From 67cee06d48062b2ccff5b8916c145b8996354f70 Mon Sep 17 00:00:00 2001 From: modernisation-platform-ci Date: Mon, 10 Jun 2024 04:56:56 +0000 Subject: [PATCH] Updates from GitHub Actions Format Code workflow --- .devcontainer/devcontainer-lock.json | 2 +- terraform/environments/apex/backups.tf | 4 +- terraform/environments/apex/cloudfront.tf | 12 +- terraform/environments/apex/ec2.tf | 28 +- terraform/environments/apex/efs.tf | 2 +- terraform/environments/apex/event_triggers.tf | 4 +- terraform/environments/apex/lambda.tf | 22 +- terraform/environments/apex/locals.tf | 2 +- .../environments/apex/modules/alb/main.tf | 8 +- .../environments/apex/modules/ecs/main.tf | 10 +- .../environments/ccms-ebs-upgrade/sns.tf | 4 +- .../cdpt-chaps/application_variables.json | 2 +- terraform/environments/cdpt-chaps/ecs.tf | 10 +- .../environments/cdpt-chaps/loadbalancer.tf | 22 +- terraform/environments/cdpt-chaps/locals.tf | 30 +- terraform/environments/cdpt-ifs/database.tf | 22 +- terraform/environments/cdpt-ifs/ecs.tf | 10 +- .../environments/cdpt-ifs/loadbalancer.tf | 8 +- .../backup_lambda.tf | 22 +- .../contract-work-administration/backups.tf | 2 +- .../event_rules.tf | 4 +- .../contract-work-administration/sns.tf | 2 +- .../delius-core/bastion_linux.json | 6 +- .../components/oracle_db_shared/iam.tf | 2 +- .../components/nextcloud/ecs_cluster.tf | 4 +- .../application_variables.json | 6 +- .../digital-prison-reporting/cross-account.tf | 12 +- .../digital-prison-reporting/locals.tf | 10 +- .../oracle/main.tf | 6 +- .../modules/ec2/iam.tf | 2 +- .../modules/ec2/main.tf | 2 +- .../platform_versions.tf | 4 +- .../digital-prison-reporting/policy.tf | 30 +- .../edw/application_variables.json | 4 +- terraform/environments/edw/cw.tf | 66 +- terraform/environments/edw/ec2.tf | 34 +- terraform/environments/edw/secret-rotate.tf | 34 +- .../dms_g4s_cap_dw_task_tables_selection.json | 4 +- .../electronic-monitoring-data/lambdas_iam.tf | 270 ++-- .../lambdas_layers.tf | 22 +- .../lambdas_main.tf | 136 +- .../lambdas_secrets.tf | 14 +- .../lambdas_security_groups.tf | 10 +- .../electronic-monitoring-data/locals.tf | 2 +- .../dms_g4s_cap_dw_task_transformations.json | 2 +- .../modules/lambdas/main.tf | 8 +- .../modules/lambdas/variables.tf | 2 +- .../parquet-to-csv.tf | 2 +- .../retrigger-large-zip-file.json | 2 +- .../electronic-monitoring-data/s3_main.tf | 10 +- .../step_functions_iam.tf | 2 +- .../step_functions_main.tf | 6 +- .../locals_security_groups.tf | 8 +- terraform/environments/oas/ec2.tf | 14 +- terraform/environments/oas/modules/rds/rds.tf | 2 +- .../environments/sprinkler/bastion_linux.tf | 2 +- .../environments/tribunals/asg-shared.tf | 60 +- .../tribunals/container_definition.json | 49 +- .../tribunals/container_definition_ftp.json | 33 +- terraform/environments/tribunals/dms.tf | 54 +- terraform/environments/tribunals/dns_ssl.tf | 56 +- .../tribunals/ecs-cluster-shared.tf | 2 +- terraform/environments/tribunals/main.tf | 1096 ++++++++--------- .../tribunals/modules/dms/main.tf | 32 +- .../modules/ecs_loadbalancer/main.tf | 2 +- .../tribunals/modules/ecs_task/main.tf | 10 +- .../tribunals/modules/tribunal/main.tf | 4 +- .../tribunals/modules/tribunal/variables.tf | 2 +- .../modules/tribunal_ftp/variables.tf | 2 +- terraform/environments/tribunals/s3.tf | 4 +- terraform/modules/environment/outputs.tf | 4 +- terraform/modules/ip_addresses/moj.tf | 4 +- 72 files changed, 1187 insertions(+), 1199 deletions(-) diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json index ac9d6bf6dd3..f6e49e30fd5 100644 --- a/.devcontainer/devcontainer-lock.json +++ b/.devcontainer/devcontainer-lock.json @@ -21,4 +21,4 @@ "integrity": "sha256:af3b3891cf31ff373df29998c690257d6f21f2ee4536bc4d692856408ef0c83a" } } -} \ No newline at end of file +} diff --git a/terraform/environments/apex/backups.tf b/terraform/environments/apex/backups.tf index 6bd8b541143..a611e3196db 100644 --- a/terraform/environments/apex/backups.tf +++ b/terraform/environments/apex/backups.tf @@ -17,7 +17,7 @@ resource "aws_backup_vault" "apex" { data "aws_iam_policy_document" "apex" { statement { - sid = "Allow local account basic permissions to the vault" + sid = "Allow local account basic permissions to the vault" effect = "Allow" principals { @@ -39,7 +39,7 @@ data "aws_iam_policy_document" "apex" { resources = [aws_backup_vault.apex.arn] } statement { - sid = "Allow copying of recovery points from Landing Zone" + sid = "Allow copying of recovery points from Landing Zone" effect = "Allow" principals { diff --git a/terraform/environments/apex/cloudfront.tf b/terraform/environments/apex/cloudfront.tf index a169337ce37..be053f3886b 100644 --- a/terraform/environments/apex/cloudfront.tf +++ b/terraform/environments/apex/cloudfront.tf @@ -1,10 +1,10 @@ locals { lower_env_cloudfront_url = "${local.application_name}.${data.aws_route53_zone.external.name}" # TODO: The production CloudFront FQDN is to be determined - prod_fqdn = data.aws_route53_zone.production_network_services.name + prod_fqdn = data.aws_route53_zone.production_network_services.name cloudfront_alias = local.environment == "production" ? local.prod_fqdn : local.lower_env_cloudfront_url - - custom_header = "X-Custom-Header-LAA-${upper(local.application_name)}" + + custom_header = "X-Custom-Header-LAA-${upper(local.application_name)}" cloudfront_default_cache_behavior = { smooth_streaming = false @@ -123,7 +123,7 @@ resource "aws_s3_bucket" "cloudfront" { resource "aws_s3_bucket_ownership_controls" "cloudfront" { bucket = aws_s3_bucket.cloudfront.id rule { - object_ownership = local.environment == "production" ? "ObjectWriter": "BucketOwnerPreferred" + object_ownership = local.environment == "production" ? "ObjectWriter" : "BucketOwnerPreferred" } } @@ -154,7 +154,7 @@ resource "aws_s3_bucket_public_access_block" "cloudfront" { } resource "aws_s3_bucket_lifecycle_configuration" "cloudfront" { - count = local.environment == "production" ? 1 : 0 + count = local.environment == "production" ? 1 : 0 bucket = aws_s3_bucket.cloudfront.id rule { @@ -166,7 +166,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "cloudfront" { noncurrent_version_expiration { newer_noncurrent_versions = 1 - noncurrent_days = 90 + noncurrent_days = 90 } status = "Enabled" diff --git a/terraform/environments/apex/ec2.tf b/terraform/environments/apex/ec2.tf index 300f74da6f1..8542539bf3c 100644 --- a/terraform/environments/apex/ec2.tf +++ b/terraform/environments/apex/ec2.tf @@ -93,12 +93,12 @@ resource "aws_vpc_security_group_ingress_rule" "db_ecs" { } resource "aws_vpc_security_group_ingress_rule" "db_mp_vpc" { - security_group_id = aws_security_group.database.id - description = "Allow MP VPC (OAS) to access database instance" - cidr_ipv4 = data.aws_vpc.shared.cidr_block - from_port = 1521 - ip_protocol = "tcp" - to_port = 1521 + security_group_id = aws_security_group.database.id + description = "Allow MP VPC (OAS) to access database instance" + cidr_ipv4 = data.aws_vpc.shared.cidr_block + from_port = 1521 + ip_protocol = "tcp" + to_port = 1521 } resource "aws_vpc_security_group_ingress_rule" "db_lambda" { @@ -111,18 +111,18 @@ resource "aws_vpc_security_group_ingress_rule" "db_lambda" { } resource "aws_vpc_security_group_ingress_rule" "db_workspace" { - security_group_id = aws_security_group.database.id - description = "Database listener port access to Workspaces" - cidr_ipv4 = local.application_data.accounts[local.environment].workspace_cidr - from_port = 1521 - ip_protocol = "tcp" - to_port = 1521 + security_group_id = aws_security_group.database.id + description = "Database listener port access to Workspaces" + cidr_ipv4 = local.application_data.accounts[local.environment].workspace_cidr + from_port = 1521 + ip_protocol = "tcp" + to_port = 1521 } resource "aws_vpc_security_group_egress_rule" "db_outbound" { security_group_id = aws_security_group.database.id - cidr_ipv4 = "0.0.0.0/0" - ip_protocol = "-1" + cidr_ipv4 = "0.0.0.0/0" + ip_protocol = "-1" } diff --git a/terraform/environments/apex/efs.tf b/terraform/environments/apex/efs.tf index b43b3e32179..a78aa2f9065 100644 --- a/terraform/environments/apex/efs.tf +++ b/terraform/environments/apex/efs.tf @@ -1,7 +1,7 @@ resource "aws_kms_key" "efs" { description = "KMS key for encrypting EFS" # enable_key_rotation = true - tags = local.tags + tags = local.tags } resource "aws_kms_key_policy" "efs" { diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index c916042dac9..99606f01786 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -42,6 +42,6 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_fri" { } resource "aws_cloudwatch_event_target" "deletesnapshotFunctioncheck_mon_fri" { - rule = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.name - arn = aws_lambda_function.delete_db_snapshots.arn + rule = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.name + arn = aws_lambda_function.delete_db_snapshots.arn } diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 4fd177c3482..b88e4cbaf3e 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -1,7 +1,7 @@ locals { create_db_snapshots_script_prefix = "dbsnapshot" delete_db_snapshots_script_prefix = "deletesnapshots" - db_connect_script_prefix = "dbconnect" + db_connect_script_prefix = "dbconnect" } resource "aws_ssm_parameter" "ssh_key" { @@ -48,8 +48,8 @@ resource "aws_iam_role" "backup_lambda" { } resource "aws_iam_policy" "backup_lambda" { #tfsec:ignore:aws-iam-no-policy-wildcards - name = "${local.application_name}-${local.environment}-backup-lambda-policy" - tags = merge( + name = "${local.application_name}-${local.environment}-backup-lambda-policy" + tags = merge( local.tags, { Name = "${local.application_name}-${local.environment}-backup-lambda-policy" } ) @@ -100,7 +100,7 @@ resource "aws_iam_role_policy_attachment" "backup_lambda" { resource "aws_s3_bucket" "backup_lambda" { bucket = "${local.application_name}-${local.environment}-backup-lambda" - tags = merge( + tags = merge( local.tags, { Name = "${local.application_name}-${local.environment}-backup-lambda" } ) @@ -110,7 +110,7 @@ resource "aws_s3_object" "provision_files" { bucket = aws_s3_bucket.backup_lambda.id for_each = fileset("./zipfiles/", "**") key = each.value - source = "./zipfiles/${each.value}" + source = "./zipfiles/${each.value}" content_type = "application/zip" source_hash = filemd5("./zipfiles/${each.value}") } @@ -201,15 +201,15 @@ resource "aws_security_group" "backup_lambda" { } resource "aws_lambda_layer_version" "backup_lambda" { - layer_name = "SSHNodeJSLayer" - description = "A layer to add ssh libs to lambda" - license_info = "Apache-2.0" - s3_bucket = aws_s3_bucket.backup_lambda.id - s3_key = "nodejs.zip" + layer_name = "SSHNodeJSLayer" + description = "A layer to add ssh libs to lambda" + license_info = "Apache-2.0" + s3_bucket = aws_s3_bucket.backup_lambda.id + s3_key = "nodejs.zip" source_code_hash = filebase64sha256("zipfiles/nodejs.zip") compatible_runtimes = ["nodejs18.x"] - depends_on = [time_sleep.wait_for_provision_files] # This resource creation will be delayed to ensure object exists in the bucket + depends_on = [time_sleep.wait_for_provision_files] # This resource creation will be delayed to ensure object exists in the bucket } resource "aws_lambda_function" "create_db_snapshots" { diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index 61c85fba40f..7dddfd31c88 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -2,7 +2,7 @@ locals { database_ec2_name = "${local.application_name} Database Server" - + #Lambda files dbsnapshot_source_file = "dbsnapshot.js" deletesnapshot_source_file = "deletesnapshots.py" diff --git a/terraform/environments/apex/modules/alb/main.tf b/terraform/environments/apex/modules/alb/main.tf index db5542b9190..4e70659aece 100644 --- a/terraform/environments/apex/modules/alb/main.tf +++ b/terraform/environments/apex/modules/alb/main.tf @@ -3,10 +3,10 @@ locals { loadbalancer_ingress_rules = { "lb_ingress" = { - description = "Loadbalancer ingress rule from CloudFront" - from_port = var.security_group_ingress_from_port - to_port = var.security_group_ingress_to_port - protocol = var.security_group_ingress_protocol + description = "Loadbalancer ingress rule from CloudFront" + from_port = var.security_group_ingress_from_port + to_port = var.security_group_ingress_to_port + protocol = var.security_group_ingress_protocol prefix_list_ids = [data.aws_ec2_managed_prefix_list.cloudfront.id] } } diff --git a/terraform/environments/apex/modules/ecs/main.tf b/terraform/environments/apex/modules/ecs/main.tf index 45e7867938d..2ef70e3e7c6 100644 --- a/terraform/environments/apex/modules/ecs/main.tf +++ b/terraform/environments/apex/modules/ecs/main.tf @@ -20,11 +20,11 @@ data "aws_subnets" "shared-private" { } resource "aws_autoscaling_group" "cluster-scaling-group" { - vpc_zone_identifier = sort(data.aws_subnets.shared-private.ids) - name = "${var.app_name}-cluster-scaling-group" - desired_capacity = var.ec2_desired_capacity - max_size = var.ec2_max_size - min_size = var.ec2_min_size + vpc_zone_identifier = sort(data.aws_subnets.shared-private.ids) + name = "${var.app_name}-cluster-scaling-group" + desired_capacity = var.ec2_desired_capacity + max_size = var.ec2_max_size + min_size = var.ec2_min_size # protect_from_scale_in = true launch_template { diff --git a/terraform/environments/ccms-ebs-upgrade/sns.tf b/terraform/environments/ccms-ebs-upgrade/sns.tf index 3c3cf5a94f0..9b3cc973806 100644 --- a/terraform/environments/ccms-ebs-upgrade/sns.tf +++ b/terraform/environments/ccms-ebs-upgrade/sns.tf @@ -1,7 +1,7 @@ #### Secret for support email address ### resource "aws_secretsmanager_secret" "support_email_account" { - name = "support_email_account" - description = "email address of the support account for cw alerts" + name = "support_email_account" + description = "email address of the support account for cw alerts" recovery_window_in_days = local.is-production ? 30 : 0 } diff --git a/terraform/environments/cdpt-chaps/application_variables.json b/terraform/environments/cdpt-chaps/application_variables.json index 1f41def7765..2139802701b 100644 --- a/terraform/environments/cdpt-chaps/application_variables.json +++ b/terraform/environments/cdpt-chaps/application_variables.json @@ -32,7 +32,7 @@ "ec2_max_size": 3, "ec2_min_size": 2, "ami_image_id": "ami-0cf98f96c2bae561e", - "instance_type": "t3.large", + "instance_type": "t3.large", "container_port": 80, "client_id": "2e2cc8ad-7b64-41b9-93a1-c16b9a00b34f" }, diff --git a/terraform/environments/cdpt-chaps/ecs.tf b/terraform/environments/cdpt-chaps/ecs.tf index c7474e1454e..d8b009dd18f 100644 --- a/terraform/environments/cdpt-chaps/ecs.tf +++ b/terraform/environments/cdpt-chaps/ecs.tf @@ -250,11 +250,11 @@ resource "aws_security_group" "cluster_ec2" { } egress { - description = "Cluster EC2 loadbalancer egress rule" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + description = "Cluster EC2 loadbalancer egress rule" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] } tags = merge( diff --git a/terraform/environments/cdpt-chaps/loadbalancer.tf b/terraform/environments/cdpt-chaps/loadbalancer.tf index a12b1be9d6b..9f7926f897c 100644 --- a/terraform/environments/cdpt-chaps/loadbalancer.tf +++ b/terraform/environments/cdpt-chaps/loadbalancer.tf @@ -89,7 +89,7 @@ module "lb_access_logs_enabled" { region = "eu-west-2" enable_deletion_protection = false idle_timeout = 60 - tags = { Name = "lb_module" } + tags = { Name = "lb_module" } } @@ -107,8 +107,8 @@ resource "aws_lb_target_group" "chaps_target_group" { deregistration_delay = 30 stickiness { - type = "lb_cookie" - } + type = "lb_cookie" + } health_check { healthy_threshold = "5" @@ -119,12 +119,12 @@ resource "aws_lb_target_group" "chaps_target_group" { timeout = "5" } - lifecycle { + lifecycle { create_before_destroy = true - ignore_changes = [name] + ignore_changes = [name] } - tags = { + tags = { Name = "chaps-target-group-${random_string.chaps_target_group_name.result}" } } @@ -142,7 +142,7 @@ resource "aws_security_group" "chaps_lb_sc" { cidr_blocks = ["188.214.15.75/32", "192.168.5.101/32", "81.134.202.29/32", "79.152.189.104/32", "179.50.12.212/32", "188.172.252.34/32", "194.33.192.0/25", "194.33.193.0/25", "194.33.196.0/25", "194.33.197.0/25", "195.59.75.0/24", "201.33.21.5/32", "213.121.161.112/28", "52.67.148.55/32", "54.94.206.111/32", "178.248.34.42/32", "178.248.34.43/32", "178.248.34.44/32", "178.248.34.45/32", "178.248.34.46/32", "178.248.34.47/32", "89.32.121.144/32", "185.191.249.100/32", "2.138.20.8/32", "18.169.147.172/32", "35.176.93.186/32", "18.130.148.126/32", "35.176.148.126/32", "51.149.250.0/24", "51.149.249.0/29", "194.33.249.0/29", "51.149.249.32/29", "194.33.248.0/29", "20.49.214.199/32", "20.49.214.228/32", "20.26.11.71/32", "20.26.11.108/32", "128.77.75.128/26"] } - egress { + egress { description = "Open all outbound ports" from_port = 0 to_port = 0 @@ -157,10 +157,10 @@ resource "aws_security_group" "chaps_target_sc" { vpc_id = data.aws_vpc.shared.id ingress { - description = "allow traffic from load balancer" - from_port = 80 - to_port = 80 - protocol = "tcp" + description = "allow traffic from load balancer" + from_port = 80 + to_port = 80 + protocol = "tcp" security_groups = [module.lb_access_logs_enabled.security_group.id] } diff --git a/terraform/environments/cdpt-chaps/locals.tf b/terraform/environments/cdpt-chaps/locals.tf index 1062e0c1a85..9ea4526b06e 100644 --- a/terraform/environments/cdpt-chaps/locals.tf +++ b/terraform/environments/cdpt-chaps/locals.tf @@ -19,25 +19,25 @@ locals { cluster_name = "${local.application_name}-ecs-cluster" })) - loadbalancer_ingress_rules = { - "cluster_ec2_lb_ingress" = { - description = "allow access on HTTPS" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["188.214.15.75/32", "192.168.5.101/32", "81.134.202.29/32", "79.152.189.104/32", "179.50.12.212/32", "188.172.252.34/32", "194.33.192.0/25", "194.33.193.0/25", "194.33.196.0/25", "194.33.197.0/25", "195.59.75.0/24", "201.33.21.5/32", "213.121.161.112/28", "52.67.148.55/32", "54.94.206.111/32", "178.248.34.42/32", "178.248.34.43/32", "178.248.34.44/32", "178.248.34.45/32", "178.248.34.46/32", "178.248.34.47/32", "89.32.121.144/32", "185.191.249.100/32", "2.138.20.8/32", "18.169.147.172/32", "35.176.93.186/32", "18.130.148.126/32", "35.176.148.126/32", "51.149.250.0/24", "51.149.249.0/29", "194.33.249.0/29", "51.149.249.32/29", "194.33.248.0/29", "20.49.214.199/32", "20.49.214.228/32", "20.26.11.71/32", "20.26.11.108/32", "128.77.75.128/26"] - security_groups = [] + loadbalancer_ingress_rules = { + "cluster_ec2_lb_ingress" = { + description = "allow access on HTTPS" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["188.214.15.75/32", "192.168.5.101/32", "81.134.202.29/32", "79.152.189.104/32", "179.50.12.212/32", "188.172.252.34/32", "194.33.192.0/25", "194.33.193.0/25", "194.33.196.0/25", "194.33.197.0/25", "195.59.75.0/24", "201.33.21.5/32", "213.121.161.112/28", "52.67.148.55/32", "54.94.206.111/32", "178.248.34.42/32", "178.248.34.43/32", "178.248.34.44/32", "178.248.34.45/32", "178.248.34.46/32", "178.248.34.47/32", "89.32.121.144/32", "185.191.249.100/32", "2.138.20.8/32", "18.169.147.172/32", "35.176.93.186/32", "18.130.148.126/32", "35.176.148.126/32", "51.149.250.0/24", "51.149.249.0/29", "194.33.249.0/29", "51.149.249.32/29", "194.33.248.0/29", "20.49.214.199/32", "20.49.214.228/32", "20.26.11.71/32", "20.26.11.108/32", "128.77.75.128/26"] + security_groups = [] + } } -} loadbalancer_egress_rules = { "cluster_ec2_lb_egress" = { - description = "Open all outbound ports" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - security_groups = [] + description = "Open all outbound ports" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + security_groups = [] } } } diff --git a/terraform/environments/cdpt-ifs/database.tf b/terraform/environments/cdpt-ifs/database.tf index bb641c3afda..da705d02331 100644 --- a/terraform/environments/cdpt-ifs/database.tf +++ b/terraform/environments/cdpt-ifs/database.tf @@ -3,16 +3,16 @@ #---------------------------------------------------------------------------- resource "aws_db_instance" "database" { - allocated_storage = local.application_data.accounts[local.environment].db_allocated_storage - storage_type = "gp2" - engine = "sqlserver-web" - engine_version = "14.00.3381.3.v1" - instance_class = local.application_data.accounts[local.environment].db_instance_class - identifier = local.application_data.accounts[local.environment].db_instance_identifier - username = local.application_data.accounts[local.environment].db_user - password = aws_secretsmanager_secret_version.db_password.secret_string - vpc_security_group_ids = [aws_security_group.db.id] - depends_on = [aws_security_group.db] + allocated_storage = local.application_data.accounts[local.environment].db_allocated_storage + storage_type = "gp2" + engine = "sqlserver-web" + engine_version = "14.00.3381.3.v1" + instance_class = local.application_data.accounts[local.environment].db_instance_class + identifier = local.application_data.accounts[local.environment].db_instance_identifier + username = local.application_data.accounts[local.environment].db_user + password = aws_secretsmanager_secret_version.db_password.secret_string + vpc_security_group_ids = [aws_security_group.db.id] + depends_on = [aws_security_group.db] # snapshot_identifier = local.application_data.accounts[local.environment].db_snapshot_identifier db_subnet_group_name = aws_db_subnet_group.db.id final_snapshot_identifier = "final-snapshot-${formatdate("YYYYMMDDhhmmss", timestamp())}" @@ -62,7 +62,7 @@ resource "aws_security_group" "db" { resource "aws_kms_key" "rds" { description = "Encryption key for rds" enable_key_rotation = true - policy = data.aws_iam_policy_document.rds-kms.json + policy = data.aws_iam_policy_document.rds-kms.json } resource "aws_kms_alias" "rds-kms-alias" { diff --git a/terraform/environments/cdpt-ifs/ecs.tf b/terraform/environments/cdpt-ifs/ecs.tf index d5a0a047e2d..467d867103a 100644 --- a/terraform/environments/cdpt-ifs/ecs.tf +++ b/terraform/environments/cdpt-ifs/ecs.tf @@ -330,11 +330,11 @@ resource "aws_security_group" "cluster_ec2" { } egress { - description = "Cluster EC2 loadbalancer egress rule" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] + description = "Cluster EC2 loadbalancer egress rule" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] } tags = merge( diff --git a/terraform/environments/cdpt-ifs/loadbalancer.tf b/terraform/environments/cdpt-ifs/loadbalancer.tf index e7bbe09c00c..cd81031ef78 100644 --- a/terraform/environments/cdpt-ifs/loadbalancer.tf +++ b/terraform/environments/cdpt-ifs/loadbalancer.tf @@ -21,10 +21,10 @@ resource "aws_security_group" "ifs_lb_sc" { } resource "aws_lb" "ifs_lb" { - name = "ifs-load-balancer" - load_balancer_type = "application" - security_groups = [aws_security_group.ifs_lb_sc.id] - subnets = data.aws_subnets.shared-public.ids + name = "ifs-load-balancer" + load_balancer_type = "application" + security_groups = [aws_security_group.ifs_lb_sc.id] + subnets = data.aws_subnets.shared-public.ids drop_invalid_header_fields = false } diff --git a/terraform/environments/contract-work-administration/backup_lambda.tf b/terraform/environments/contract-work-administration/backup_lambda.tf index 92a278f6173..11255de39d6 100644 --- a/terraform/environments/contract-work-administration/backup_lambda.tf +++ b/terraform/environments/contract-work-administration/backup_lambda.tf @@ -1,7 +1,7 @@ locals { create_db_snapshots_script_prefix = "dbsnapshot" delete_db_snapshots_script_prefix = "deletesnapshots" - db_connect_script_prefix = "dbconnect" + db_connect_script_prefix = "dbconnect" } resource "aws_ssm_parameter" "ssh_key" { @@ -48,8 +48,8 @@ resource "aws_iam_role" "backup_lambda" { } resource "aws_iam_policy" "backup_lambda" { #tfsec:ignore:aws-iam-no-policy-wildcards - name = "${local.application_name_short}-${local.environment}-backup-lambda-policy" - tags = merge( + name = "${local.application_name_short}-${local.environment}-backup-lambda-policy" + tags = merge( local.tags, { Name = "${local.application_name_short}-${local.environment}-backup-lambda-policy" } ) @@ -100,7 +100,7 @@ resource "aws_iam_role_policy_attachment" "backup_lambda" { resource "aws_s3_bucket" "backup_lambda" { bucket = "${local.application_name_short}-${local.environment}-backup-lambda" - tags = merge( + tags = merge( local.tags, { Name = "${local.application_name_short}-${local.environment}-backup-lambda" } ) @@ -110,7 +110,7 @@ resource "aws_s3_object" "provision_files" { bucket = aws_s3_bucket.backup_lambda.id for_each = fileset("./zipfiles/", "**") key = each.value - source = "./zipfiles/${each.value}" + source = "./zipfiles/${each.value}" content_type = "application/zip" source_hash = filemd5("./zipfiles/${each.value}") } @@ -201,15 +201,15 @@ resource "aws_security_group" "backup_lambda" { } resource "aws_lambda_layer_version" "backup_lambda" { - layer_name = "SSHNodeJSLayer" - description = "A layer to add ssh libs to lambda" - license_info = "Apache-2.0" - s3_bucket = aws_s3_bucket.backup_lambda.id - s3_key = "nodejs.zip" + layer_name = "SSHNodeJSLayer" + description = "A layer to add ssh libs to lambda" + license_info = "Apache-2.0" + s3_bucket = aws_s3_bucket.backup_lambda.id + s3_key = "nodejs.zip" source_code_hash = filebase64sha256("zipfiles/nodejs.zip") compatible_runtimes = ["nodejs18.x"] - depends_on = [time_sleep.wait_for_provision_files] # This resource creation will be delayed to ensure object exists in the bucket + depends_on = [time_sleep.wait_for_provision_files] # This resource creation will be delayed to ensure object exists in the bucket } resource "aws_lambda_function" "create_db_snapshots" { diff --git a/terraform/environments/contract-work-administration/backups.tf b/terraform/environments/contract-work-administration/backups.tf index 2f3cd2782e8..519aeb70ab0 100644 --- a/terraform/environments/contract-work-administration/backups.tf +++ b/terraform/environments/contract-work-administration/backups.tf @@ -7,7 +7,7 @@ resource "aws_backup_vault" "cwa" { } resource "aws_backup_plan" "cwa" { - name = "${local.application_name_short}-backup-daily-retain-35-days" + name = "${local.application_name_short}-backup-daily-retain-35-days" rule { rule_name = "${local.application_name_short}-backup-daily-retain-35-days" diff --git a/terraform/environments/contract-work-administration/event_rules.tf b/terraform/environments/contract-work-administration/event_rules.tf index 7a79f0381c4..5fa69dc8d22 100644 --- a/terraform/environments/contract-work-administration/event_rules.tf +++ b/terraform/environments/contract-work-administration/event_rules.tf @@ -44,6 +44,6 @@ resource "aws_lambda_permission" "delete_db_snapshots" { } resource "aws_cloudwatch_event_target" "delete_db_snapshots" { - rule = aws_cloudwatch_event_rule.delete_db_snapshots.name - arn = aws_lambda_function.delete_db_snapshots.arn + rule = aws_cloudwatch_event_rule.delete_db_snapshots.name + arn = aws_lambda_function.delete_db_snapshots.arn } diff --git a/terraform/environments/contract-work-administration/sns.tf b/terraform/environments/contract-work-administration/sns.tf index 0f464bd1903..a43016a9c0e 100644 --- a/terraform/environments/contract-work-administration/sns.tf +++ b/terraform/environments/contract-work-administration/sns.tf @@ -1,5 +1,5 @@ locals { - pagerduty_integration_key_name = local.environment == "production" ? "laa_cwa_prod_alarms" : "laa_cwa_nonprod_alarms" + pagerduty_integration_key_name = local.environment == "production" ? "laa_cwa_prod_alarms" : "laa_cwa_nonprod_alarms" } # SNS topic for monitoring to send alarms to diff --git a/terraform/environments/delius-core/bastion_linux.json b/terraform/environments/delius-core/bastion_linux.json index 084c6e7f15e..9ea93b3d617 100644 --- a/terraform/environments/delius-core/bastion_linux.json +++ b/terraform/environments/delius-core/bastion_linux.json @@ -14,9 +14,7 @@ "maspin": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgijnmGaEDQT0aKE7dMVXQP0unnCcQKAYm/nM0Bood/ maspin@unilink.com", "snorris": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlqHtp9W9q2d14MHNB8zSdMTzHtDl1tEZeTjF6uUj+z sebastian.norris@digital.justice.gov.uk" }, - "stage": { - }, - "preprod": { - } + "stage": {}, + "preprod": {} } } diff --git a/terraform/environments/delius-core/modules/components/oracle_db_shared/iam.tf b/terraform/environments/delius-core/modules/components/oracle_db_shared/iam.tf index 9f6ad84d476..59774d6743b 100644 --- a/terraform/environments/delius-core/modules/components/oracle_db_shared/iam.tf +++ b/terraform/environments/delius-core/modules/components/oracle_db_shared/iam.tf @@ -171,7 +171,7 @@ data "aws_iam_policy_document" "combined_policy_documents" { source_policy_documents = flatten([ data.aws_iam_policy_document.db_access_to_secrets_manager.json, data.aws_iam_policy_document.allow_access_to_delius_application_passwords.json - ]) + ]) } resource "aws_iam_policy" "db_access_to_secrets_manager" { diff --git a/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_cluster.tf b/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_cluster.tf index eb123dc3cc9..f9b03ea7d11 100644 --- a/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_cluster.tf +++ b/terraform/environments/delius-nextcloud/modules/components/nextcloud/ecs_cluster.tf @@ -6,8 +6,8 @@ module "ecs" { } resource "aws_security_group" "cluster" { - name = "ecs-cluster-nextcloud-${var.env_name}" - vpc_id = var.account_info.vpc_id + name = "ecs-cluster-nextcloud-${var.env_name}" + vpc_id = var.account_info.vpc_id lifecycle { create_before_destroy = true } diff --git a/terraform/environments/digital-prison-reporting/application_variables.json b/terraform/environments/digital-prison-reporting/application_variables.json index a1ba03bb6a5..162e6799eb2 100644 --- a/terraform/environments/digital-prison-reporting/application_variables.json +++ b/terraform/environments/digital-prison-reporting/application_variables.json @@ -276,7 +276,7 @@ "create_glue_registries": false, "setup_s3_buckets": true, "create_glue_connections": false, - "kinesis_agent_autoscale": true, + "kinesis_agent_autoscale": true, "ec2_instance_type": "t3.small", "ami_image_id": "ami-00cc4c3fee6bb6c22", "setup_redshift": true, @@ -466,7 +466,7 @@ "create_glue_registries": false, "setup_s3_buckets": true, "create_glue_connections": false, - "kinesis_agent_autoscale": true, + "kinesis_agent_autoscale": true, "ec2_instance_type": "t3.small", "ami_image_id": "ami-00cc4c3fee6bb6c22", "setup_redshift": true, @@ -658,7 +658,7 @@ "create_glue_registries": false, "setup_s3_buckets": true, "create_glue_connections": false, - "kinesis_agent_autoscale": true, + "kinesis_agent_autoscale": true, "ec2_instance_type": "t3.small", "ami_image_id": "ami-00cc4c3fee6bb6c22", "setup_redshift": true, diff --git a/terraform/environments/digital-prison-reporting/cross-account.tf b/terraform/environments/digital-prison-reporting/cross-account.tf index e604bd12dba..762fec8d50e 100644 --- a/terraform/environments/digital-prison-reporting/cross-account.tf +++ b/terraform/environments/digital-prison-reporting/cross-account.tf @@ -18,7 +18,7 @@ data "aws_iam_policy_document" "dataapi_cross_assume" { type = "AWS" identifiers = ["arn:aws:iam::754256621582:root"] } - } + } statement { effect = "Allow" @@ -38,7 +38,7 @@ data "aws_iam_policy_document" "dataapi_cross_assume" { values = ["sts.amazonaws.com"] variable = "oidc.eks.eu-west-2.amazonaws.com/id/${jsondecode(data.aws_secretsmanager_secret_version.dbt_secrets.secret_string)["oidc_cluster_identifier"]}:aud" } - } + } } # CrossAccount DataAPI Role @@ -51,10 +51,10 @@ resource "aws_iam_role" "dataapi_cross_role" { tags = merge( local.tags, { - Name = "${local.project}-data-api-cross-account-role" - Resource_Type = "iam" - Jira = "DPR2-751" - Resource_Group = "Front-End" + Name = "${local.project}-data-api-cross-account-role" + Resource_Type = "iam" + Jira = "DPR2-751" + Resource_Group = "Front-End" } ) } diff --git a/terraform/environments/digital-prison-reporting/locals.tf b/terraform/environments/digital-prison-reporting/locals.tf index 2d207fdde75..d8aa3ac5dca 100644 --- a/terraform/environments/digital-prison-reporting/locals.tf +++ b/terraform/environments/digital-prison-reporting/locals.tf @@ -166,7 +166,7 @@ locals { # Common Policies kms_read_access_policy = "${local.project}_kms_read_policy" s3_read_access_policy = "${local.project}_s3_read_policy" - s3_read_write_policy = "${local.project}_s3_read_write_policy" + s3_read_write_policy = "${local.project}_s3_read_write_policy" apigateway_get_policy = "${local.project}_apigateway_get_policy" invoke_lambda_policy = "${local.project}_invoke_lambda_policy" @@ -334,10 +334,10 @@ locals { # cp_k8s_secrets_placeholder enable_cp_k8s_secrets = local.application_data.accounts[local.environment].enable_cp_k8s_secrets cp_k8s_secrets_placeholder = { - cloud_platform_k8s_token = "placeholder" - cloud_platform_certificate_auth = "placeholder" - cloud_platform_k8s_server = "placeholder" - cloud_platform_k8s_cluster_name = "placeholder" + cloud_platform_k8s_token = "placeholder" + cloud_platform_certificate_auth = "placeholder" + cloud_platform_k8s_server = "placeholder" + cloud_platform_k8s_cluster_name = "placeholder" cloud_platform_k8s_cluster_context = "placeholder" } diff --git a/terraform/environments/digital-prison-reporting/modules/athena_federated_query_connectors/oracle/main.tf b/terraform/environments/digital-prison-reporting/modules/athena_federated_query_connectors/oracle/main.tf index f69e0cfecdc..c48c391a567 100644 --- a/terraform/environments/digital-prison-reporting/modules/athena_federated_query_connectors/oracle/main.tf +++ b/terraform/environments/digital-prison-reporting/modules/athena_federated_query_connectors/oracle/main.tf @@ -1,7 +1,7 @@ locals { default_connection = { "default" = values(var.connection_strings)[0] } # Transform connection_strings to the format required by the connector environment properties and add a default - connection_strings = merge({ for k, v in var.connection_strings: "${k}_connection_string" => v }, local.default_connection) + connection_strings = merge({ for k, v in var.connection_strings : "${k}_connection_string" => v }, local.default_connection) } resource "aws_security_group" "athena_federated_query_lambda_sg" { @@ -57,8 +57,8 @@ resource "aws_lambda_function" "athena_federated_query_oracle_lambda" { environment { variables = merge({ - spill_bucket = var.spill_bucket_name - spill_prefix = var.spill_bucket_prefix + spill_bucket = var.spill_bucket_name + spill_prefix = var.spill_bucket_prefix }, local.connection_strings) } } diff --git a/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf b/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf index 437962d5565..5f2fb909ece 100644 --- a/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf +++ b/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf @@ -202,7 +202,7 @@ data "aws_iam_policy_document" "generic" { actions = [ "ec2:Describe*", "ec2:Get*", - "ec2:List*", + "ec2:List*", "ec2:AssignPrivateIpAddresses", ] resources = [ diff --git a/terraform/environments/digital-prison-reporting/modules/ec2/main.tf b/terraform/environments/digital-prison-reporting/modules/ec2/main.tf index fb30216546f..2199be6eb27 100644 --- a/terraform/environments/digital-prison-reporting/modules/ec2/main.tf +++ b/terraform/environments/digital-prison-reporting/modules/ec2/main.tf @@ -5,7 +5,7 @@ data "template_file" "user_data" { vars = { environment = var.env - static_ip = var.static_private_ip + static_ip = var.static_private_ip } } diff --git a/terraform/environments/digital-prison-reporting/platform_versions.tf b/terraform/environments/digital-prison-reporting/platform_versions.tf index c8a8d457993..16ca3616eb6 100644 --- a/terraform/environments/digital-prison-reporting/platform_versions.tf +++ b/terraform/environments/digital-prison-reporting/platform_versions.tf @@ -9,9 +9,9 @@ terraform { source = "hashicorp/http" } tls = { - source = "hashicorp/tls" + source = "hashicorp/tls" version = "4.0.5" - } + } } required_version = "~> 1.0" } diff --git a/terraform/environments/digital-prison-reporting/policy.tf b/terraform/environments/digital-prison-reporting/policy.tf index e7f405868ca..833171b9095 100644 --- a/terraform/environments/digital-prison-reporting/policy.tf +++ b/terraform/environments/digital-prison-reporting/policy.tf @@ -91,7 +91,7 @@ resource "aws_iam_policy" "s3_read_write_policy" { "Resource" : [ "arn:aws:s3:::${local.project}-*" ] - }, + }, { "Effect" : "Allow", "Action" : [ @@ -534,11 +534,11 @@ resource "aws_iam_policy" "domain_builder_publish_policy" { data "aws_iam_policy_document" "redshift_dataapi" { statement { actions = [ - "redshift-data:ListTables", - "redshift-data:DescribeTable", - "redshift-data:ListSchemas", - "redshift-data:ListDatabases", - "redshift-data:ExecuteStatement" + "redshift-data:ListTables", + "redshift-data:DescribeTable", + "redshift-data:ListSchemas", + "redshift-data:ListDatabases", + "redshift-data:ExecuteStatement" ] resources = [ "arn:aws:redshift:${local.account_region}:${local.account_id}:cluster:*" @@ -547,9 +547,9 @@ data "aws_iam_policy_document" "redshift_dataapi" { statement { actions = [ - "redshift-data:GetStatementResult", - "redshift-data:DescribeStatement", - "redshift-data:ListStatements" + "redshift-data:GetStatementResult", + "redshift-data:DescribeStatement", + "redshift-data:ListStatements" ] resources = [ "*" @@ -558,10 +558,10 @@ data "aws_iam_policy_document" "redshift_dataapi" { statement { actions = [ - "secretsmanager:GetResourcePolicy", - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret", - "secretsmanager:ListSecretVersionIds" + "secretsmanager:GetResourcePolicy", + "secretsmanager:GetSecretValue", + "secretsmanager:DescribeSecret", + "secretsmanager:ListSecretVersionIds" ] resources = [ "arn:aws:secretsmanager:${local.account_region}:${local.account_id}:secret:*" @@ -570,12 +570,12 @@ data "aws_iam_policy_document" "redshift_dataapi" { statement { actions = [ - "secretsmanager:ListSecrets" + "secretsmanager:ListSecrets" ] resources = [ "*" ] - } + } } diff --git a/terraform/environments/edw/application_variables.json b/terraform/environments/edw/application_variables.json index ac6d92e2078..9c26cb8e62d 100644 --- a/terraform/environments/edw/application_variables.json +++ b/terraform/environments/edw/application_variables.json @@ -21,7 +21,7 @@ "edw_eric_ip": "10.221.60.125", "edw_ccms_ip": "10.221.60.130", "edw_backup_lambda_arn": "arn:aws:lambda:eu-west-2:411213865113:function:snapshotDBFunction", - "edw_sg_inbound_count" : "1", + "edw_sg_inbound_count": "1", "edw_management_cidr": "10.200.0.0/20", "edw_bastion_ssh_cidr": "10.202.0.0/20", "mp_domain_name": "modernisation-platform.service.justice.gov.uk", @@ -70,5 +70,3 @@ } } } - - diff --git a/terraform/environments/edw/cw.tf b/terraform/environments/edw/cw.tf index 4756e9f588e..9ef75fa6830 100644 --- a/terraform/environments/edw/cw.tf +++ b/terraform/environments/edw/cw.tf @@ -3,46 +3,46 @@ ##### EC2 Log Group resource "aws_cloudwatch_log_group" "EC2LogGoup" { - name = "${local.application_name}-EC2" - retention_in_days = 180 + name = "${local.application_name}-EC2" + retention_in_days = 180 } ##### EC2 Cloudwatch Log Groups resource "aws_cloudwatch_log_group" "EDWLogGroupCfnInit" { - name = "${local.application_name}-CfnInit" - retention_in_days = 180 + name = "${local.application_name}-CfnInit" + retention_in_days = 180 } resource "aws_cloudwatch_log_group" "EDWLogGroupOracleAlerts" { - name = "${local.application_name}-OracleAlerts" - retention_in_days = 180 + name = "${local.application_name}-OracleAlerts" + retention_in_days = 180 } resource "aws_cloudwatch_log_group" "EDWLogGroupRman" { - name = "${local.application_name}-RMan" - retention_in_days = 180 + name = "${local.application_name}-RMan" + retention_in_days = 180 } resource "aws_cloudwatch_log_group" "EDWLogGroupRmanArch" { - name = "${local.application_name}-RManArch" - retention_in_days = 180 + name = "${local.application_name}-RManArch" + retention_in_days = 180 } resource "aws_cloudwatch_log_group" "EDWLogGroupTBSFreespace" { - name = "${local.application_name}-TBSFreespace" - retention_in_days = 180 + name = "${local.application_name}-TBSFreespace" + retention_in_days = 180 } resource "aws_cloudwatch_log_group" "EDWLogGroupPMONstatus" { - name = "${local.application_name}-PMONstatus" - retention_in_days = 180 + name = "${local.application_name}-PMONstatus" + retention_in_days = 180 } resource "aws_cloudwatch_log_group" "EDWLogGroupCDCstatus" { - name = "${local.application_name}-CDCstatus" - retention_in_days = 180 + name = "${local.application_name}-CDCstatus" + retention_in_days = 180 } @@ -119,8 +119,8 @@ resource "aws_cloudwatch_metric_alarm" "EDWEc2MemoryOverThreshold" { treat_missing_data = "breaching" dimensions = { - ImageId = aws_instance.edw_db_instance.ami - InstanceId = aws_instance.edw_db_instance.id + ImageId = aws_instance.edw_db_instance.ami + InstanceId = aws_instance.edw_db_instance.id InstanceType = aws_instance.edw_db_instance.instance_type } @@ -141,12 +141,12 @@ resource "aws_cloudwatch_metric_alarm" "EDWEbsDiskSpaceUsedOverThreshold" { treat_missing_data = "breaching" dimensions = { - path = local.application_data.accounts[local.environment].edw_disk_path - InstanceId = aws_instance.edw_db_instance.id - ImageId = aws_instance.edw_db_instance.ami + path = local.application_data.accounts[local.environment].edw_disk_path + InstanceId = aws_instance.edw_db_instance.id + ImageId = aws_instance.edw_db_instance.ami InstanceType = aws_instance.edw_db_instance.instance_type - device = local.application_data.accounts[local.environment].edw_disk_device - fstype = local.application_data.accounts[local.environment].edw_disk_fs_type + device = local.application_data.accounts[local.environment].edw_disk_device + fstype = local.application_data.accounts[local.environment].edw_disk_fs_type } alarm_actions = [aws_sns_topic.edw_alerting_topic.arn] @@ -184,14 +184,14 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmOracleAlerts" { evaluation_periods = local.application_data.accounts[local.environment].edw_logstream_errors_detected_evaluation_periods treat_missing_data = "notBreaching" - alarm_actions = [aws_sns_topic.edw_alerting_topic.arn] - ok_actions = [aws_sns_topic.edw_alerting_topic.arn] + alarm_actions = [aws_sns_topic.edw_alerting_topic.arn] + ok_actions = [aws_sns_topic.edw_alerting_topic.arn] } resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterOracleAlerts" { name = "EDWLogsMetricFilterOracleAlerts" log_group_name = aws_cloudwatch_log_group.EDWLogGroupOracleAlerts.name - pattern = "\"ORA-\"" + pattern = "\"ORA-\"" metric_transformation { name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metrics_oracle_alerts}" @@ -219,7 +219,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmTBSFreespace" { resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterTBSFreespace" { name = "EDWLogsMetricFilterTBSFreespace" log_group_name = aws_cloudwatch_log_group.EDWLogGroupTBSFreespace.name - pattern = "ALERT" + pattern = "ALERT" metric_transformation { name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metrics_tbs_freespace}" @@ -247,7 +247,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmPMONstatus" { resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterPMONstatus" { name = "EDWLogsMetricFilterPMONstatus" log_group_name = aws_cloudwatch_log_group.EDWLogGroupPMONstatus.name - pattern = "DOWN" + pattern = "DOWN" metric_transformation { name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_pmon_status}" @@ -275,7 +275,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmCDCstatus" { resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterCDCstatus" { name = "EDWLogsMetricFilterCDCstatus" log_group_name = aws_cloudwatch_log_group.EDWLogGroupCDCstatus.name - pattern = "[APPLY_NAME, STATUS=\"DISABLED\"]" + pattern = "[APPLY_NAME, STATUS=\"DISABLED\"]" metric_transformation { name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_cdc_status}" @@ -303,7 +303,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmCDCstatus2" { resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterCDCstatus2" { name = "EDWLogsMetricFilterCDCstatus2" log_group_name = aws_cloudwatch_log_group.EDWLogGroupCDCstatus.name - pattern = "[SOURCE_NAME ,SOURCE_ENABLED=\"N\"]" + pattern = "[SOURCE_NAME ,SOURCE_ENABLED=\"N\"]" metric_transformation { name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_cdc_status2}" @@ -331,7 +331,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmRmanBackup" { resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterRmanBackup" { name = "EDWLogsMetricFilterRmanBackup" log_group_name = aws_cloudwatch_log_group.EDWLogGroupRman.name - pattern = "?ERRORs ?Errors ?errors ?ERROR ?Error ?error" + pattern = "?ERRORs ?Errors ?errors ?ERROR ?Error ?error" metric_transformation { name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_name_rman_backup}" @@ -359,7 +359,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmRmanArchBackup" { resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterRmanArchBackup" { name = "EDWLogsMetricFilterRmanArchBackup" log_group_name = aws_cloudwatch_log_group.EDWLogGroupRmanArch.name - pattern = "?FAILURE ?Failure ?failure" + pattern = "?FAILURE ?Failure ?failure" metric_transformation { name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_name_rman_arch_backup}" @@ -543,7 +543,7 @@ EOF # resource "aws_cloudformation_stack" "edw-cloudwatch-stack" { # name = "${local.application_name}-cloudwatch-stack" # capabilities = ["CAPABILITY_IAM"] - + # tags = merge( # local.tags, # { diff --git a/terraform/environments/edw/ec2.tf b/terraform/environments/edw/ec2.tf index 64d879692ae..a862ef35156 100644 --- a/terraform/environments/edw/ec2.tf +++ b/terraform/environments/edw/ec2.tf @@ -1,7 +1,7 @@ ####### EC2 Role ####### resource "aws_iam_role" "edw_ec2_role" { - name = "${local.application_name}-ec2-role" + name = "${local.application_name}-ec2-role" assume_role_policy = jsonencode({ Statement = [{ Effect = "Allow" @@ -54,7 +54,7 @@ resource "aws_iam_role" "edw_ec2_role" { { Name = "${local.application_name}-db-instance-role" } - ) + ) } @@ -70,29 +70,29 @@ resource "aws_iam_instance_profile" "edw_ec2_instance_profile" { { Name = "${local.application_name}-db-instance-profile" } - ) + ) } ####### DB Instance ####### resource "aws_instance" "edw_db_instance" { - ami = local.application_data.accounts[local.environment].edw_ec2_ami_id - instance_type = local.application_data.accounts[local.environment].edw_ec2_instance_type - iam_instance_profile = aws_iam_instance_profile.edw_ec2_instance_profile.id + ami = local.application_data.accounts[local.environment].edw_ec2_ami_id + instance_type = local.application_data.accounts[local.environment].edw_ec2_instance_type + iam_instance_profile = aws_iam_instance_profile.edw_ec2_instance_profile.id # ADD AFTER BASTION # key_name = local.application_data.accounts[local.environment].edw_ssh_key_name - subnet_id = data.aws_subnet.private_subnets_a.id - security_groups = [aws_security_group.edw_db_security_group.id] + subnet_id = data.aws_subnet.private_subnets_a.id + security_groups = [aws_security_group.edw_db_security_group.id] user_data = base64encode(templatefile("edw-ec2-user-data.sh", { - edw_app_name = local.application_data.accounts[local.environment].edw_AppName - edw_dns_extension = local.application_data.accounts[local.environment].edw_dns_extension - edw_environment = local.application_data.accounts[local.environment].edw_environment - edw_region = local.application_data.accounts[local.environment].edw_region - edw_ec2_role = aws_iam_role.edw_ec2_role.name + edw_app_name = local.application_data.accounts[local.environment].edw_AppName + edw_dns_extension = local.application_data.accounts[local.environment].edw_dns_extension + edw_environment = local.application_data.accounts[local.environment].edw_environment + edw_region = local.application_data.accounts[local.environment].edw_region + edw_ec2_role = aws_iam_role.edw_ec2_role.name edw_s3_backup_bucket = local.application_data.accounts[local.environment].edw_s3_backup_bucket - edw_cis_ip = local.application_data.accounts[local.environment].edw_cis_ip - edw_eric_ip = local.application_data.accounts[local.environment].edw_eric_ip - edw_ccms_ip = local.application_data.accounts[local.environment].edw_ccms_ip + edw_cis_ip = local.application_data.accounts[local.environment].edw_cis_ip + edw_eric_ip = local.application_data.accounts[local.environment].edw_eric_ip + edw_ccms_ip = local.application_data.accounts[local.environment].edw_ccms_ip })) @@ -199,7 +199,7 @@ resource "aws_ebs_volume" "ArchiveVolume" { type = "gp3" tags = { - Name = "${local.application_data.accounts[local.environment].edw_AppName}-oraarch" + Name = "${local.application_data.accounts[local.environment].edw_AppName}-oraarch" "dlm:snapshot-with:volume-hourly-35-day-retention" = "yes" } } diff --git a/terraform/environments/edw/secret-rotate.tf b/terraform/environments/edw/secret-rotate.tf index 836dfaf5cc2..418f64cd903 100644 --- a/terraform/environments/edw/secret-rotate.tf +++ b/terraform/environments/edw/secret-rotate.tf @@ -19,7 +19,7 @@ resource "aws_secretsmanager_secret" "db-master-password" { { Name = "${local.application_name}-db-master-password" } - ) + ) } resource "aws_secretsmanager_secret_version" "edw_db_master_password_version" { @@ -49,7 +49,7 @@ resource "aws_secretsmanager_secret" "edw_db_ec2_root_secret" { { Name = "${local.application_name}-ec2-system-root-password" } - ) + ) } resource "aws_secretsmanager_secret_version" "edw_db_ec2_root_password_version" { @@ -58,9 +58,9 @@ resource "aws_secretsmanager_secret_version" "edw_db_ec2_root_password_version" } resource "aws_secretsmanager_secret_rotation" "edw_db_root_rotate" { - secret_id = aws_secretsmanager_secret.edw_db_ec2_root_secret.id - rotation_lambda_arn = aws_lambda_function.rotate_secret_function.arn - rotate_immediately = true + secret_id = aws_secretsmanager_secret.edw_db_ec2_root_secret.id + rotation_lambda_arn = aws_lambda_function.rotate_secret_function.arn + rotate_immediately = true rotation_rules { automatically_after_days = local.application_data.accounts[local.environment].secret_rotation_frequency_days @@ -74,7 +74,7 @@ resource "aws_secretsmanager_secret_rotation" "edw_db_root_rotate" { data "archive_file" "lambda_inline_code" { type = "zip" - output_path = "${replace(local.application_data.accounts[local.environment].lambda_function_inline_code_filename, "py", "zip")}" + output_path = replace(local.application_data.accounts[local.environment].lambda_function_inline_code_filename, "py", "zip") source { filename = local.application_data.accounts[local.environment].lambda_function_inline_code_filename @@ -104,25 +104,25 @@ resource "aws_lambda_function" "rotate_secret_function" { { Name = "${local.application_name}-edw-secret-rotate-function" } - ) + ) } resource "aws_iam_role" "edw_lambda_function_execution_role" { name = "${local.application_data.accounts[local.environment].lambda_function_name}-execution-role" assume_role_policy = jsonencode({ - Version: "2012-10-17" - Statement: [ - { - Effect: "Allow" - Principal: { - Service: "lambda.amazonaws.com" + Version : "2012-10-17" + Statement : [ + { + Effect : "Allow" + Principal : { + Service : "lambda.amazonaws.com" }, - Action: "sts:AssumeRole" - } + Action : "sts:AssumeRole" + } ] }) - } +} resource "aws_iam_policy" "edw_lambda_function_execution_role_policy" { #tfsec:ignore:aws-iam-no-policy-wildcards name = "${local.application_data.accounts[local.environment].lambda_function_name}-Policy" @@ -131,7 +131,7 @@ resource "aws_iam_policy" "edw_lambda_function_execution_role_policy" { #tfsec:i { Name = "${local.application_name}-edw-secret-rotate-function" } - ) + ) policy = jsonencode({ Version = "2012-10-17" Statement = [ diff --git a/terraform/environments/electronic-monitoring-data/dms_g4s_cap_dw_task_tables_selection.json b/terraform/environments/electronic-monitoring-data/dms_g4s_cap_dw_task_tables_selection.json index e8183af6af8..2fc373a52d4 100644 --- a/terraform/environments/electronic-monitoring-data/dms_g4s_cap_dw_task_tables_selection.json +++ b/terraform/environments/electronic-monitoring-data/dms_g4s_cap_dw_task_tables_selection.json @@ -18,8 +18,8 @@ "rule-id": "02", "rule-name": "02", "object-locator": { - "schema-name": "dbo", - "table-name": "Log_LoadErrors" + "schema-name": "dbo", + "table-name": "Log_LoadErrors" }, "rule-action": "exclude" } diff --git a/terraform/environments/electronic-monitoring-data/lambdas_iam.tf b/terraform/environments/electronic-monitoring-data/lambdas_iam.tf index 0150ad05256..e114ca28b73 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_iam.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_iam.tf @@ -3,99 +3,99 @@ # -------------------------------------------------------------------------------- resource "aws_iam_role" "create_athena_external_tables_lambda" { - name = "create_athena_external_tables_lambda" - assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json + name = "create_athena_external_tables_lambda" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json } resource "aws_iam_role_policy_attachment" "lambda_vpc_access_execution" { - role = aws_iam_role.create_athena_external_tables_lambda.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + role = aws_iam_role.create_athena_external_tables_lambda.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" } resource "aws_iam_role_policy_attachment" "lambda_sqs_queue_access_execution" { - role = aws_iam_role.create_athena_external_tables_lambda.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" + role = aws_iam_role.create_athena_external_tables_lambda.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" } resource "aws_iam_role_policy_attachment" "get_glue_connections_and_tables" { - role = aws_iam_role.create_athena_external_tables_lambda.name - policy_arn = aws_iam_policy.get_glue_connections_and_tables.arn + role = aws_iam_role.create_athena_external_tables_lambda.name + policy_arn = aws_iam_policy.get_glue_connections_and_tables.arn } resource "aws_iam_policy" "get_glue_connections_and_tables" { - name = "get_glue_connections_and_tables" - policy = data.aws_iam_policy_document.get_glue_connections_and_tables.json + name = "get_glue_connections_and_tables" + policy = data.aws_iam_policy_document.get_glue_connections_and_tables.json } resource "aws_iam_role_policy_attachment" "get_s3_output" { - role = aws_iam_role.create_athena_external_tables_lambda.name - policy_arn = aws_iam_policy.get_s3_output.arn + role = aws_iam_role.create_athena_external_tables_lambda.name + policy_arn = aws_iam_policy.get_s3_output.arn } resource "aws_iam_policy" "get_s3_output" { - name = "get_s3_output" - policy = data.aws_iam_policy_document.get_s3_output.json + name = "get_s3_output" + policy = data.aws_iam_policy_document.get_s3_output.json } data "aws_iam_policy_document" "get_glue_connections_and_tables" { - statement { - sid = "SecretsManagerDbCredentialsAccess" - effect = "Allow" - actions = ["secretsmanager:GetSecretValue"] - resources = [aws_secretsmanager_secret_version.db_glue_connection.arn] - } - statement { - sid = "TriggerLambda" - effect = "Allow" - actions = [ - "lambda:InvokeFunction" - ] - resources = [module.create_athena_external_table.lambda_function_arn] - } - - statement { - effect = "Allow" - actions = [ - "glue:GetConnection", - "glue:GetTables", - "glue:GetTable", - "glue:GetDatabase", - "glue:GetDatabases", - "glue:CreateTable", - "glue:DeleteTable", - "glue:CreateDatabase", - "glue:DeleteDatabase" - ] - resources = [ - "arn:aws:glue:eu-west-2:${data.aws_caller_identity.current.account_id}:catalog", - "arn:aws:glue:eu-west-2:${data.aws_caller_identity.current.account_id}:database/${local.db_name}_semantic_layer", - "arn:aws:glue:eu-west-2:${data.aws_caller_identity.current.account_id}:table/${local.db_name}_semantic_layer/*", - "arn:aws:glue:eu-west-2:${data.aws_caller_identity.current.account_id}:userDefinedFunction/${local.db_name}_semantic_layer/*" - - ] - } + statement { + sid = "SecretsManagerDbCredentialsAccess" + effect = "Allow" + actions = ["secretsmanager:GetSecretValue"] + resources = [aws_secretsmanager_secret_version.db_glue_connection.arn] + } + statement { + sid = "TriggerLambda" + effect = "Allow" + actions = [ + "lambda:InvokeFunction" + ] + resources = [module.create_athena_external_table.lambda_function_arn] + } + + statement { + effect = "Allow" + actions = [ + "glue:GetConnection", + "glue:GetTables", + "glue:GetTable", + "glue:GetDatabase", + "glue:GetDatabases", + "glue:CreateTable", + "glue:DeleteTable", + "glue:CreateDatabase", + "glue:DeleteDatabase" + ] + resources = [ + "arn:aws:glue:eu-west-2:${data.aws_caller_identity.current.account_id}:catalog", + "arn:aws:glue:eu-west-2:${data.aws_caller_identity.current.account_id}:database/${local.db_name}_semantic_layer", + "arn:aws:glue:eu-west-2:${data.aws_caller_identity.current.account_id}:table/${local.db_name}_semantic_layer/*", + "arn:aws:glue:eu-west-2:${data.aws_caller_identity.current.account_id}:userDefinedFunction/${local.db_name}_semantic_layer/*" + + ] + } } data "aws_iam_policy_document" "get_s3_output" { - statement { - effect = "Allow" - actions = [ - "s3:ListObjects" - ] - resources = [ - "${aws_s3_bucket.dms_target_ep_s3_bucket.arn}/*" - ] - } - statement { - effect = "Allow" - actions = [ - "s3:ListBucket" - ] - resources = [ - aws_s3_bucket.dms_target_ep_s3_bucket.arn - ] - } + statement { + effect = "Allow" + actions = [ + "s3:ListObjects" + ] + resources = [ + "${aws_s3_bucket.dms_target_ep_s3_bucket.arn}/*" + ] + } + statement { + effect = "Allow" + actions = [ + "s3:ListBucket" + ] + resources = [ + aws_s3_bucket.dms_target_ep_s3_bucket.arn + ] + } } @@ -104,61 +104,61 @@ data "aws_iam_policy_document" "get_s3_output" { # ------------------------------------------------ resource "aws_iam_role" "get_metadata_from_rds" { - name = "get_metadata_from_rds_lambda" - assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json + name = "get_metadata_from_rds_lambda" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json } resource "aws_iam_role_policy_attachment" "get_metadata_from_rds_lambda_vpc_access_execution" { - role = aws_iam_role.get_metadata_from_rds.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + role = aws_iam_role.get_metadata_from_rds.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" } resource "aws_iam_role_policy_attachment" "get_metadata_from_rds_lambda_sqs_queue_access_execution" { - role = aws_iam_role.get_metadata_from_rds.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" + role = aws_iam_role.get_metadata_from_rds.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" } resource "aws_iam_role_policy_attachment" "get_metadata_from_rds_get_glue_connections_and_tables" { - role = aws_iam_role.get_metadata_from_rds.name - policy_arn = aws_iam_policy.get_glue_connections_and_tables.arn + role = aws_iam_role.get_metadata_from_rds.name + policy_arn = aws_iam_policy.get_glue_connections_and_tables.arn } resource "aws_iam_role_policy_attachment" "get_metadata_from_rds_get_s3_output" { - role = aws_iam_role.get_metadata_from_rds.name - policy_arn = aws_iam_policy.get_s3_output.arn + role = aws_iam_role.get_metadata_from_rds.name + policy_arn = aws_iam_policy.get_s3_output.arn } resource "aws_iam_role_policy_attachment" "get_metadata_from_rds_write_meta_to_s3" { - role = aws_iam_role.get_metadata_from_rds.name - policy_arn = aws_iam_policy.write_meta_to_s3.arn + role = aws_iam_role.get_metadata_from_rds.name + policy_arn = aws_iam_policy.write_meta_to_s3.arn } resource "aws_iam_policy" "write_meta_to_s3" { - name = "write_meta_to_s3" - policy = data.aws_iam_policy_document.write_meta_to_s3.json + name = "write_meta_to_s3" + policy = data.aws_iam_policy_document.write_meta_to_s3.json } data "aws_iam_policy_document" "write_meta_to_s3" { - statement { - effect = "Allow" - actions = [ - "s3:ListObjects", - "s3:PutObject", - "s3:PutObjectAcl" - ] - resources = [ - "${module.metadata-s3-bucket.bucket.arn}/*" - ] - } - statement { - effect = "Allow" - actions = [ - "s3:ListBucket" - ] - resources = [ - module.metadata-s3-bucket.bucket.arn - ] - } + statement { + effect = "Allow" + actions = [ + "s3:ListObjects", + "s3:PutObject", + "s3:PutObjectAcl" + ] + resources = [ + "${module.metadata-s3-bucket.bucket.arn}/*" + ] + } + statement { + effect = "Allow" + actions = [ + "s3:ListBucket" + ] + resources = [ + module.metadata-s3-bucket.bucket.arn + ] + } } @@ -168,61 +168,61 @@ data "aws_iam_policy_document" "write_meta_to_s3" { # ------------------------------------------------ resource "aws_iam_role" "send_metadata_to_ap" { - name = "send_metadata_to_ap" - assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json + name = "send_metadata_to_ap" + assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json } resource "aws_iam_role_policy_attachment" "write_metadata_to_ap_lambda_vpc_access_execution" { - role = aws_iam_role.send_metadata_to_ap.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + role = aws_iam_role.send_metadata_to_ap.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" } resource "aws_iam_role_policy_attachment" "write_metadata_to_ap_lambda_sqs_queue_access_execution" { - role = aws_iam_role.send_metadata_to_ap.name - policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" + role = aws_iam_role.send_metadata_to_ap.name + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" } resource "aws_iam_role_policy_attachment" "write_metadata_to_ap_write_meta_to_s3" { - role = aws_iam_role.send_metadata_to_ap.name - policy_arn = aws_iam_policy.get_meta_from_s3.arn + role = aws_iam_role.send_metadata_to_ap.name + policy_arn = aws_iam_policy.get_meta_from_s3.arn } resource "aws_iam_policy" "get_meta_from_s3" { - name = "get_meta_from_s3" - policy = data.aws_iam_policy_document.get_meta_from_s3.json + name = "get_meta_from_s3" + policy = data.aws_iam_policy_document.get_meta_from_s3.json } resource "aws_iam_policy" "write_to_ap_s3" { - name = "write_to_ap_s3" - policy = data.aws_iam_policy_document.write_to_ap_s3.json + name = "write_to_ap_s3" + policy = data.aws_iam_policy_document.write_to_ap_s3.json } resource "aws_iam_role_policy_attachment" "write_metadata_to_ap_write_to_ap_s3" { - role = aws_iam_role.send_metadata_to_ap.name - policy_arn = aws_iam_policy.write_to_ap_s3.arn + role = aws_iam_role.send_metadata_to_ap.name + policy_arn = aws_iam_policy.write_to_ap_s3.arn } data "aws_iam_policy_document" "get_meta_from_s3" { - statement { - effect = "Allow" - actions = [ - "s3:ListObjects", - "s3:GetObject" - ] - resources = [ - "${module.metadata-s3-bucket.bucket.arn}/*" - ] - } - statement { - effect = "Allow" - actions = [ - "s3:ListBucket" - ] - resources = [ - module.metadata-s3-bucket.bucket.arn - ] - } + statement { + effect = "Allow" + actions = [ + "s3:ListObjects", + "s3:GetObject" + ] + resources = [ + "${module.metadata-s3-bucket.bucket.arn}/*" + ] + } + statement { + effect = "Allow" + actions = [ + "s3:ListBucket" + ] + resources = [ + module.metadata-s3-bucket.bucket.arn + ] + } } data "aws_iam_policy_document" "write_to_ap_s3" { diff --git a/terraform/environments/electronic-monitoring-data/lambdas_layers.tf b/terraform/environments/electronic-monitoring-data/lambdas_layers.tf index 4cdabc8e458..c590006aba4 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_layers.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_layers.tf @@ -2,12 +2,12 @@ # create_external_athena_tables layer # -------------------------------------------------------------------------------------------------- locals { - layer_path = "${local.lambda_path}/layers" - create_external_athena_tables_layer_core = { + layer_path = "${local.lambda_path}/layers" + create_external_athena_tables_layer_core = { layer_zip_name = "create_athena_external_tables_layer.zip" layer_name = "create_athena_external_tables_layer" requirements_name = "create_athena_external_tables_requirements.txt" - } + } create_external_athena_tables_layer = { layer_zip_name = local.create_external_athena_tables_layer_core.layer_zip_name layer_name = local.create_external_athena_tables_layer_core.layer_name @@ -18,10 +18,10 @@ locals { } resource "aws_lambda_layer_version" "create_external_athena_tables_layer" { - filename = local.create_external_athena_tables_layer.layer_zip_path - layer_name = local.create_external_athena_tables_layer.layer_name - compatible_runtimes = ["python3.11"] - source_code_hash = filesha1(local.create_external_athena_tables_layer.layer_zip_path) + filename = local.create_external_athena_tables_layer.layer_zip_path + layer_name = local.create_external_athena_tables_layer.layer_name + compatible_runtimes = ["python3.11"] + source_code_hash = filesha1(local.create_external_athena_tables_layer.layer_zip_path) } # -------------------------------------------------------------------------------------------------- @@ -44,8 +44,8 @@ locals { } resource "aws_lambda_layer_version" "mojap_metadata_layer" { - filename = local.mojap_metadata.layer_zip_path - layer_name = local.mojap_metadata.layer_name - compatible_runtimes = ["python3.11"] - source_code_hash = filesha1(local.mojap_metadata.layer_zip_path) + filename = local.mojap_metadata.layer_zip_path + layer_name = local.mojap_metadata.layer_name + compatible_runtimes = ["python3.11"] + source_code_hash = filesha1(local.mojap_metadata.layer_zip_path) } \ No newline at end of file diff --git a/terraform/environments/electronic-monitoring-data/lambdas_main.tf b/terraform/environments/electronic-monitoring-data/lambdas_main.tf index cc7184fbe1b..9f8fb4a1eb0 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_main.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_main.tf @@ -1,41 +1,41 @@ locals { - lambda_path = "lambdas" - db_name = local.is-production ? "g4s_cap_dw" : "test" + lambda_path = "lambdas" + db_name = local.is-production ? "g4s_cap_dw" : "test" } # ------------------------------------------------------ # Get Metadata from RDS Function # ------------------------------------------------------ data "archive_file" "get_metadata_from_rds" { - type = "zip" - source_file = "${local.lambda_path}/get_metadata_from_rds.py" - output_path = "${local.lambda_path}/get_metadata_from_rds.zip" + type = "zip" + source_file = "${local.lambda_path}/get_metadata_from_rds.py" + output_path = "${local.lambda_path}/get_metadata_from_rds.zip" } #checkov:skip=CKV_AWS_272 module "get_metadata_from_rds_lambda" { - source = "./modules/lambdas" - filename = "${local.lambda_path}/get_metadata_from_rds.zip" + source = "./modules/lambdas" + filename = "${local.lambda_path}/get_metadata_from_rds.zip" function_name = "get-metadata-from-rds" - role_arn = aws_iam_role.get_metadata_from_rds.arn - role_name = aws_iam_role.get_metadata_from_rds.name - handler = "get_metadata_from_rds.handler" + role_arn = aws_iam_role.get_metadata_from_rds.arn + role_name = aws_iam_role.get_metadata_from_rds.name + handler = "get_metadata_from_rds.handler" layers = [ "arn:aws:lambda:eu-west-2:336392948345:layer:AWSSDKPandas-Python311:12", aws_lambda_layer_version.mojap_metadata_layer.arn, aws_lambda_layer_version.create_external_athena_tables_layer.arn - ] - source_code_hash = data.archive_file.get_metadata_from_rds.output_base64sha256 - timeout = 900 - memory_size = 1024 - runtime = "python3.11" + ] + source_code_hash = data.archive_file.get_metadata_from_rds.output_base64sha256 + timeout = 900 + memory_size = 1024 + runtime = "python3.11" security_group_ids = [aws_security_group.lambda_db_security_group.id] - subnet_ids = data.aws_subnets.shared-public.ids + subnet_ids = data.aws_subnets.shared-public.ids environment_variables = { - SECRET_NAME = aws_secretsmanager_secret.db_glue_connection.name - DB_NAME = local.db_name - METADATA_STORE_BUCKET = module.metadata-s3-bucket.bucket.id - } + SECRET_NAME = aws_secretsmanager_secret.db_glue_connection.name + DB_NAME = local.db_name + METADATA_STORE_BUCKET = module.metadata-s3-bucket.bucket.id + } env_account_id = local.env_account_id } @@ -47,36 +47,36 @@ module "get_metadata_from_rds_lambda" { data "archive_file" "create_athena_external_table" { - type = "zip" - source_file = "${local.lambda_path}/create_athena_external_table.py" - output_path = "${local.lambda_path}/create_athena_external_table.zip" + type = "zip" + source_file = "${local.lambda_path}/create_athena_external_table.py" + output_path = "${local.lambda_path}/create_athena_external_table.zip" } module "create_athena_external_table" { - source = "./modules/lambdas" - filename = "${local.lambda_path}/create_athena_external_table.zip" - function_name = "create_athena_external_table" - role_arn = aws_iam_role.create_athena_external_tables_lambda.arn - role_name = aws_iam_role.create_athena_external_tables_lambda.name - handler = "create_athena_external_table.handler" - layers = [ - "arn:aws:lambda:eu-west-2:017000801446:layer:AWSLambdaPowertoolsPythonV2:69", - "arn:aws:lambda:eu-west-2:336392948345:layer:AWSSDKPandas-Python311:12", - aws_lambda_layer_version.mojap_metadata_layer.arn, - aws_lambda_layer_version.create_external_athena_tables_layer.arn - ] - source_code_hash = data.archive_file.create_athena_external_table.output_base64sha256 - timeout = 900 - memory_size = 1024 - runtime = "python3.11" - security_group_ids = [aws_security_group.lambda_db_security_group.id] - subnet_ids = data.aws_subnets.shared-public.ids - env_account_id = local.env_account_id - environment_variables = { - DB_NAME = local.db_name - S3_BUCKET_NAME = aws_s3_bucket.dms_target_ep_s3_bucket.id - - } + source = "./modules/lambdas" + filename = "${local.lambda_path}/create_athena_external_table.zip" + function_name = "create_athena_external_table" + role_arn = aws_iam_role.create_athena_external_tables_lambda.arn + role_name = aws_iam_role.create_athena_external_tables_lambda.name + handler = "create_athena_external_table.handler" + layers = [ + "arn:aws:lambda:eu-west-2:017000801446:layer:AWSLambdaPowertoolsPythonV2:69", + "arn:aws:lambda:eu-west-2:336392948345:layer:AWSSDKPandas-Python311:12", + aws_lambda_layer_version.mojap_metadata_layer.arn, + aws_lambda_layer_version.create_external_athena_tables_layer.arn + ] + source_code_hash = data.archive_file.create_athena_external_table.output_base64sha256 + timeout = 900 + memory_size = 1024 + runtime = "python3.11" + security_group_ids = [aws_security_group.lambda_db_security_group.id] + subnet_ids = data.aws_subnets.shared-public.ids + env_account_id = local.env_account_id + environment_variables = { + DB_NAME = local.db_name + S3_BUCKET_NAME = aws_s3_bucket.dms_target_ep_s3_bucket.id + + } } # ------------------------------------------------------ @@ -85,30 +85,30 @@ module "create_athena_external_table" { data "archive_file" "send_metadata_to_ap" { - type = "zip" - source_file = "${local.lambda_path}/send_metadata_to_ap.py" - output_path = "${local.lambda_path}/send_metadata_to_ap.zip" + type = "zip" + source_file = "${local.lambda_path}/send_metadata_to_ap.py" + output_path = "${local.lambda_path}/send_metadata_to_ap.zip" } module "send_metadata_to_ap" { - source = "./modules/lambdas" - filename = "${local.lambda_path}/send_metadata_to_ap.zip" - function_name = "send_metadata_to_ap" - role_arn = aws_iam_role.send_metadata_to_ap.arn - role_name = aws_iam_role.send_metadata_to_ap.name - handler = "send_metadata_to_ap.handler" - source_code_hash = data.archive_file.send_metadata_to_ap.output_base64sha256 - layers = null - timeout = 900 - memory_size = 1024 - runtime = "python3.11" - security_group_ids = [aws_security_group.lambda_db_security_group.id] - subnet_ids = data.aws_subnets.shared-public.ids - env_account_id = local.env_account_id - environment_variables = { - REG_BUCKET_NAME = local.register_my_data_bucket - - } + source = "./modules/lambdas" + filename = "${local.lambda_path}/send_metadata_to_ap.zip" + function_name = "send_metadata_to_ap" + role_arn = aws_iam_role.send_metadata_to_ap.arn + role_name = aws_iam_role.send_metadata_to_ap.name + handler = "send_metadata_to_ap.handler" + source_code_hash = data.archive_file.send_metadata_to_ap.output_base64sha256 + layers = null + timeout = 900 + memory_size = 1024 + runtime = "python3.11" + security_group_ids = [aws_security_group.lambda_db_security_group.id] + subnet_ids = data.aws_subnets.shared-public.ids + env_account_id = local.env_account_id + environment_variables = { + REG_BUCKET_NAME = local.register_my_data_bucket + + } } resource "aws_lambda_permission" "send_metadata_to_ap" { diff --git a/terraform/environments/electronic-monitoring-data/lambdas_secrets.tf b/terraform/environments/electronic-monitoring-data/lambdas_secrets.tf index 1da49e7c199..756ad8a18fe 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_secrets.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_secrets.tf @@ -3,14 +3,14 @@ resource "aws_secretsmanager_secret" "db_glue_connection" { } resource "aws_secretsmanager_secret_version" "db_glue_connection" { - secret_id = aws_secretsmanager_secret.db_glue_connection.id + secret_id = aws_secretsmanager_secret.db_glue_connection.id secret_string = jsonencode( { - "host" = "${aws_db_instance.database_2022.address},${aws_db_instance.database_2022.port}", - "username" = aws_db_instance.database_2022.username, - "password" = aws_secretsmanager_secret_version.db_password.secret_string, - "engine" = "sqlserver", - "port" = aws_db_instance.database_2022.port + "host" = "${aws_db_instance.database_2022.address},${aws_db_instance.database_2022.port}", + "username" = aws_db_instance.database_2022.username, + "password" = aws_secretsmanager_secret_version.db_password.secret_string, + "engine" = "sqlserver", + "port" = aws_db_instance.database_2022.port } - ) + ) } \ No newline at end of file diff --git a/terraform/environments/electronic-monitoring-data/lambdas_security_groups.tf b/terraform/environments/electronic-monitoring-data/lambdas_security_groups.tf index 1fc46251f84..c778cf0c7e0 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_security_groups.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_security_groups.tf @@ -9,11 +9,11 @@ resource "aws_security_group" "lambda_db_security_group" { resource "aws_vpc_security_group_egress_rule" "lambda_all_outbound" { security_group_id = aws_security_group.lambda_db_security_group.id - cidr_ipv4 = "0.0.0.0/0" - ip_protocol = "tcp" - from_port = 0 - to_port = 65535 - description = "Lambda outbound access" + cidr_ipv4 = "0.0.0.0/0" + ip_protocol = "tcp" + from_port = 0 + to_port = 65535 + description = "Lambda outbound access" } resource "aws_vpc_security_group_ingress_rule" "lambda_to_rds_sg_rule" { diff --git a/terraform/environments/electronic-monitoring-data/locals.tf b/terraform/environments/electronic-monitoring-data/locals.tf index 83d824f9a7d..969a00a05ba 100644 --- a/terraform/environments/electronic-monitoring-data/locals.tf +++ b/terraform/environments/electronic-monitoring-data/locals.tf @@ -1,6 +1,6 @@ #### This file can be used to store locals specific to the member account #### locals { - env_account_id = local.environment_management.account_ids[terraform.workspace] + env_account_id = local.environment_management.account_ids[terraform.workspace] #---------------------------------------------------------------------------- # CAPITA #---------------------------------------------------------------------------- diff --git a/terraform/environments/electronic-monitoring-data/modules/dms/dms_g4s_cap_dw_task_transformations.json b/terraform/environments/electronic-monitoring-data/modules/dms/dms_g4s_cap_dw_task_transformations.json index 2342d577a2a..11a7eb6b4db 100644 --- a/terraform/environments/electronic-monitoring-data/modules/dms/dms_g4s_cap_dw_task_transformations.json +++ b/terraform/environments/electronic-monitoring-data/modules/dms/dms_g4s_cap_dw_task_transformations.json @@ -47,4 +47,4 @@ "old-value": null } ] -} \ No newline at end of file +} diff --git a/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf b/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf index 2b75495281f..73b35f5efaf 100644 --- a/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf +++ b/terraform/environments/electronic-monitoring-data/modules/lambdas/main.tf @@ -1,10 +1,10 @@ resource "aws_sqs_queue" "lambda_dlq" { - name = "${var.function_name}-dlq" - kms_master_key_id = aws_kms_key.lambda_env_key.id + name = "${var.function_name}-dlq" + kms_master_key_id = aws_kms_key.lambda_env_key.id } resource "aws_kms_key" "lambda_env_key" { - description = "KMS key for encrypting Lambda environment variables for ${var.function_name}" + description = "KMS key for encrypting Lambda environment variables for ${var.function_name}" enable_key_rotation = true policy = < Amazon ECS Sample App

Amazon ECS Sample App

Congratulations!

Your application is now running on a container in Amazon ECS.

'; C:\\ServiceMonitor.exe w3svc" - ], - "entryPoint": [ - "powershell", - "-Command" - ], - "name" : "${app_name}-container", - "image" : "${container_definition_image}", - "cpu" : 512, - "memory" : 1024, - "essential" : true, - "portMappings" : [ + ], + "entryPoint": ["powershell", "-Command"], + "name": "${app_name}-container", + "image": "${container_definition_image}", + "cpu": 512, + "memory": 1024, + "essential": true, + "portMappings": [ { "hostPort": 0, "containerPort": 80, "protocol": "tcp" } ], - "logConfiguration" : { - "logDriver" : "awslogs", - "options" : { - "awslogs-group" : "${awslogs-group}", - "awslogs-region" : "eu-west-2", - "awslogs-stream-prefix" : "ecs" + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "${awslogs-group}", + "awslogs-region": "eu-west-2", + "awslogs-stream-prefix": "ecs" } }, "mountPoints": [ @@ -34,22 +31,22 @@ } ], - "environment" : [ + "environment": [ { - "name" : "supportEmail", - "value" : "${supportEmail}" + "name": "supportEmail", + "value": "${supportEmail}" }, { - "name" : "supportTeam", - "value" : "${supportTeam}" + "name": "supportTeam", + "value": "${supportTeam}" }, { - "name" : "CurServer", - "value" : "${CurServer}" + "name": "CurServer", + "value": "${CurServer}" }, { - "name" : "RDS_PASSWORD", - "value" : "${rds_password}" + "name": "RDS_PASSWORD", + "value": "${rds_password}" } ] } diff --git a/terraform/environments/tribunals/container_definition_ftp.json b/terraform/environments/tribunals/container_definition_ftp.json index e35f18ba229..208a51e186a 100644 --- a/terraform/environments/tribunals/container_definition_ftp.json +++ b/terraform/environments/tribunals/container_definition_ftp.json @@ -1,18 +1,13 @@ [ { - "command": [ - "C:\\ServiceMonitor.exe w3svc" - ], - "entryPoint": [ - "powershell", - "-Command" - ], - "name" : "${app_name}-container", - "image" : "${container_definition_image}", - "cpu" : 512, - "memory" : 1024, - "essential" : true, - "portMappings" : [ + "command": ["C:\\ServiceMonitor.exe w3svc"], + "entryPoint": ["powershell", "-Command"], + "name": "${app_name}-container", + "image": "${container_definition_image}", + "cpu": 512, + "memory": 1024, + "essential": true, + "portMappings": [ { "hostPort": 0, "containerPort": 22, @@ -24,12 +19,12 @@ "protocol": "tcp" } ], - "logConfiguration" : { - "logDriver" : "awslogs", - "options" : { - "awslogs-group" : "${awslogs-group}", - "awslogs-region" : "eu-west-2", - "awslogs-stream-prefix" : "ecs" + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": "${awslogs-group}", + "awslogs-region": "eu-west-2", + "awslogs-stream-prefix": "ecs" } }, "mountPoints": [ diff --git a/terraform/environments/tribunals/dms.tf b/terraform/environments/tribunals/dms.tf index 4388e8fa88d..9b59be12541 100644 --- a/terraform/environments/tribunals/dms.tf +++ b/terraform/environments/tribunals/dms.tf @@ -82,38 +82,38 @@ resource "aws_iam_role_policy" "dms_vpc_management_policy" { } resource "aws_dms_endpoint" "source" { - database_name = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["dbname"] - endpoint_id = "tribunals-source" - endpoint_type = "source" - engine_name = "sqlserver" - password = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["password"] - port = 1433 - server_name = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["host"] - ssl_mode = "none" + database_name = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["dbname"] + endpoint_id = "tribunals-source" + endpoint_type = "source" + engine_name = "sqlserver" + password = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["password"] + port = 1433 + server_name = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["host"] + ssl_mode = "none" username = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["username"] } # Uncomment modernisation_dms_access for first time creation of the Security Group in AWS DSD Account resource "aws_security_group" "modernisation_dms_access" { - provider = aws.mojdsd - name = "modernisation_dms_access_${local.environment}" - description = "allow dms access to the database for the modernisation platform" - - ingress { - from_port = 1433 - to_port = 1433 - protocol = "tcp" - description = "Allow DMS to connect to source database" - cidr_blocks = ["${aws_dms_replication_instance.tribunals_replication_instance.replication_instance_public_ips[0]}/32"] - } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } + provider = aws.mojdsd + name = "modernisation_dms_access_${local.environment}" + description = "allow dms access to the database for the modernisation platform" + + ingress { + from_port = 1433 + to_port = 1433 + protocol = "tcp" + description = "Allow DMS to connect to source database" + cidr_blocks = ["${aws_dms_replication_instance.tribunals_replication_instance.replication_instance_public_ips[0]}/32"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } } // Uncomment setup_target_rds_security_group for first time setup of DMS @@ -123,7 +123,7 @@ resource "null_resource" "setup_target_rds_security_group" { provisioner "local-exec" { interpreter = ["bash", "-c"] - command = "ifconfig -a; chmod +x ./setup-security-group.sh; ./setup-security-group.sh" + command = "ifconfig -a; chmod +x ./setup-security-group.sh; ./setup-security-group.sh" environment = { DMS_SECURITY_GROUP = aws_security_group.modernisation_dms_access.id diff --git a/terraform/environments/tribunals/dns_ssl.tf b/terraform/environments/tribunals/dns_ssl.tf index 09ab9eea2a2..4a936aeacc2 100644 --- a/terraform/environments/tribunals/dns_ssl.tf +++ b/terraform/environments/tribunals/dns_ssl.tf @@ -175,38 +175,38 @@ variable "sftp_services" { locals { modules = { - appeals = module.appeals - ahmlr = module.ahmlr - care_standards = module.care_standards - cicap = module.cicap - employment_appeals = module.employment_appeals - finance_and_tax = module.finance_and_tax - immigration_services = module.immigration_services - information_tribunal = module.information_tribunal - lands_tribunal = module.lands_tribunal - transport = module.transport - charity_tribunal_decisions = module.charity_tribunal_decisions + appeals = module.appeals + ahmlr = module.ahmlr + care_standards = module.care_standards + cicap = module.cicap + employment_appeals = module.employment_appeals + finance_and_tax = module.finance_and_tax + immigration_services = module.immigration_services + information_tribunal = module.information_tribunal + lands_tribunal = module.lands_tribunal + transport = module.transport + charity_tribunal_decisions = module.charity_tribunal_decisions claims_management_decisions = module.claims_management_decisions - consumer_credit_appeals = module.consumer_credit_appeals - estate_agent_appeals = module.estate_agent_appeals - primary_health_lists = module.primary_health_lists - siac = module.siac - sscs_venue_pages = module.sscs_venue_pages - tax_chancery_decisions = module.tax_chancery_decisions - tax_tribunal_decisions = module.tax_tribunal_decisions - ftp_admin_appeals = module.ftp_admin_appeals + consumer_credit_appeals = module.consumer_credit_appeals + estate_agent_appeals = module.estate_agent_appeals + primary_health_lists = module.primary_health_lists + siac = module.siac + sscs_venue_pages = module.sscs_venue_pages + tax_chancery_decisions = module.tax_chancery_decisions + tax_tribunal_decisions = module.tax_tribunal_decisions + ftp_admin_appeals = module.ftp_admin_appeals } sftp_modules = { - charity_tribunal_decisions = module.charity_tribunal_decisions + charity_tribunal_decisions = module.charity_tribunal_decisions claims_management_decisions = module.claims_management_decisions - consumer_credit_appeals = module.consumer_credit_appeals - estate_agent_appeals = module.estate_agent_appeals - primary_health_lists = module.primary_health_lists - siac = module.siac - sscs_venue_pages = module.sscs_venue_pages - tax_chancery_decisions = module.tax_chancery_decisions - tax_tribunal_decisions = module.tax_tribunal_decisions - ftp_admin_appeals = module.ftp_admin_appeals + consumer_credit_appeals = module.consumer_credit_appeals + estate_agent_appeals = module.estate_agent_appeals + primary_health_lists = module.primary_health_lists + siac = module.siac + sscs_venue_pages = module.sscs_venue_pages + tax_chancery_decisions = module.tax_chancery_decisions + tax_tribunal_decisions = module.tax_tribunal_decisions + ftp_admin_appeals = module.ftp_admin_appeals } } diff --git a/terraform/environments/tribunals/ecs-cluster-shared.tf b/terraform/environments/tribunals/ecs-cluster-shared.tf index bcbb18c41f1..6fe0bf9f557 100644 --- a/terraform/environments/tribunals/ecs-cluster-shared.tf +++ b/terraform/environments/tribunals/ecs-cluster-shared.tf @@ -115,7 +115,7 @@ resource "aws_security_group" "ecs_service" { name_prefix = "ecs-service-sg-" vpc_id = data.aws_vpc.shared.id - ingress { + ingress { from_port = 80 to_port = 80 protocol = "tcp" diff --git a/terraform/environments/tribunals/main.tf b/terraform/environments/tribunals/main.tf index 852006eed14..3956c1a2a67 100644 --- a/terraform/environments/tribunals/main.tf +++ b/terraform/environments/tribunals/main.tf @@ -1,611 +1,611 @@ locals { - rds_url = "${aws_db_instance.rdsdb.address}" - rds_user = jsondecode(data.aws_secretsmanager_secret_version.data_rds_secret_current.secret_string)["username"] - rds_port = "1433" - rds_password = jsondecode(data.aws_secretsmanager_secret_version.data_rds_secret_current.secret_string)["password"] - source_db_url = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["host"] - source_db_user = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["username"] - source_db_password = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["password"] - waf_arn = "${aws_wafv2_web_acl.tribunals_web_acl.arn}" + rds_url = aws_db_instance.rdsdb.address + rds_user = jsondecode(data.aws_secretsmanager_secret_version.data_rds_secret_current.secret_string)["username"] + rds_port = "1433" + rds_password = jsondecode(data.aws_secretsmanager_secret_version.data_rds_secret_current.secret_string)["password"] + source_db_url = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["host"] + source_db_user = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["username"] + source_db_password = jsondecode(data.aws_secretsmanager_secret_version.source_db_secret_current.secret_string)["password"] + waf_arn = aws_wafv2_web_acl.tribunals_web_acl.arn } module "appeals" { - is_ftp_app = false - source = "./modules/tribunal" + is_ftp_app = false + source = "./modules/tribunal" # The app_name needs to match the folder name in the volume - app_name = "appeals" - app_url = "administrativeappeals" - sql_migration_path = "../scripts/administrative_appeals" - app_db_name = "ossc" - app_db_login_name = "ossc-app" - app_source_db_name = "Ossc" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "JudgmentFiles" - waf_arn = local.waf_arn + app_name = "appeals" + app_url = "administrativeappeals" + sql_migration_path = "../scripts/administrative_appeals" + app_db_name = "ossc" + app_db_login_name = "ossc-app" + app_source_db_name = "Ossc" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "JudgmentFiles" + waf_arn = local.waf_arn } module "ahmlr" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "hmlands" - app_url = "landregistrationdivision" - sql_migration_path = "../scripts/ahmlr" - app_db_name = "hmlands" - app_db_login_name = "hmlands-app" - app_source_db_name = "hmlands" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Judgments" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "hmlands" + app_url = "landregistrationdivision" + sql_migration_path = "../scripts/ahmlr" + app_db_name = "hmlands" + app_db_login_name = "hmlands-app" + app_source_db_name = "hmlands" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Judgments" + waf_arn = local.waf_arn } module "care_standards" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "care-standards" - app_url = "carestandards" - sql_migration_path = "../scripts/care_standards" - app_db_name = "carestandards" - app_db_login_name = "carestandards-app" - app_source_db_name = "carestandards" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Judgments" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "care-standards" + app_url = "carestandards" + sql_migration_path = "../scripts/care_standards" + app_db_name = "carestandards" + app_db_login_name = "carestandards-app" + app_source_db_name = "carestandards" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Judgments" + waf_arn = local.waf_arn } module "cicap" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "cicap" - app_url = "cicap" - sql_migration_path = "../scripts/cicap" - app_db_name = "cicap" - app_db_login_name = "cicap-app" - app_source_db_name = "cicap" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "CaseFiles" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "cicap" + app_url = "cicap" + sql_migration_path = "../scripts/cicap" + app_db_name = "cicap" + app_db_login_name = "cicap-app" + app_source_db_name = "cicap" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "CaseFiles" + waf_arn = local.waf_arn } module "employment_appeals" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "employment-appeals" - app_url = "employmentappeals" - sql_migration_path = "../scripts/employment_appeals" - app_db_name = "eat" - app_db_login_name = "eat-app" - app_source_db_name = "eat" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Public/Upload" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "employment-appeals" + app_url = "employmentappeals" + sql_migration_path = "../scripts/employment_appeals" + app_db_name = "eat" + app_db_login_name = "eat-app" + app_source_db_name = "eat" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Public/Upload" + waf_arn = local.waf_arn } module "finance_and_tax" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "finance-and-tax" - app_url = "financeandtax" - sql_migration_path = "../scripts/finance_and_tax" - app_db_name = "ftt" - app_db_login_name = "ftt-app" - app_source_db_name = "ftt" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "JudgmentFiles" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "finance-and-tax" + app_url = "financeandtax" + sql_migration_path = "../scripts/finance_and_tax" + app_db_name = "ftt" + app_db_login_name = "ftt-app" + app_source_db_name = "ftt" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "JudgmentFiles" + waf_arn = local.waf_arn } module "immigration_services" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "immigration-services" - app_url = "immigrationservices" - sql_migration_path = "../scripts/immigration_services" - app_db_name = "imset" - app_db_login_name = "imset-app" - app_source_db_name = "imset" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "JudgmentFiles" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "immigration-services" + app_url = "immigrationservices" + sql_migration_path = "../scripts/immigration_services" + app_db_name = "imset" + app_db_login_name = "imset-app" + app_source_db_name = "imset" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "JudgmentFiles" + waf_arn = local.waf_arn } module "information_tribunal" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "information-tribunal" - app_url = "informationrights" - sql_migration_path = "../scripts/information_tribunal" - app_db_name = "it" - app_db_login_name = "it-app" - app_source_db_name = "it" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "DBFiles" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "information-tribunal" + app_url = "informationrights" + sql_migration_path = "../scripts/information_tribunal" + app_db_name = "it" + app_db_login_name = "it-app" + app_source_db_name = "it" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "DBFiles" + waf_arn = local.waf_arn } module "lands_tribunal" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "lands-chamber" - app_url = "landschamber" - sql_migration_path = "../scripts/lands_chamber" - app_db_name = "lands" - app_db_login_name = "lands-app" - app_source_db_name = "lands" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "JudgmentFiles" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "lands-chamber" + app_url = "landschamber" + sql_migration_path = "../scripts/lands_chamber" + app_db_name = "lands" + app_db_login_name = "lands-app" + app_source_db_name = "lands" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "JudgmentFiles" + waf_arn = local.waf_arn } module "transport" { - is_ftp_app = false - source = "./modules/tribunal" - app_name = "transport" - app_url = "transportappeals" - sql_migration_path = "../scripts/transport" - app_db_name = "transport" - app_db_login_name = "transport-app" - app_source_db_name = "Transport" - app_rds_url = local.rds_url - app_rds_user = local.rds_user - app_rds_port = local.rds_port - app_rds_password = local.rds_password - app_source_db_url = local.source_db_url - app_source_db_user = local.source_db_user - app_source_db_password = local.source_db_password - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "JudgmentFiles" - waf_arn = local.waf_arn + is_ftp_app = false + source = "./modules/tribunal" + app_name = "transport" + app_url = "transportappeals" + sql_migration_path = "../scripts/transport" + app_db_name = "transport" + app_db_login_name = "transport-app" + app_source_db_name = "Transport" + app_rds_url = local.rds_url + app_rds_user = local.rds_user + app_rds_port = local.rds_port + app_rds_password = local.rds_password + app_source_db_url = local.source_db_url + app_source_db_user = local.source_db_user + app_source_db_password = local.source_db_password + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + dms_instance_arn = aws_dms_replication_instance.tribunals_replication_instance.replication_instance_arn + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "JudgmentFiles" + waf_arn = local.waf_arn } module "charity_tribunal_decisions" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-charity-tribunals" - app_url = "charitytribunal" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-charity-tribunals" + app_url = "charitytribunal" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "documents" + waf_arn = local.waf_arn } module "claims_management_decisions" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-claims-management" - app_url = "claimsmanagement" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-claims-management" + app_url = "claimsmanagement" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } module "consumer_credit_appeals" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-consumer-credit" - app_url = "consumercreditappeals" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-consumer-credit" + app_url = "consumercreditappeals" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } module "estate_agent_appeals" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-estate-agents" - app_url = "estateagentappeals" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-estate-agents" + app_url = "estateagentappeals" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } module "primary_health_lists" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-primary-health" - app_url = "primaryhealthlists" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-primary-health" + app_url = "primaryhealthlists" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } module "siac" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-siac" - app_url = "siac" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-siac" + app_url = "siac" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } module "sscs_venue_pages" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-sscs-venues" - app_url = "sscsvenues" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-sscs-venues" + app_url = "sscsvenues" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } module "tax_chancery_decisions" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-tax-chancery" - app_url = "taxchancerydecisions" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-tax-chancery" + app_url = "taxchancerydecisions" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } module "tax_tribunal_decisions" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-tax-tribunal" - app_url = "taxtribunaldecisions" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-tax-tribunal" + app_url = "taxtribunaldecisions" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } module "ftp_admin_appeals" { - is_ftp_app = true - source = "./modules/tribunal_ftp" - app_name = "ftp-admin-appeals" - app_url = "adminappealsreports" - environment = local.environment - application_data = local.application_data.accounts[local.environment] - tags = local.tags - task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume - appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity - appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity - ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold - ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold - app_count = local.application_data.accounts[local.environment].app_count - server_port = local.application_data.accounts[local.environment].server_port_1 - cluster_id = aws_ecs_cluster.tribunals_cluster.id - cluster_name = aws_ecs_cluster.tribunals_cluster.name - vpc_shared_id = data.aws_vpc.shared.id - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - aws_acm_certificate_external = aws_acm_certificate.external - documents_location = "Documents" - waf_arn = local.waf_arn + is_ftp_app = true + source = "./modules/tribunal_ftp" + app_name = "ftp-admin-appeals" + app_url = "adminappealsreports" + environment = local.environment + application_data = local.application_data.accounts[local.environment] + tags = local.tags + task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume + appscaling_min_capacity = local.application_data.accounts[local.environment].appscaling_min_capacity + appscaling_max_capacity = local.application_data.accounts[local.environment].appscaling_max_capacity + ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold + ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold + app_count = local.application_data.accounts[local.environment].app_count + server_port = local.application_data.accounts[local.environment].server_port_1 + cluster_id = aws_ecs_cluster.tribunals_cluster.id + cluster_name = aws_ecs_cluster.tribunals_cluster.name + vpc_shared_id = data.aws_vpc.shared.id + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + aws_acm_certificate_external = aws_acm_certificate.external + documents_location = "Documents" + waf_arn = local.waf_arn } \ No newline at end of file diff --git a/terraform/environments/tribunals/modules/dms/main.tf b/terraform/environments/tribunals/modules/dms/main.tf index facd764ea5d..1f384c9aed5 100644 --- a/terraform/environments/tribunals/modules/dms/main.tf +++ b/terraform/environments/tribunals/modules/dms/main.tf @@ -11,26 +11,26 @@ resource "aws_dms_endpoint" "target" { } resource "aws_dms_endpoint" "source" { - database_name = var.source_database_name - endpoint_id = var.source_endpoint_id - endpoint_type = "source" - engine_name = "sqlserver" - password = var.source_password - port = 1433 - server_name = var.source_server_name - ssl_mode = "none" + database_name = var.source_database_name + endpoint_id = var.source_endpoint_id + endpoint_type = "source" + engine_name = "sqlserver" + password = var.source_password + port = 1433 + server_name = var.source_server_name + ssl_mode = "none" username = var.source_username } resource "aws_dms_replication_task" "migration-task" { - migration_type = "full-load" - replication_instance_arn = var.replication_instance_arn - replication_task_id = var.replication_task_id - source_endpoint_arn = aws_dms_endpoint.source.endpoint_arn - target_endpoint_arn = aws_dms_endpoint.target.endpoint_arn + migration_type = "full-load" + replication_instance_arn = var.replication_instance_arn + replication_task_id = var.replication_task_id + source_endpoint_arn = aws_dms_endpoint.source.endpoint_arn + target_endpoint_arn = aws_dms_endpoint.target.endpoint_arn start_replication_task = false - + replication_task_settings = jsonencode({ TargetMetadata = { FullLobMode = true, @@ -52,7 +52,7 @@ resource "aws_dms_replication_task" "migration-task" { } }) - table_mappings = jsonencode({ + table_mappings = jsonencode({ rules = [ { "rule-type" = "selection" @@ -66,5 +66,5 @@ resource "aws_dms_replication_task" "migration-task" { } ] }) - + } \ No newline at end of file diff --git a/terraform/environments/tribunals/modules/ecs_loadbalancer/main.tf b/terraform/environments/tribunals/modules/ecs_loadbalancer/main.tf index 3af3b7e21b5..beb3da8286c 100644 --- a/terraform/environments/tribunals/modules/ecs_loadbalancer/main.tf +++ b/terraform/environments/tribunals/modules/ecs_loadbalancer/main.tf @@ -250,7 +250,7 @@ resource "aws_lb_listener_rule" "admin_secure_fixed_response" { listener_arn = aws_lb_listener.tribunals_lb.arn priority = 5 action { - type = "fixed-response" + type = "fixed-response" fixed_response { content_type = "text/html" message_body = "

Secure Page

This area of the website now requires elevated security.


If you believe you should be able to access this page please send an email to: - dts-legacy-apps-support-team@hmcts.net

" diff --git a/terraform/environments/tribunals/modules/ecs_task/main.tf b/terraform/environments/tribunals/modules/ecs_task/main.tf index c9469337bdc..16414448f61 100644 --- a/terraform/environments/tribunals/modules/ecs_task/main.tf +++ b/terraform/environments/tribunals/modules/ecs_task/main.tf @@ -7,15 +7,15 @@ resource "aws_ecs_task_definition" "ecs_task_definition" { ] volume { - name = var.task_definition_volume + name = var.task_definition_volume host_path = "D:/storage/tribunals/${var.app_name}" } container_definitions = var.container_definition runtime_platform { - operating_system_family = "WINDOWS_SERVER_2019_CORE" - # cpu_architecture = "X86_64" + operating_system_family = "WINDOWS_SERVER_2019_CORE" + # cpu_architecture = "X86_64" } tags = merge( @@ -127,7 +127,7 @@ resource "aws_cloudwatch_log_group" "cloudwatch_group" { resource "aws_ecs_service" "ecs_service" { count = var.is_ftp_app ? 0 : 1 - name = "${var.app_name}" + name = var.app_name cluster = var.cluster_id task_definition = aws_ecs_task_definition.ecs_task_definition.id desired_count = var.app_count @@ -161,7 +161,7 @@ resource "aws_ecs_service" "ecs_service" { // SFTP service resource "aws_ecs_service" "ecs_service_sftp" { count = var.is_ftp_app ? 1 : 0 - name = "${var.app_name}" + name = var.app_name cluster = var.cluster_id task_definition = aws_ecs_task_definition.ecs_task_definition.id desired_count = var.app_count diff --git a/terraform/environments/tribunals/modules/tribunal/main.tf b/terraform/environments/tribunals/modules/tribunal/main.tf index 416d87f868f..cfcf7390f1e 100644 --- a/terraform/environments/tribunals/modules/tribunal/main.tf +++ b/terraform/environments/tribunals/modules/tribunal/main.tf @@ -17,7 +17,7 @@ locals { cluster_name = "${local.app}_app_cluster" })) app_container_definition = templatefile("container_definition.json", { - app_name = "${local.app}" + app_name = "${local.app}" awslogs-group = "${local.app}-ecs-log-group" supportEmail = "${var.application_data.support_email}" supportTeam = "${var.application_data.support_team}" @@ -79,7 +79,7 @@ resource "null_resource" "app_setup_db" { provisioner "local-exec" { interpreter = ["bash", "-c"] - command = "ifconfig -a; chmod +x ./setup-mssql.sh; ./setup-mssql.sh" + command = "ifconfig -a; chmod +x ./setup-mssql.sh; ./setup-mssql.sh" environment = { DB_URL = local.app_rds_url diff --git a/terraform/environments/tribunals/modules/tribunal/variables.tf b/terraform/environments/tribunals/modules/tribunal/variables.tf index bcee54ebd31..d06a39e2554 100644 --- a/terraform/environments/tribunals/modules/tribunal/variables.tf +++ b/terraform/environments/tribunals/modules/tribunal/variables.tf @@ -90,7 +90,7 @@ variable "aws_acm_certificate_external" { variable "vpc_shared_id" { } -variable "documents_location"{ +variable "documents_location" { } variable "is_ftp_app" { diff --git a/terraform/environments/tribunals/modules/tribunal_ftp/variables.tf b/terraform/environments/tribunals/modules/tribunal_ftp/variables.tf index 4320e3de953..6f96ff4c41f 100644 --- a/terraform/environments/tribunals/modules/tribunal_ftp/variables.tf +++ b/terraform/environments/tribunals/modules/tribunal_ftp/variables.tf @@ -48,7 +48,7 @@ variable "aws_acm_certificate_external" { variable "vpc_shared_id" { } -variable "documents_location"{ +variable "documents_location" { } variable "application_data" { diff --git a/terraform/environments/tribunals/s3.tf b/terraform/environments/tribunals/s3.tf index 4b7f7ed8687..9331e40d2e5 100644 --- a/terraform/environments/tribunals/s3.tf +++ b/terraform/environments/tribunals/s3.tf @@ -9,9 +9,9 @@ resource "aws_s3_bucket_policy" "backup_bucket_policy" { Version = "2012-10-17", Statement = [ { - Effect = "Allow", + Effect = "Allow", Principal = { - "AWS": "${aws_iam_role.ec2_instance_role.arn}" + "AWS" : "${aws_iam_role.ec2_instance_role.arn}" }, Action = [ "s3:GetObject", diff --git a/terraform/modules/environment/outputs.tf b/terraform/modules/environment/outputs.tf index 4ddbf20afcd..1d72389b225 100644 --- a/terraform/modules/environment/outputs.tf +++ b/terraform/modules/environment/outputs.tf @@ -64,9 +64,9 @@ output "account_ids" { output "cross_account_secret_account_ids" { description = "account id lookup for cross-account secrets" value = { - delius = try(var.environment_management.account_ids["delius-core-${var.environment}"], "delius-core-${var.environment}-not-found") + delius = try(var.environment_management.account_ids["delius-core-${var.environment}"], "delius-core-${var.environment}-not-found") delius_mis = try(var.environment_management.account_ids["delius-mis-${var.environment}"], "delius-mis-${var.environment}-not-found") - hmpps_oem = var.environment_management.account_ids["hmpps-oem-${var.environment}"] + hmpps_oem = var.environment_management.account_ids["hmpps-oem-${var.environment}"] hmpps_domain = (contains(["development", "test"], var.environment) ? var.environment_management.account_ids["hmpps-domain-services-test"] : var.environment_management.account_ids["hmpps-domain-services-production"] diff --git a/terraform/modules/ip_addresses/moj.tf b/terraform/modules/ip_addresses/moj.tf index aff73228e4e..d57accfa019 100644 --- a/terraform/modules/ip_addresses/moj.tf +++ b/terraform/modules/ip_addresses/moj.tf @@ -46,9 +46,9 @@ locals { "20.26.11.108/32" ] - palo_alto_primsa_access_corporate = "128.77.75.64/26" + palo_alto_primsa_access_corporate = "128.77.75.64/26" palo_alto_primsa_access_third_party = "128.77.75.0/25" - palo_alto_primsa_access_residents = "128.77.75.128/26" + palo_alto_primsa_access_residents = "128.77.75.128/26" ark_dc_external_internet = [