Skip to content

Commit

Permalink
hmpps domain: DSOS-2890: terraform alignment v1 (#7147)
Browse files Browse the repository at this point in the history 
* refactor

* fix
  • Loading branch information
@drobinson-moj
drobinson-moj authored Jul 19, 2024
1 parent 415846c commit 7a8f320
Show file tree
Hide file tree
Showing 10 changed files with 447 additions and 325 deletions.
99 changes: 43 additions & 56 deletions terraform/environments/hmpps-domain-services/locals_development.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,6 @@ locals {

acm_certificates = {
remote_desktop_wildcard_cert = {
# domain_name limited to 64 chars so use modernisation platform domain for this
# and put the wildcard in the san
cloudwatch_metric_alarms = module.baseline_presets.cloudwatch_metric_alarms.acm
domain_name = "modernisation-platform.service.justice.gov.uk"
external_validation_records_created = true
Expand All @@ -33,102 +31,91 @@ locals {
}

ec2_autoscaling_groups = {
dev-rhel85 = {
autoscaling_group = merge(module.baseline_presets.ec2_autoscaling_group.default, {
dev-rhel85 = merge(local.ec2_autoscaling_groups.base_linux, {
autoscaling_group = merge(local.ec2_autoscaling_groups.base_linux.autoscaling_group, {
desired_capacity = 0
})
autoscaling_schedules = module.baseline_presets.ec2_autoscaling_schedules.working_hours
config = merge(module.baseline_presets.ec2_instance.config.default, {
ami_name = "base_rhel_8_5*"
availability_zone = null
instance_profile_policies = concat(module.baseline_presets.ec2_instance.config.default.instance_profile_policies, ["SSMPolicy", "PatchBucketAccessPolicy"])
config = merge(local.ec2_autoscaling_groups.base_linux.config, {
ami_name = "base_rhel_8_5*"
})
instance = merge(module.baseline_presets.ec2_instance.instance.default, {
vpc_security_group_ids = ["rds-ec2s"]
instance = merge(local.ec2_autoscaling_groups.base_linux.instance, {
instance_type = "t3.medium"
})
user_data_cloud_init = merge(module.baseline_presets.ec2_instance.user_data_cloud_init.ssm_agent_and_ansible, {
args = merge(module.baseline_presets.ec2_instance.user_data_cloud_init.ssm_agent_and_ansible.args, {
user_data_cloud_init = merge(local.ec2_autoscaling_groups.base_linux.user_data_cloud_init, {
args = merge(local.ec2_autoscaling_groups.base_linux.user_data_cloud_init.args, {
branch = "main"
})
})
tags = {
tags = merge(local.ec2_autoscaling_groups.base_linux.tags, {
ami = "hmpps_domain_services_rhel_8_5"
component = "test"
description = "RHEL8.5 for connection to Azure domain"
os-type = "Linux"
server-type = "hmpps-domain-services"
}
}
})
})

dev-win-2012 = {
autoscaling_group = merge(module.baseline_presets.ec2_autoscaling_group.default, {
dev-win-2012 = merge(local.ec2_autoscaling_groups.base_windows, {
autoscaling_group = merge(local.ec2_autoscaling_groups.base_windows.autoscaling_group, {
desired_capacity = 0
})
autoscaling_schedules = module.baseline_presets.ec2_autoscaling_schedules.working_hours
config = merge(module.baseline_presets.ec2_instance.config.default, {
ami_name = "base_windows_server_2012_r2_release*"
availability_zone = null
ebs_volumes_copy_all_from_ami = false
user_data_raw = base64encode(file("./templates/windows_server_2022-user-data.yaml"))
config = merge(local.ec2_autoscaling_groups.base_windows.config, {
ami_name = "base_windows_server_2012_r2_release*"
instance_profile_policies = [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"EC2Default",
"EC2S3BucketWriteAndDeleteAccessPolicy",
"ImageBuilderS3BucketWriteAndDeleteAccessPolicy",
]
user_data_raw = base64encode(file("./templates/windows_server_2022-user-data.yaml"))
})
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 128 }
}
instance = merge(module.baseline_presets.ec2_instance.instance.default, {
vpc_security_group_ids = ["rds-ec2s"]
instance = merge(local.ec2_autoscaling_groups.base_windows.instance, {
instance_type = "t3.medium"
})
tags = {
component = "test"
tags = merge(local.ec2_autoscaling_groups.base_windows.tags, {
description = "Windows Server 2012 for connecting to Azure domain"
os-type = "Windows"
}
}
})
})

dev-win-2022 = {
autoscaling_group = merge(module.baseline_presets.ec2_autoscaling_group.default, {
dev-win-2022 = merge(local.ec2_autoscaling_groups.base_windows, {
autoscaling_group = merge(local.ec2_autoscaling_groups.base_windows.autoscaling_group, {
desired_capacity = 0
})
autoscaling_schedules = module.baseline_presets.ec2_autoscaling_schedules.working_hours
config = merge(module.baseline_presets.ec2_instance.config.default, {
ami_name = "hmpps_windows_server_2022_release_2024-*"
availability_zone = null
ebs_volumes_copy_all_from_ami = false
instance_profile_policies = concat(module.baseline_presets.ec2_instance.config.default.instance_profile_policies, ["SSMPolicy", "PatchBucketAccessPolicy"])
user_data_raw = base64encode(file("./templates/rds-gateway-user-data.yaml"))
config = merge(local.ec2_autoscaling_groups.base_windows.config, {
ami_name = "hmpps_windows_server_2022_release_2024-*"
user_data_raw = base64encode(file("./templates/rds-gateway-user-data.yaml"))
})
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 100 }
}
instance = merge(module.baseline_presets.ec2_instance.instance.default, {
vpc_security_group_ids = ["rds-ec2s"]
instance = merge(local.ec2_autoscaling_groups.base_windows.instance, {
instance_type = "t3.medium"
})
tags = {
component = "test"
tags = merge(local.ec2_autoscaling_groups.base_windows.tags, {
description = "Windows Server 2022 for connecting to Azure domain"
os-type = "Windows"
}
}
})
})
}

lbs = {
public = merge(local.rds_lbs.public, {
public = merge(local.lbs.public, {
instance_target_groups = {
http1 = merge(local.rds_target_groups.http, {
http1 = merge(local.lbs.public.instance_target_groups.http, {
attachments = [
]
})
https1 = merge(local.rds_target_groups.https, {
https1 = merge(local.lbs.public.instance_target_groups.https, {
attachments = [
]
})
}
listeners = {
http = local.rds_lb_listeners.http
https = merge(local.rds_lb_listeners.https, {
listeners = merge(local.lbs.public.listeners, {
https = merge(local.lbs.public.listeners.https, {
rules = {
}
})
}
})
})
}

Expand Down
101 changes: 101 additions & 0 deletions terraform/environments/hmpps-domain-services/locals_ec2_autoscaling_groups.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
locals {

ec2_autoscaling_groups = {
base_linux = {
autoscaling_group = {
desired_capacity = 1
max_size = 1
force_delete = true
vpc_zone_identifier = module.environment.subnets["private"].ids
}
autoscaling_schedules = {
scale_up = { recurrence = "0 7 * * Mon-Fri" }
scale_down = { recurrence = "0 19 * * Mon-Fri", desired_capacity = 0 }
}
config = {
iam_resource_names_prefix = "ec2-instance"
instance_profile_policies = [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"EC2Default",
"EC2S3BucketWriteAndDeleteAccessPolicy",
"ImageBuilderS3BucketWriteAndDeleteAccessPolicy",
"SSMPolicy",
"PatchBucketAccessPolicy",
]
secretsmanager_secrets_prefix = "ec2/" # TODO
ssm_parameters_prefix = "ec2/"
subnet_name = "private"
}
instance = {
disable_api_termination = false
instance_type = "t3.medium"
key_name = "ec2-user"
metadata_options_http_tokens = "required"
monitoring = false
vpc_security_group_ids = ["rds-ec2s"]
}
user_data_cloud_init = {
args = {
lifecycle_hook_name = "ready-hook"
branch = "main"
ansible_repo = "modernisation-platform-configuration-management"
ansible_repo_basedir = "ansible"
ansible_args = "--tags ec2provision"
}
scripts = [
"install-ssm-agent.sh.tftpl",
"ansible-ec2provision.sh.tftpl",
"post-ec2provision.sh.tftpl"
]
}
tags = {
component = "test"
os-type = "Linux"
}
}

base_windows = {
autoscaling_group = {
desired_capacity = 1
max_size = 1
force_delete = true
vpc_zone_identifier = module.environment.subnets["private"].ids
}
autoscaling_schedules = {
scale_up = { recurrence = "0 7 * * Mon-Fri" }
scale_down = { recurrence = "0 19 * * Mon-Fri", desired_capacity = 0 }
}
config = {
ebs_volumes_copy_all_from_ami = false
iam_resource_names_prefix = "ec2-instance"
instance_profile_policies = [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"EC2Default",
"EC2S3BucketWriteAndDeleteAccessPolicy",
"ImageBuilderS3BucketWriteAndDeleteAccessPolicy",
"SSMPolicy",
"PatchBucketAccessPolicy",
]
secretsmanager_secrets_prefix = "ec2/" # TODO
ssm_parameters_prefix = "ec2/"
subnet_name = "private"
user_data_raw = base64encode(file("./templates/windows_server_2022-user-data.yaml"))
}
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 128 }
}
instance = {
disable_api_termination = false
instance_type = "t3.medium"
key_name = "ec2-user"
metadata_options_http_tokens = "required"
monitoring = false
vpc_security_group_ids = ["rds-ec2s"]
}
tags = {
component = "test"
os-type = "Windows"
}
}
}
}
80 changes: 80 additions & 0 deletions terraform/environments/hmpps-domain-services/locals_ec2_instances.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
locals {

ec2_instances = {
rdgw = {
config = {
ami_name = "hmpps_windows_server_2022_release_2024-01-16T09-48-13.663Z"
availability_zone = "eu-west-2a"
ebs_volumes_copy_all_from_ami = false
iam_resource_names_prefix = "ec2-instance"
instance_profile_policies = [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"EC2Default",
"EC2S3BucketWriteAndDeleteAccessPolicy",
"ImageBuilderS3BucketWriteAndDeleteAccessPolicy",
"SSMPolicy",
"PatchBucketAccessPolicy",
]
secretsmanager_secrets_prefix = "ec2/" # TODO
ssm_parameters_prefix = "ec2/"
subnet_name = "private"
user_data_raw = module.baseline_presets.ec2_instance.user_data_raw["user-data-pwsh"]
# user_data_raw = base64encode(file("./templates/windows_server_2022-user-data.yaml"))
}
instance = {
disable_api_termination = false
instance_type = "t3.medium"
key_name = "ec2-user"
metadata_options_http_tokens = "required"
monitoring = false
vpc_security_group_ids = ["rds-ec2s"]
}
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 100 }
}
tags = {
os-type = "Windows"
component = "remotedesktop"
backup-plan = "daily-and-weekly" # TODO
}
}
rds = {
config = {
ami_name = "hmpps_windows_server_2022_release_2024-01-16T09-48-13.663Z"
availability_zone = "eu-west-2a"
ebs_volumes_copy_all_from_ami = false
iam_resource_names_prefix = "ec2-instance"
instance_profile_policies = [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"EC2Default",
"EC2S3BucketWriteAndDeleteAccessPolicy",
"ImageBuilderS3BucketWriteAndDeleteAccessPolicy",
"SSMPolicy",
"PatchBucketAccessPolicy",
]
secretsmanager_secrets_prefix = "ec2/" # TODO
ssm_parameters_prefix = "ec2/"
subnet_name = "private"
user_data_raw = module.baseline_presets.ec2_instance.user_data_raw["user-data-pwsh"]
# user_data_raw = base64encode(file("./templates/windows_server_2022-user-data.yaml"))
}
instance = {
disable_api_termination = false
instance_type = "t3.medium"
key_name = "ec2-user"
metadata_options_http_tokens = "required"
monitoring = false
vpc_security_group_ids = ["rds-ec2s"]
}
ebs_volumes = {
"/dev/sda1" = { type = "gp3", size = 100 }
}
tags = {
os-type = "Windows"
component = "remotedesktop"
backup-plan = "daily-and-weekly" # TODO
}
}
}
}

Loading

0 comments on commit 7a8f320

Please sign in to comment.