hmpps domain: DSOS-2890: terraform alignment v3 (#7155)

* enable oam link

* Remove SG

* fmt

terraform/environments/hmpps-domain-services/locals.tf

@@ -27,7 +27,7 @@ locals {
       ]
       cloudwatch_metric_alarms_default_actions   = ["hmpps_domain_services_pagerduty"]
       cloudwatch_metric_oam_links_ssm_parameters = ["hmpps-oem-${local.environment}"]
-      # cloudwatch_metric_oam_links                = ["hmpps-oem-${local.environment}"]
+      cloudwatch_metric_oam_links                = ["hmpps-oem-${local.environment}"]
       enable_backup_plan_daily_and_weekly        = true
       enable_business_unit_kms_cmks              = true
       enable_ec2_cloud_watch_agent               = true

terraform/environments/hmpps-domain-services/locals_security_groups.tf

@@ -147,93 +147,5 @@ locals {
         }
       }
     }
-
-    # TODO - delete
-    domain = {
-      description = "Security group for Azure domain(s) access from Azure DCs"
-      ingress = {
-        all-from-self = {
-          description = "Allow all ingress to self"
-          from_port   = 0
-          to_port     = 0
-          protocol    = -1
-          self        = true
-        }
-        rpc_udp_domain = {
-          description = "135: UDP MS-RPC AD connect ingress from Azure DC"
-          from_port   = 135
-          to_port     = 135
-          protocol    = "UDP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-        }
-        rpc_tcp_domain = {
-          description = "135: TCP MS-RPC AD connect ingress from Azure DC"
-          from_port   = 135
-          to_port     = 135
-          protocol    = "TCP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-        }
-        netbios_tcp_domain = {
-          description = "137-139: TCP NetBIOS ingress from Azure DC"
-          from_port   = 137
-          to_port     = 139
-          protocol    = "TCP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-        }
-        netbios_udp_domain = {
-          description = "137-139: UDP NetBIOS ingress from Azure DC"
-          from_port   = 137
-          to_port     = 139
-          protocol    = "UDP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-        }
-        ldap_tcp_domain = {
-          description = "389: TCP Allow LDAP ingress from Azure DC"
-          from_port   = 389
-          to_port     = 389
-          protocol    = "TCP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-          # NOTE: not completely clear this is needed as it's not in the existing Azure SG's
-        }
-        ldap_udp_domain = {
-          description = "389: UDP Allow LDAP ingress from Azure DC"
-          from_port   = 389
-          to_port     = 389
-          protocol    = "UDP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-          # NOTE: not completely clear this is needed as it's not in the existing Azure SG's
-        }
-        smb_tcp_domain = {
-          description = "445: TCP SMB ingress from Azure DC"
-          from_port   = 445
-          to_port     = 445
-          protocol    = "TCP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-        }
-        smb_udp_domain = {
-          description = "445: UDP SMB ingress from Azure DC"
-          from_port   = 445
-          to_port     = 445
-          protocol    = "UDP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-        }
-        rpc_dynamic_tcp_domain = {
-          description = "49152-65535: TCP Dynamic Port range"
-          from_port   = 49152
-          to_port     = 65535
-          protocol    = "TCP"
-          cidr_blocks = local.security_group_cidrs.domain_controllers
-        }
-      }
-      egress = {
-        all = {
-          description = "Allow all traffic outbound"
-          from_port   = 0
-          to_port     = 0
-          protocol    = "-1"
-          cidr_blocks = ["0.0.0.0/0"]
-        }
-      }
-    }
   }
 }