = "all" - } + ordered_cache_behavior { + target_origin_id = aws_lb.external.id + smooth_streaming = false + path_pattern = "*.js" + min_ttl = 0 + default_ttl = 0 + allowed_methods = ["GET", "HEAD"] + cached_methods = ["HEAD", "GET"] + forwarded_values { + query_string = false + headers = ["Host", "User-Agent"] + cookies { + forward = "all" } - viewer_protocol_policy = "redirect-to-https" } + viewer_protocol_policy = "redirect-to-https" + } price_class = "PriceClass_100" @@ -305,28 +305,28 @@ resource "aws_cloudfront_distribution" "external" { bucket = aws_s3_bucket.cloudfront.bucket_domain_name prefix = local.application_name } - web_acl_id = aws_wafv2_web_acl.wafv2_acl.arn + web_acl_id = aws_wafv2_web_acl.wafv2_acl.arn custom_error_response { - error_code = 404 - response_code = 404 - response_page_path = "/error-pages/not_found.html" - error_caching_min_ttl = 5 + error_code = 404 + response_code = 404 + response_page_path = "/error-pages/not_found.html" + error_caching_min_ttl = 5 } - custom_error_response { - error_code = 502 - response_code = 502 - response_page_path = "/error-pages/error.html" - error_caching_min_ttl = 5 - } + custom_error_response { + error_code = 502 + response_code = 502 + response_page_path = "/error-pages/error.html" + error_caching_min_ttl = 5 + } - custom_error_response { - error_code = 503 - response_code = 503 - response_page_path = "/error-pages/error.html" - error_caching_min_ttl = 5 - } + custom_error_response { + error_code = 503 + response_code = 503 + response_page_path = "/error-pages/error.html" + error_caching_min_ttl = 5 + } restrictions { geo_restriction { diff --git a/terraform/environments/portal/external_alb.tf b/terraform/environments/portal/external_alb.tf index 4f197a34a46..4b1b9ff7246 100644 --- a/terraform/environments/portal/external_alb.tf +++ b/terraform/environments/portal/external_alb.tf @@ -166,7 +166,7 @@ resource "aws_lb_listener" "external" { load_balancer_arn = aws_lb.external.arn port = local.external_lb_port - protocol = "HTTPS" + protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-2016-08" certificate_arn = aws_acm_certificate_validation.external_lb_certificate_validation[0].certificate_arn diff --git a/terraform/environments/portal/idm_ec2.tf b/terraform/environments/portal/idm_ec2.tf index 140c0b76265..81bf5461f06 100644 --- a/terraform/environments/portal/idm_ec2.tf +++ b/terraform/environments/portal/idm_ec2.tf @@ -276,7 +276,7 @@ resource "aws_instance" "idm_instance_1" { user_data_replace_on_change = true tags = merge( - {"instance-scheduling" = "skip-scheduling"}, + { "instance-scheduling" = "skip-scheduling" }, local.tags, { "Name" = "${local.application_name} IDM Instance 1" }, local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" } @@ -295,7 +295,7 @@ resource "aws_instance" "idm_instance_2" { user_data_base64 = base64encode(local.oam_2_userdata) tags = merge( - {"instance-scheduling" = "skip-scheduling"}, + { "instance-scheduling" = "skip-scheduling" }, local.tags, { "Name" = "${local.application_name} IDM Instance 2" }, local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" } diff --git a/terraform/environments/portal/internal_alb.tf b/terraform/environments/portal/internal_alb.tf index 662f8296c42..f1044cef9cc 100644 --- a/terraform/environments/portal/internal_alb.tf +++ b/terraform/environments/portal/internal_alb.tf @@ -60,9 +60,9 @@ resource "aws_lb_listener" "https_internal" { load_balancer_arn = aws_lb.internal.arn port = local.internal_lb_https_port - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-2016-08" - certificate_arn = aws_acm_certificate_validation.external_lb_certificate_validation[0].certificate_arn + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + certificate_arn = aws_acm_certificate_validation.external_lb_certificate_validation[0].certificate_arn default_action { type = "forward" diff --git a/terraform/environments/portal/locals.tf b/terraform/environments/portal/locals.tf index ae229fec493..27b0d480575 100644 --- a/terraform/environments/portal/locals.tf +++ b/terraform/environments/portal/locals.tf @@ -35,7 +35,7 @@ locals { } - route53_zones = merge({ + route53_zones = merge({ for key, value in data.aws_route53_zone.core_network_services : key => merge(value, { provider = "core-network-services" }) @@ -51,9 +51,9 @@ locals { for key, value in data.aws_route53_zone.portal-dev-private : key => merge(value, { provider = "core-network-services" }) - }) + }) - validation_records_external_lb = { + validation_records_external_lb = { for key, value in local.external_lb_validation_records : key => { name = value.name record = value.record @@ -61,14 +61,14 @@ locals { } if value.zone.provider == "external" } - external_validation_records_created = false + external_validation_records_created = false - core_network_services_domains = { + core_network_services_domains = { for domain, value in local.validation : domain => value if value.account == "core-network-services" } core_network_services_domains_private = { - for domain, value in local.validation : domain => value if value.account == "core-network-services-private" - } + for domain, value in local.validation : domain => value if value.account == "core-network-services-private" + } core_vpc_domains = { for domain, value in local.validation : domain => value if value.account == "core-vpc" } @@ -76,7 +76,7 @@ locals { for domain, value in local.validation : domain => value if value.account == "self" } - non_prod_validation = { + non_prod_validation = { "modernisation-platform.service.justice.gov.uk" = { account = "core-network-services" zone_name = "modernisation-platform.service.justice.gov.uk." @@ -85,7 +85,7 @@ locals { account = "core-vpc" zone_name = "${local.vpc_name}-${local.environment}.modernisation-platform.service.justice.gov.uk." } - "${local.application_data.accounts[local.environment].acm_domain_name}" = { + "${local.application_data.accounts[local.environment].acm_domain_name}" = { account = "core-network-services-private" zone_name = "${local.application_data.accounts[local.environment].acm_domain_name}" } @@ -99,6 +99,6 @@ locals { } } -validation = local.environment == "production" ? local.prod_validation : local.non_prod_validation + validation = local.environment == "production" ? local.prod_validation : local.non_prod_validation } diff --git a/terraform/environments/portal/monitoring.tf b/terraform/environments/portal/monitoring.tf index 7462e9a7f0d..7733903a4e5 100644 --- a/terraform/environments/portal/monitoring.tf +++ b/terraform/environments/portal/monitoring.tf @@ -2,10 +2,10 @@ locals { dashboard_name = "${local.application_name}-${local.environment}-application-Dashboard" cpu_alarm_threshold = 85 # in percentage status_alarm_threshold = 1 - memory_alarm_threshold = 80 # in percentage + memory_alarm_threshold = 80 # in percentage swapspace_alarm_threshold = 50000000000 # in Bytes - diskspace_alarm_threshold = 80 # in percentage - mserver_alarm_threshold = 80 # in percentage + diskspace_alarm_threshold = 80 # in percentage + mserver_alarm_threshold = 80 # in percentage alarms_1 = { oam1 = { diff --git a/terraform/environments/portal/oam_ec2.tf b/terraform/environments/portal/oam_ec2.tf index 2e9d5eb67f7..60116c19dda 100644 --- a/terraform/environments/portal/oam_ec2.tf +++ b/terraform/environments/portal/oam_ec2.tf @@ -227,7 +227,7 @@ resource "aws_instance" "oam_instance_1" { user_data_replace_on_change = true tags = merge( - {"instance-scheduling" = "skip-scheduling"}, + { "instance-scheduling" = "skip-scheduling" }, local.tags, { "Name" = "${local.application_name} OAM Instance 1" }, local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" } @@ -248,7 +248,7 @@ resource "aws_instance" "oam_instance_2" { user_data_base64 = base64encode(local.oam_2_userdata) tags = merge( - {"instance-scheduling" = "skip-scheduling"}, + { "instance-scheduling" = "skip-scheduling" }, local.tags, { "Name" = "${local.application_name} OAM Instance 2" }, local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" } diff --git a/terraform/environments/portal/ohs_ec2.tf b/terraform/environments/portal/ohs_ec2.tf index f9ecaf4326f..849bb1b1f40 100644 --- a/terraform/environments/portal/ohs_ec2.tf +++ b/terraform/environments/portal/ohs_ec2.tf @@ -116,7 +116,7 @@ resource "aws_instance" "ohs_instance_1" { user_data_replace_on_change = true tags = merge( - {"instance-scheduling" = "skip-scheduling"}, + { "instance-scheduling" = "skip-scheduling" }, local.tags, { "Name" = "${local.application_name} OHS Instance 1" }, local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" } @@ -146,7 +146,7 @@ resource "aws_instance" "ohs_instance_2" { tags = merge( - {"instance-scheduling" = "skip-scheduling"}, + { "instance-scheduling" = "skip-scheduling" }, local.tags, { "Name" = "${local.application_name} OHS Instance 2" }, local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" } diff --git a/terraform/environments/portal/oim_ec2.tf b/terraform/environments/portal/oim_ec2.tf index b08bd9dafe6..813cc81ef42 100644 --- a/terraform/environments/portal/oim_ec2.tf +++ b/terraform/environments/portal/oim_ec2.tf @@ -147,7 +147,7 @@ resource "aws_instance" "oim_instance_1" { # } tags = merge( - {"instance-scheduling" = "skip-scheduling"}, + { "instance-scheduling" = "skip-scheduling" }, local.tags, { "Name" = "${local.application_name} OIM Instance 1" }, local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" } @@ -178,7 +178,7 @@ resource "aws_instance" "oim_instance_2" { tags = merge( - {"instance-scheduling" = "skip-scheduling"}, + { "instance-scheduling" = "skip-scheduling" }, local.tags, { "Name" = "${local.application_name} OIM Instance 2" }, local.environment != "production" ? { "snapshot-with-daily-35-day-retention" = "yes" } : { "snapshot-with-hourly-35-day-retention" = "yes" } diff --git a/terraform/environments/portal/route53.tf b/terraform/environments/portal/route53.tf index 2fdfb0b22da..1d11cdeeb70 100644 --- a/terraform/environments/portal/route53.tf +++ b/terraform/environments/portal/route53.tf @@ -355,8 +355,8 @@ resource "aws_route53_record" "cloudfront-non-prod" { zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id # name = local.application_data.accounts[local.environment].fqdn # this will need moving to a public hosted in future - name = "mp-portal.dev.legalservices.gov.uk" - type = "A" + name = "mp-portal.dev.legalservices.gov.uk" + type = "A" alias { name = aws_cloudfront_distribution.external.domain_name zone_id = aws_cloudfront_distribution.external.hosted_zone_id @@ -368,9 +368,9 @@ resource "aws_route53_record" "cloudfront-prod" { count = local.environment == "production" ? 1 : 0 provider = aws.core-network-services # zone_id = var.production_zone_id - zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id + zone_id = data.aws_route53_zone.portal-dev-private["${local.application_data.accounts[local.environment].acm_domain_name}"].zone_id name = local.application_data.accounts[local.environment].fqdn - type = "A" + type = "A" alias { name = aws_cloudfront_distribution.external.domain_name zone_id = aws_cloudfront_distribution.external.hosted_zone_id diff --git a/terraform/environments/portal/s3.tf b/terraform/environments/portal/s3.tf index 7d7d6646ca2..7966b92cb1a 100644 --- a/terraform/environments/portal/s3.tf +++ b/terraform/environments/portal/s3.tf @@ -34,39 +34,39 @@ module "s3_bucket_archive" { resource "aws_s3_object" "object_oam" { bucket = "laa-${local.application_name}-${local.environment}-archive-mp" - key = "oam1/" + key = "oam1/" } resource "aws_s3_object" "object_oam2" { count = contains(["development", "testing"], local.environment) ? 0 : 1 bucket = "laa-${local.application_name}-${local.environment}-archive-mp" - key = "oam2/" + key = "oam2/" } resource "aws_s3_object" "object_idm" { bucket = "laa-${local.application_name}-${local.environment}-archive-mp" - key = "idm1/" + key = "idm1/" } resource "aws_s3_object" "object_idm2" { count = contains(["development", "testing"], local.environment) ? 0 : 1 bucket = "laa-${local.application_name}-${local.environment}-archive-mp" - key = "idm2/" + key = "idm2/" } resource "aws_s3_object" "object_oim" { bucket = "laa-${local.application_name}-${local.environment}-archive-mp" - key = "oim1/" + key = "oim1/" } resource "aws_s3_object" "object_oim2" { count = contains(["development", "testing"], local.environment) ? 0 : 1 bucket = "laa-${local.application_name}-${local.environment}-archive-mp" - key = "oim2/" + key = "oim2/" } resource "aws_s3_object" "object_ohs" { bucket = "laa-${local.application_name}-${local.environment}-archive-mp" - key = "ohs1/" + key = "ohs1/" } resource "aws_s3_object" "object_ohs2" { count = contains(["development", "testing"], local.environment) ? 0 : 1 bucket = "laa-${local.application_name}-${local.environment}-archive-mp" - key = "ohs2/" + key = "ohs2/" } \ No newline at end of file diff --git a/terraform/environments/portal/ssm_maintenance_idm.tf b/terraform/environments/portal/ssm_maintenance_idm.tf index 551c63240aa..bbf95866f0b 100644 --- a/terraform/environments/portal/ssm_maintenance_idm.tf +++ b/terraform/environments/portal/ssm_maintenance_idm.tf @@ -82,19 +82,19 @@ EOF } resource "aws_ssm_maintenance_window" "idm_window" { - name = "idm1-${local.application_data.accounts[local.environment].maintenance_window_name}" - schedule = "cron(0 0 9 ? * * *)" - duration = 4 - cutoff = 1 + name = "idm1-${local.application_data.accounts[local.environment].maintenance_window_name}" + schedule = "cron(0 0 9 ? * * *)" + duration = 4 + cutoff = 1 schedule_timezone = "Europe/London" } resource "aws_ssm_maintenance_window" "idm2_window" { - count = contains(["development", "testing"], local.environment) ? 0 : 1 - name = "idm2-${local.application_data.accounts[local.environment].maintenance_window_name}" - schedule = "cron(0 0 9 ? * * *)" - duration = 4 - cutoff = 1 + count = contains(["development", "testing"], local.environment) ? 0 : 1 + name = "idm2-${local.application_data.accounts[local.environment].maintenance_window_name}" + schedule = "cron(0 0 9 ? * * *)" + duration = 4 + cutoff = 1 schedule_timezone = "Europe/London" } @@ -137,16 +137,16 @@ resource "aws_ssm_maintenance_window_task" "commands_idm" { task_invocation_parameters { - + run_command_parameters { document_version = "$LATEST" - parameter { - name = "commands" + parameter { + name = "commands" values = [local.script_idm] } } - + } } @@ -167,16 +167,16 @@ resource "aws_ssm_maintenance_window_task" "commands_idm2" { task_invocation_parameters { - + run_command_parameters { document_version = "$LATEST" - parameter { - name = "commands" + parameter { + name = "commands" values = [local.script_idm2] } } - + } } \ No newline at end of file diff --git a/terraform/environments/portal/ssm_maintenance_oam.tf b/terraform/environments/portal/ssm_maintenance_oam.tf index c9b0e5e905e..5cb947d50aa 100644 --- a/terraform/environments/portal/ssm_maintenance_oam.tf +++ b/terraform/environments/portal/ssm_maintenance_oam.tf @@ -51,7 +51,7 @@ done EOF -script_oam2 = < + WAM – UAT -https://wamuat.ppud.justice.gov.uk/Account/Login - + + PPUD - PROD -https://www.ppud.justice.gov.uk/ - + + WAM – PROD -https://wam.ppud.justice.gov.uk/ + @@ -41,15 +41,15 @@ https://wam.ppud.justice.gov.uk/ ### **Incident contact details:** -PPUDAppSupportTeam@lumen.com + ### **Service team contact:** -pankaj.pant@lumen.com -david.savage@lumen.com -helen.stimpson@lumen.com + + + diff --git a/terraform/environments/ppud/cloudwatch_linux.tf b/terraform/environments/ppud/cloudwatch_linux.tf index 6bc8fdbbfd2..641a8d08bd4 100644 --- a/terraform/environments/ppud/cloudwatch_linux.tf +++ b/terraform/environments/ppud/cloudwatch_linux.tf @@ -5,8 +5,8 @@ # Create a data source to fetch the tags of each instance data "aws_instances" "linux_tagged_instances" { filter { - name = "tag:patch_group" - values = ["prod_lin_patch"] + name = "tag:patch_group" + values = ["prod_lin_patch"] } } @@ -37,19 +37,19 @@ resource "aws_cloudwatch_metric_alarm" "linux_high_disk_usage" { resource "aws_cloudwatch_metric_alarm" "linux_cpu" { for_each = toset(data.aws_instances.linux_tagged_instances.ids) - alarm_name = "CPU-High-${each.key}" # name of the alarm - comparison_operator = "GreaterThanOrEqualToThreshold" # threshold to trigger the alarm state - period = "60" # period in seconds over which the specified statistic is applied - threshold = "90" # threshold for the alarm - see comparison_operator for usage - evaluation_periods = "3" # how many periods over which to evaluate the alarm - datapoints_to_alarm = "2" # how many datapoints must be breaching the threshold to trigger the alarm - metric_name = "CPUUtilization" # name of the alarm's associated metric + alarm_name = "CPU-High-${each.key}" # name of the alarm + comparison_operator = "GreaterThanOrEqualToThreshold" # threshold to trigger the alarm state + period = "60" # period in seconds over which the specified statistic is applied + threshold = "90" # threshold for the alarm - see comparison_operator for usage + evaluation_periods = "3" # how many periods over which to evaluate the alarm + datapoints_to_alarm = "2" # how many datapoints must be breaching the threshold to trigger the alarm + metric_name = "CPUUtilization" # name of the alarm's associated metric treat_missing_data = "notBreaching" - namespace = "AWS/EC2" # namespace of the alarm's associated metric - statistic = "Average" # could be Average/Minimum/Maximum etc. + namespace = "AWS/EC2" # namespace of the alarm's associated metric + statistic = "Average" # could be Average/Minimum/Maximum etc. alarm_description = "Monitors ec2 cpu utilisation" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -69,7 +69,7 @@ resource "aws_cloudwatch_metric_alarm" "linux_cpu_usage_iowait" { threshold = "90" alarm_description = "This metric monitors the amount of CPU time spent waiting for I/O to complete. If the average CPU time spent waiting for I/O to complete is greater than 90% for 30 minutes, the alarm will trigger." alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -94,7 +94,7 @@ resource "aws_cloudwatch_metric_alarm" "linux_ec2_high_memory_usage" { treat_missing_data = "notBreaching" alarm_description = "This metric monitors the memory used percentage on the instance. If the memory used above 90% for 2 minutes, the alarm will trigger" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -114,7 +114,7 @@ resource "aws_cloudwatch_metric_alarm" "linux_low_available_memory" { statistic = "Average" alarm_description = "This metric monitors the amount of available memory. If the amount of available memory is less than 10% for 2 minutes, the alarm will trigger." alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -139,7 +139,7 @@ resource "aws_cloudwatch_metric_alarm" "linux_instance_health_check" { treat_missing_data = "notBreaching" alarm_description = "Instance status checks monitor the software and network configuration of your individual instance. When an instance status check fails, you typically must address the problem yourself: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -159,7 +159,7 @@ resource "aws_cloudwatch_metric_alarm" "linux_system_health_check" { treat_missing_data = "notBreaching" alarm_description = "System status checks monitor the AWS systems on which your instance runs. These checks detect underlying problems with your instance that require AWS involvement to repair: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -167,15 +167,15 @@ resource "aws_cloudwatch_metric_alarm" "linux_system_health_check" { #Log Groups resource "aws_cloudwatch_log_group" "Linux-Services-Logs" { -count = local.is-production == true ? 1 : 0 - name = "Linux-Services-Logs" + count = local.is-production == true ? 1 : 0 + name = "Linux-Services-Logs" retention_in_days = 365 } #Metric Filters resource "aws_cloudwatch_log_metric_filter" "Linux-ServiceStatus-Running" { -count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "Linux-ServiceStatus-Running" log_group_name = aws_cloudwatch_log_group.Linux-Services-Logs[count.index].name pattern = "[date, time, Instance, Service, status=Running]" @@ -185,13 +185,13 @@ count = local.is-production == true ? 1 : 0 value = "1" dimensions = { Instance = "$Instance" - Service = "$Service" + Service = "$Service" } } } resource "aws_cloudwatch_log_metric_filter" "Linux-ServiceStatus-NotRunning" { -count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "Linux-ServiceStatus-NotRunning" log_group_name = aws_cloudwatch_log_group.Linux-Services-Logs[count.index].name pattern = "[date, time, Instance, Service, status!=Running]" @@ -201,7 +201,7 @@ count = local.is-production == true ? 1 : 0 value = "0" dimensions = { Instance = "$Instance" - Service = "$Service" + Service = "$Service" } } } \ No newline at end of file diff --git a/terraform/environments/ppud/cloudwatch_windows.tf b/terraform/environments/ppud/cloudwatch_windows.tf index c04341d3e18..c42fb06ed01 100644 --- a/terraform/environments/ppud/cloudwatch_windows.tf +++ b/terraform/environments/ppud/cloudwatch_windows.tf @@ -5,8 +5,8 @@ # Create a data source to fetch the tags of each instance data "aws_instances" "windows_tagged_instances" { filter { - name = "tag:patch_group" - values = ["prod_win_patch"] + name = "tag:patch_group" + values = ["prod_win_patch"] } } @@ -46,7 +46,7 @@ resource "aws_cloudwatch_metric_alarm" "Memory_percentage_Committed_Bytes_In_Use treat_missing_data = "notBreaching" alarm_description = "Triggers if memory usage is continually high for 15 minutes" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -67,7 +67,7 @@ resource "aws_cloudwatch_metric_alarm" "cpu_usage_iowait" { threshold = "90" alarm_description = "This metric monitors the amount of CPU time spent waiting for I/O to complete. If the average CPU time spent waiting for I/O to complete is greater than 90% for 30 minutes, the alarm will trigger." alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -75,19 +75,19 @@ resource "aws_cloudwatch_metric_alarm" "cpu_usage_iowait" { # CPU Utilization Alarm resource "aws_cloudwatch_metric_alarm" "cpu" { for_each = toset(data.aws_instances.windows_tagged_instances.ids) - alarm_name = "CPU-High-${each.key}" # name of the alarm - comparison_operator = "GreaterThanOrEqualToThreshold" # threshold to trigger the alarm state - period = "60" # period in seconds over which the specified statistic is applied - threshold = "90" # threshold for the alarm - see comparison_operator for usage - evaluation_periods = "3" # how many periods over which to evaluate the alarm - datapoints_to_alarm = "2" # how many datapoints must be breaching the threshold to trigger the alarm - metric_name = "CPUUtilization" # name of the alarm's associated metric + alarm_name = "CPU-High-${each.key}" # name of the alarm + comparison_operator = "GreaterThanOrEqualToThreshold" # threshold to trigger the alarm state + period = "60" # period in seconds over which the specified statistic is applied + threshold = "90" # threshold for the alarm - see comparison_operator for usage + evaluation_periods = "3" # how many periods over which to evaluate the alarm + datapoints_to_alarm = "2" # how many datapoints must be breaching the threshold to trigger the alarm + metric_name = "CPUUtilization" # name of the alarm's associated metric treat_missing_data = "notBreaching" - namespace = "AWS/EC2" # namespace of the alarm's associated metric - statistic = "Average" # could be Average/Minimum/Maximum etc. + namespace = "AWS/EC2" # namespace of the alarm's associated metric + statistic = "Average" # could be Average/Minimum/Maximum etc. alarm_description = "Monitors ec2 cpu utilisation" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -111,7 +111,7 @@ resource "aws_cloudwatch_metric_alarm" "instance_health_check" { treat_missing_data = "notBreaching" alarm_description = "Instance status checks monitor the software and network configuration of your individual instance. When an instance status check fails, you typically must address the problem yourself: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -131,7 +131,7 @@ resource "aws_cloudwatch_metric_alarm" "system_health_check" { treat_missing_data = "notBreaching" alarm_description = "System status checks monitor the AWS systems on which your instance runs. These checks detect underlying problems with your instance that require AWS involvement to repair: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -156,7 +156,7 @@ resource "aws_cloudwatch_metric_alarm" "Windows_IIS_check" { treat_missing_data = "notBreaching" alarm_description = "System status checks monitor the AWS systems on which your instance runs. These checks detect underlying problems with your instance that require AWS involvement to repair: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html" alarm_actions = [aws_sns_topic.cw_alerts[0].arn] - dimensions = { + dimensions = { InstanceId = each.key } } @@ -164,45 +164,45 @@ resource "aws_cloudwatch_metric_alarm" "Windows_IIS_check" { #Log Groups resource "aws_cloudwatch_log_group" "IIS-Logs" { -count = local.is-production == true ? 1 : 0 - name = "IIS-Logs" + count = local.is-production == true ? 1 : 0 + name = "IIS-Logs" retention_in_days = 365 } resource "aws_cloudwatch_log_group" "System-Event-Logs" { -count = local.is-production == true ? 1 : 0 - name = "System-Event-Logs" + count = local.is-production == true ? 1 : 0 + name = "System-Event-Logs" retention_in_days = 365 } resource "aws_cloudwatch_log_group" "Application-Event-Logs" { -count = local.is-production == true ? 1 : 0 - name = "Application-Event-Logs" + count = local.is-production == true ? 1 : 0 + name = "Application-Event-Logs" retention_in_days = 365 } resource "aws_cloudwatch_log_group" "Windows-Services-Logs" { -count = local.is-production == true ? 1 : 0 - name = "Windows-Services-Logs" + count = local.is-production == true ? 1 : 0 + name = "Windows-Services-Logs" retention_in_days = 365 } resource "aws_cloudwatch_log_group" "Network-Connectivity-Logs" { -count = local.is-production == true ? 1 : 0 - name = "Network-Connectivity-Logs" + count = local.is-production == true ? 1 : 0 + name = "Network-Connectivity-Logs" retention_in_days = 365 } resource "aws_cloudwatch_log_group" "SQL-Server-Logs" { -count = local.is-production == true ? 1 : 0 - name = "SQL-Server-Logs" + count = local.is-production == true ? 1 : 0 + name = "SQL-Server-Logs" retention_in_days = 365 } #Metric Filters resource "aws_cloudwatch_log_metric_filter" "ServiceStatus-Running" { -count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "ServiceStatus-Running" log_group_name = aws_cloudwatch_log_group.Windows-Services-Logs[count.index].name pattern = "[date, time, Instance, Service, status=Running]" @@ -212,13 +212,13 @@ count = local.is-production == true ? 1 : 0 value = "1" dimensions = { Instance = "$Instance" - Service = "$Service" + Service = "$Service" } } } resource "aws_cloudwatch_log_metric_filter" "ServiceStatus-NotRunning" { -count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "ServiceStatus-NotRunning" log_group_name = aws_cloudwatch_log_group.Windows-Services-Logs[count.index].name pattern = "[date, time, Instance, Service, status!=Running]" @@ -228,13 +228,13 @@ count = local.is-production == true ? 1 : 0 value = "0" dimensions = { Instance = "$Instance" - Service = "$Service" + Service = "$Service" } } } resource "aws_cloudwatch_log_metric_filter" "PortStatus-True" { -count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "PortStatus-True" log_group_name = aws_cloudwatch_log_group.Network-Connectivity-Logs[count.index].name pattern = "[date, time, Instance, Port, status=True]" @@ -244,13 +244,13 @@ count = local.is-production == true ? 1 : 0 value = "1" dimensions = { Instance = "$Instance" - Port = "$Port" + Port = "$Port" } } } resource "aws_cloudwatch_log_metric_filter" "PortStatus-False" { -count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "PortStatus-False" log_group_name = aws_cloudwatch_log_group.Network-Connectivity-Logs[count.index].name pattern = "[date, time, Instance, Port, status=False]" @@ -260,13 +260,13 @@ count = local.is-production == true ? 1 : 0 value = "0" dimensions = { Instance = "$Instance" - Port = "$Port" + Port = "$Port" } } } resource "aws_cloudwatch_log_metric_filter" "SQLBackupStatus-Successful" { -count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "SQLBackupStatus-Successful" log_group_name = aws_cloudwatch_log_group.SQL-Server-Logs[count.index].name pattern = "[date, time, Instance, SQLBackup, status=Successful]" @@ -281,7 +281,7 @@ count = local.is-production == true ? 1 : 0 } resource "aws_cloudwatch_log_metric_filter" "SQLBackupStatus-Failed" { -count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "SQLBackupStatus-Failed" log_group_name = aws_cloudwatch_log_group.SQL-Server-Logs[count.index].name pattern = "[date, time, Instance, SQLBackup, status=Failed]" diff --git a/terraform/environments/ppud/endpointservice.tf b/terraform/environments/ppud/endpointservice.tf index a3cc68f6aa3..3afd1465eba 100644 --- a/terraform/environments/ppud/endpointservice.tf +++ b/terraform/environments/ppud/endpointservice.tf @@ -14,13 +14,13 @@ resource "aws_vpc_endpoint_service_allowed_principal" "HomeOffice" { } resource "aws_lb" "ppud_internal_nlb" { - count = local.is-production == true ? 1 : 0 - name = "ppud-internal-nlb" - internal = true - load_balancer_type = "network" - subnets = [data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id] - security_groups = [aws_security_group.PPUD-ALB.id] - enable_deletion_protection = false # change it to true + count = local.is-production == true ? 1 : 0 + name = "ppud-internal-nlb" + internal = true + load_balancer_type = "network" + subnets = [data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id] + security_groups = [aws_security_group.PPUD-ALB.id] + enable_deletion_protection = false # change it to true tags = { Name = "${var.networking[0].business-unit}-${local.environment}" @@ -40,11 +40,11 @@ resource "aws_lb_listener" "nlb_forward_rule" { } resource "aws_lb_target_group" "nlb_target_group" { - count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 name = "nlb-target-group" port = "443" protocol = "TCP" - target_type = "alb" # As type is ALB, you can't modify the target group attributes and will use their default values. + target_type = "alb" # As type is ALB, you can't modify the target group attributes and will use their default values. vpc_id = data.aws_vpc.shared.id health_check { port = "443" @@ -53,7 +53,7 @@ resource "aws_lb_target_group" "nlb_target_group" { } resource "aws_lb_target_group_attachment" "alb_attachment" { - count = local.is-production == true ? 1 : 0 + count = local.is-production == true ? 1 : 0 target_group_arn = aws_lb_target_group.nlb_target_group[0].arn target_id = aws_lb.PPUD-internal-ALB[0].id port = "443" diff --git a/terraform/environments/ppud/iam.tf b/terraform/environments/ppud/iam.tf index bc2c12a5e4d..b41233c3a55 100644 --- a/terraform/environments/ppud/iam.tf +++ b/terraform/environments/ppud/iam.tf @@ -70,23 +70,23 @@ resource "aws_iam_policy_attachment" "CloudWatchAgentServerPolicy" { ##################################### resource "aws_iam_policy" "production-s3-access" { - count = local.is-production == false ? 1 : 0 + count = local.is-production == false ? 1 : 0 name = "production-s3-access" path = "/" description = "production-s3-access" policy = jsonencode({ - "Version": "2012-10-17", - "Statement": [{ - "Action": "s3:ListBucket", - "Effect": "Allow", - "Resource": [ - "arn:aws:s3:::moj-scripts", - "arn:aws:s3:::moj-scripts/*", - "arn:aws:s3:::moj-release-management", - "arn:aws:s3:::moj-release-management/*" - ] - }] -}) + "Version" : "2012-10-17", + "Statement" : [{ + "Action" : "s3:ListBucket", + "Effect" : "Allow", + "Resource" : [ + "arn:aws:s3:::moj-scripts", + "arn:aws:s3:::moj-scripts/*", + "arn:aws:s3:::moj-release-management", + "arn:aws:s3:::moj-release-management/*" + ] + }] + }) } ################################# @@ -124,9 +124,9 @@ resource "aws_iam_role_policy_attachment" "maintenance_window_task_policy_attach ############################### resource "aws_iam_role" "lambda_role" { -count = local.is-production == true ? 1 : 0 -name = "PPUD_Lambda_Function_Role" -assume_role_policy = < +Preproduction: +Production: ### **Incident response hours:** diff --git a/terraform/environments/pra-register/rds.tf b/terraform/environments/pra-register/rds.tf index 7bbb7ad8ffa..bf06d3501ae 100644 --- a/terraform/environments/pra-register/rds.tf +++ b/terraform/environments/pra-register/rds.tf @@ -96,8 +96,8 @@ resource "null_resource" "setup_db" { SOURCE_DB_PASSWORD = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_PASSWORD"] DB_HOSTNAME = aws_db_instance.pra_db.address DB_NAME = aws_db_instance.pra_db.db_name - PRA_DB_USERNAME = local.application_data.accounts[local.environment].db_username - PRA_DB_PASSWORD = random_password.password.result + PRA_DB_USERNAME = local.application_data.accounts[local.environment].db_username + PRA_DB_PASSWORD = random_password.password.result } } triggers = { diff --git a/terraform/environments/sprinkler/bastion_linux.json b/terraform/environments/sprinkler/bastion_linux.json index f1cf7777da8..e706c2d45fc 100644 --- a/terraform/environments/sprinkler/bastion_linux.json +++ b/terraform/environments/sprinkler/bastion_linux.json @@ -1,15 +1,12 @@ { "keys": { "sandbox": { - "stevel": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCm6dC5mwkuep3XJVRLgUCEu08PiUSEHxVE+n77yiW8/5cUW4yeCzuY4qfKnmZdEW5TllGJ3kUM7GlFo8ID9BuF5uRMa/veOxFd8ZpHog2NHxxIt27CB36GN4NaIHLpJfNzmegTwwuijkUdnXm1Np+EcWkWnGF3o9AeEfZrIduwstWhxIWdSosy5WQcoMWKn3sYP1OkgcLn4FOxZBmffXHEn++hD+eTNEtwiSsabG7UDzoG+YBsPKFc8V9bkjTZJEOhwNwQMJqMk9VhFF6X1LUBJGnwY3Qf8cRZ1L55adqdSuwalf7vIwPuk4d2zTYHvU0DIyBtmAK+ZkYCYX15tFSgkIsZJ4r7CNM76Sb1AzSw5QsaF6HGZC2tD0JyHJQK2dxyM66oZnRBd5ThpLXHHEZACKMtXGtlZ/3vlX2gh09M9nzdt6WyjTypGDIDFbbCCHVeSPk+LitcKFEcQjUvSbQ6Q+M8SuQCnyukkmgCJKMTZo+IlGr6bgbux3F8dByljD8= stevelinden@L1429", - "davidelliott": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDoPyLxEkdq8VJctmdJYLt73X7C5XWQNK5BHtHjGFbx99IdWukjd+YniF5WSV+T+PGVWPUjnPS0UHMwQXz7rmevWuKQfFGf3OgPdYWG6BmjaQVlRj2gULHBk7wXoTMVi/e93gA4qq/GwCVOW2GsiidDUXCzDDJwJVhHKGVoLAY5uItW5qkLrlhGmNiX2g3PajzakPhMQUNy+4/8iRnzj2Xm9W17o23IowY/7FgFvaoT9D5+JWsIr+DuFZZ/Nnbioxejyk0IwrL4sf7MOW8uowq3Q2D3z+84uH5MBwbZRiw7a0elC/UaBAcs6pMd9H3H7cg7lOZDF8sWZ/+gcFUrjUyg/uh0QkJTh+ymosbcuUaO7elEJ9j9UTYtIr/Z0E5VV4pAyVbZs7Q6P1oupPijBDmUPu2D03cdQMw/cqf1LFjRAf2ZGuq3nuUlx/V3CCZxS4fY3R0ZNpUgTmF9lpxFIrqXFYa8pqRLLcI3D9O4jUOGRgqwZ2XeqAnuh+zbMpPezOE= davidelliot@L0421", - "ewastempel": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDn8g/Fo0Vr5uCcUp4+P1UdXtYdY73taERpeI7MrhZKQ0PVu4OSOAOQ8xv32xRSDgZsgZP3pkUkWprbgE9S8DGZjORyWndbPYhnC6nerfakEIiK4N30jNHDMmRWSwSCtwGC/ww+HQE+AR0UjoTTL56oNxN7zmgCelCuX/jgdXfTuuYKGwhqXE5hiz8YVwNUvPPgx0AI1OtbX6JPn+U8blnBfoI5mXhRw8GCvqW50OQetH6e9o0njtZPy+16XLM1sMzG1QpDfTlHVfklxqwLvFm1NDrZeYgsT76dV/YvgK74/SFBTWBjDTXtIO4rXoyjFhInzUQsMCEWuPPpov82fkqp ewastempel@L0693" + "stevel": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCm6dC5mwkuep3XJVRLgUCEu08PiUSEHxVE+n77yiW8/5cUW4yeCzuY4qfKnmZdEW5TllGJ3kUM7GlFo8ID9BuF5uRMa/veOxFd8ZpHog2NHxxIt27CB36GN4NaIHLpJfNzmegTwwuijkUdnXm1Np+EcWkWnGF3o9AeEfZrIduwstWhxIWdSosy5WQcoMWKn3sYP1OkgcLn4FOxZBmffXHEn++hD+eTNEtwiSsabG7UDzoG+YBsPKFc8V9bkjTZJEOhwNwQMJqMk9VhFF6X1LUBJGnwY3Qf8cRZ1L55adqdSuwalf7vIwPuk4d2zTYHvU0DIyBtmAK+ZkYCYX15tFSgkIsZJ4r7CNM76Sb1AzSw5QsaF6HGZC2tD0JyHJQK2dxyM66oZnRBd5ThpLXHHEZACKMtXGtlZ/3vlX2gh09M9nzdt6WyjTypGDIDFbbCCHVeSPk+LitcKFEcQjUvSbQ6Q+M8SuQCnyukkmgCJKMTZo+IlGr6bgbux3F8dByljD8= stevelinden@L1429", + "davidelliott": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDoPyLxEkdq8VJctmdJYLt73X7C5XWQNK5BHtHjGFbx99IdWukjd+YniF5WSV+T+PGVWPUjnPS0UHMwQXz7rmevWuKQfFGf3OgPdYWG6BmjaQVlRj2gULHBk7wXoTMVi/e93gA4qq/GwCVOW2GsiidDUXCzDDJwJVhHKGVoLAY5uItW5qkLrlhGmNiX2g3PajzakPhMQUNy+4/8iRnzj2Xm9W17o23IowY/7FgFvaoT9D5+JWsIr+DuFZZ/Nnbioxejyk0IwrL4sf7MOW8uowq3Q2D3z+84uH5MBwbZRiw7a0elC/UaBAcs6pMd9H3H7cg7lOZDF8sWZ/+gcFUrjUyg/uh0QkJTh+ymosbcuUaO7elEJ9j9UTYtIr/Z0E5VV4pAyVbZs7Q6P1oupPijBDmUPu2D03cdQMw/cqf1LFjRAf2ZGuq3nuUlx/V3CCZxS4fY3R0ZNpUgTmF9lpxFIrqXFYa8pqRLLcI3D9O4jUOGRgqwZ2XeqAnuh+zbMpPezOE= davidelliot@L0421", + "ewastempel": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDn8g/Fo0Vr5uCcUp4+P1UdXtYdY73taERpeI7MrhZKQ0PVu4OSOAOQ8xv32xRSDgZsgZP3pkUkWprbgE9S8DGZjORyWndbPYhnC6nerfakEIiK4N30jNHDMmRWSwSCtwGC/ww+HQE+AR0UjoTTL56oNxN7zmgCelCuX/jgdXfTuuYKGwhqXE5hiz8YVwNUvPPgx0AI1OtbX6JPn+U8blnBfoI5mXhRw8GCvqW50OQetH6e9o0njtZPy+16XLM1sMzG1QpDfTlHVfklxqwLvFm1NDrZeYgsT76dV/YvgK74/SFBTWBjDTXtIO4rXoyjFhInzUQsMCEWuPPpov82fkqp ewastempel@L0693" }, - "test": { - }, - "preproduction": { - }, - "production": { - } + "test": {}, + "preproduction": {}, + "production": {} } } diff --git a/terraform/environments/wardship/README.md b/terraform/environments/wardship/README.md index 747c72bc224..f56037035dc 100644 --- a/terraform/environments/wardship/README.md +++ b/terraform/environments/wardship/README.md @@ -10,9 +10,9 @@ The Wardship Registers is a non-critical business application that allows Royal ### **Service URLs:** -Development: https://wardship.hmcts-development.modernisation-platform.service.justice.gov.uk/ -Preproduction: https://wardship.hmcts-preproduction.modernisation-platform.service.justice.gov.uk/ -Production: https://wardship-agreements-register.service.justice.gov.uk/ +Development: +Preproduction: +Production: ### **Incident response hours:** diff --git a/terraform/environments/wardship/rds.tf b/terraform/environments/wardship/rds.tf index 72122939fa0..55a2bbb2bc7 100644 --- a/terraform/environments/wardship/rds.tf +++ b/terraform/environments/wardship/rds.tf @@ -90,14 +90,14 @@ resource "null_resource" "setup_db" { command = "chmod +x ./migrate_db.sh; ./migrate_db.sh" environment = { - SOURCE_DB_HOSTNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_HOSTNAME"] - SOURCE_DB_NAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_NAME"] - SOURCE_DB_USERNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_USERNAME"] - SOURCE_DB_PASSWORD = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_PASSWORD"] - DB_HOSTNAME = aws_db_instance.wardship_db.address - DB_NAME = aws_db_instance.wardship_db.db_name - WARDSHIP_DB_USERNAME = local.application_data.accounts[local.environment].db_username - WARDSHIP_DB_PASSWORD = random_password.password.result + SOURCE_DB_HOSTNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_HOSTNAME"] + SOURCE_DB_NAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_NAME"] + SOURCE_DB_USERNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_USERNAME"] + SOURCE_DB_PASSWORD = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_PASSWORD"] + DB_HOSTNAME = aws_db_instance.wardship_db.address + DB_NAME = aws_db_instance.wardship_db.db_name + WARDSHIP_DB_USERNAME = local.application_data.accounts[local.environment].db_username + WARDSHIP_DB_PASSWORD = random_password.password.result } } triggers = { diff --git a/terraform/environments/xhibit-portal/importmachine.tf b/terraform/environments/xhibit-portal/importmachine.tf index 5096bbf4c53..237f6ccfdf0 100644 --- a/terraform/environments/xhibit-portal/importmachine.tf +++ b/terraform/environments/xhibit-portal/importmachine.tf @@ -71,7 +71,7 @@ resource "aws_instance" "importmachine" { ignore_changes = [ # This prevents clobbering the tags of attached EBS volumes. See # [this bug][1] in the AWS provider upstream. - + # [1]: https://github.com/terraform-providers/terraform-provider-aws/issues/770 volume_tags, ] diff --git a/terraform/environments/xhibit-portal/ingestion-load-balancer.tf b/terraform/environments/xhibit-portal/ingestion-load-balancer.tf index 9aaa9b66be9..bda9bc8af06 100644 --- a/terraform/environments/xhibit-portal/ingestion-load-balancer.tf +++ b/terraform/environments/xhibit-portal/ingestion-load-balancer.tf @@ -23,8 +23,8 @@ resource "aws_security_group_rule" "ingestion_lb_allow_web_users" { from_port = 443 to_port = 443 protocol = "TCP" - cidr_blocks = [ - "10.182.60.51/32", # NLE CGI proxy + cidr_blocks = [ + "10.182.60.51/32", # NLE CGI proxy # "195.59.75.151/32", # New proxy IPs from Prashanth for testing ingestion NLE DEV # "195.59.75.152/32", # New proxy IPs from Prashanth for testing ingestion NLE DEV # "194.33.192.0/24", # New proxy IPs from Prashanth for testing ingestion LE PROD diff --git a/terraform/modules/baseline/secretsmanager.tf b/terraform/modules/baseline/secretsmanager.tf index 239f4ca72a1..e7010f34bf0 100644 --- a/terraform/modules/baseline/secretsmanager.tf +++ b/terraform/modules/baseline/secretsmanager.tf @@ -75,7 +75,7 @@ data "aws_iam_policy_document" "secretsmanager_secret_policy" { for_each = statement.value.principals != null ? [statement.value.principals] : [] content { type = principals.value.type - identifiers = [ for identifier in principals.value.identifiers : try(var.environment.account_root_arns[identifier], identifier) ] + identifiers = [for identifier in principals.value.identifiers : try(var.environment.account_root_arns[identifier], identifier)] } } dynamic "condition" { diff --git a/terraform/modules/ip_addresses/azure_fixngo.tf b/terraform/modules/ip_addresses/azure_fixngo.tf index 65906a5ec06..13f1ec2acd3 100644 --- a/terraform/modules/ip_addresses/azure_fixngo.tf +++ b/terraform/modules/ip_addresses/azure_fixngo.tf @@ -42,7 +42,7 @@ locals { noms_mgmt_vnet = "10.102.0.0/16" noms_test_dr_vnet = "10.111.0.0/16" noms_mgmt_dr_vnet = "10.112.0.0/16" - + noms_transit_live_fw_devtest = "52.142.189.87/32" noms_transit_live_fw_prod = "52.142.189.118/32"