Merge pull request #7439 from ministryofjustice/chore/op-updates

📌 Observability Platform updates

terraform/environments/observability-platform/environment-configurations.tf

@@ -70,7 +70,8 @@ locals {
           }
         }
       }
-      grafana_api_key_rotator_version = "1.0.5"
+      grafana_version                 = "10.4"
+      grafana_api_key_rotator_version = "1.0.10"
     }
     production = {
       tenant_configuration = {
@@ -141,7 +142,8 @@ locals {
           }
         }
       }
-      grafana_api_key_rotator_version = "1.0.5"
+      grafana_version                 = "10.4"
+      grafana_api_key_rotator_version = "1.0.10"
     }
   }
 }

terraform/environments/observability-platform/iam-policies.tf

@@ -14,7 +14,7 @@ module "amazon_managed_grafana_remote_cloudwatch_iam_policy" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
-  version = "5.39.1"
+  version = "5.44.0"
 
   name_prefix = "amazon-managed-grafana-remote-cloudwatch"
 

terraform/environments/observability-platform/lambda-functions.tf

@@ -6,7 +6,7 @@ module "grafana_api_key_rotator" {
   #checkov:skip=CKV_AWS_258:Function is not invoked by URL
 
   source  = "terraform-aws-modules/lambda/aws"
-  version = "7.7.0"
+  version = "7.7.1"
 
   publish        = true
   create_package = false

terraform/environments/observability-platform/managed-grafana.tf

@@ -9,7 +9,8 @@ module "managed_grafana" {
 
   name = local.application_name
 
-  license_type = "ENTERPRISE"
+  license_type    = "ENTERPRISE"
+  grafana_version = local.environment_configuration.grafana_version
 
   account_access_type       = "CURRENT_ACCOUNT"
   authentication_providers  = ["AWS_SSO"]
@@ -40,6 +41,12 @@ module "managed_grafana" {
   tags = local.tags
 }
 
+resource "aws_grafana_workspace_service_account" "automation" {
+  name         = "automation"
+  grafana_role = "ADMIN"
+  workspace_id = module.managed_grafana.workspace_id
+}
+
 /* Slack Contact Points */
 module "contact_point_slack" {
   for_each = toset(local.all_slack_channels)

terraform/environments/observability-platform/modules/grafana/amazon-prometheus-query-source/providers.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

terraform/environments/observability-platform/modules/grafana/cloudwatch-source/providers.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

terraform/environments/observability-platform/modules/grafana/contact-point/pagerduty/providers.tf

@@ -6,7 +6,7 @@ terraform {
     }
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

terraform/environments/observability-platform/modules/grafana/contact-point/slack/providers.tf

@@ -6,7 +6,7 @@ terraform {
     }
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

terraform/environments/observability-platform/modules/grafana/team/main.tf

@@ -26,7 +26,7 @@ data "grafana_data_source" "cloudwatch" {
 resource "grafana_data_source_permission" "cloudwatch" {
   for_each = var.aws_accounts
 
-  datasource_id = data.grafana_data_source.cloudwatch[each.key].id
+  datasource_uid = trimprefix(data.grafana_data_source.cloudwatch[each.key].id, "1:")
 
   permissions {
     team_id    = grafana_team.this.id
@@ -47,7 +47,7 @@ resource "grafana_data_source_permission" "xray" {
     for name, account in var.aws_accounts : name => account if account.xray_enabled
   }
 
-  datasource_id = data.grafana_data_source.xray[each.key].id
+  datasource_uid = trimprefix(data.grafana_data_source.xray[each.key].id, "1:")
 
   permissions {
     team_id    = grafana_team.this.id
@@ -68,7 +68,7 @@ resource "grafana_data_source_permission" "amazon_prometheus" {
     for name, account in var.aws_accounts : name => account if account.amazon_prometheus_query_enabled
   }
 
-  datasource_id = data.grafana_data_source.amazon_prometheus[each.key].id
+  datasource_uid = trimprefix(data.grafana_data_source.amazon_prometheus[each.key].id, "1:")
 
   permissions {
     team_id    = grafana_team.this.id

terraform/environments/observability-platform/modules/grafana/team/providers.tf

@@ -6,7 +6,7 @@ terraform {
     }
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

terraform/environments/observability-platform/modules/grafana/xray-source/providers.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

terraform/environments/observability-platform/modules/prometheus/iam-role/main.tf

@@ -21,7 +21,7 @@ module "iam_policy" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
-  version = "5.39.1"
+  version = "5.44.0"
 
   name_prefix = "${var.name}-prometheus"
 
@@ -33,7 +33,7 @@ module "iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
-  version = "5.39.1"
+  version = "5.44.0"
 
   create_role             = true
   role_name               = "${var.name}-prometheus"

terraform/environments/observability-platform/platform_versions.tf

@@ -6,7 +6,7 @@ terraform {
     }
     grafana = {
       source  = "grafana/grafana"
-      version = "2.5.0"
+      version = "~> 3.0"
     }
     http = {
       version = "~> 3.0"