From f708891ab50d04ce749651bbbd4979c7d32b5caf Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Tue, 27 Feb 2024 09:23:11 +0000 Subject: [PATCH 01/19] CC-2391: Added resource groups. --- .../ccms-ebs/ccms-resource-groups.tf | 167 ++++++++++++++++++ 1 file changed, 167 insertions(+) create mode 100644 terraform/environments/ccms-ebs/ccms-resource-groups.tf diff --git a/terraform/environments/ccms-ebs/ccms-resource-groups.tf b/terraform/environments/ccms-ebs/ccms-resource-groups.tf new file mode 100644 index 00000000000..4ad83a7baca --- /dev/null +++ b/terraform/environments/ccms-ebs/ccms-resource-groups.tf @@ -0,0 +1,167 @@ +resource "aws_resourcegroups_group" "accessgate" { + name = "accessgate" + description = "Accessgate instances" + + resource_query { + query = < Date: Thu, 29 Feb 2024 15:26:10 +0000 Subject: [PATCH 02/19] CC-2391: Added a test SSM document. --- .../ccms-ebs/ccms-ssm-document-test.yaml | 14 ++++++++++++++ .../environments/ccms-ebs/ccms-ssm-documents.tf | 7 +++++++ 2 files changed, 21 insertions(+) create mode 100644 terraform/environments/ccms-ebs/ccms-ssm-document-test.yaml create mode 100644 terraform/environments/ccms-ebs/ccms-ssm-documents.tf diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-test.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-test.yaml new file mode 100644 index 00000000000..d916dfb09b7 --- /dev/null +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-test.yaml @@ -0,0 +1,14 @@ +# ccms-ssm-document-test.yaml +--- +schemaVersion: "2.2" +description: Perform a healthcheck on the target instance +mainSteps: + - name: TestSSMdocument + action: aws:runShellScript + precondition: + StringEquals: + - platformType + - Linux + inputs: + runCommand: + - "tail -n 16 /var/log/messages" \ No newline at end of file diff --git a/terraform/environments/ccms-ebs/ccms-ssm-documents.tf b/terraform/environments/ccms-ebs/ccms-ssm-documents.tf new file mode 100644 index 00000000000..9d22deb8dfd --- /dev/null +++ b/terraform/environments/ccms-ebs/ccms-ssm-documents.tf @@ -0,0 +1,7 @@ +resource "aws_ssm_document" "test" { + name = "TestSSMdocument" + document_type = "Command" + document_format = "YAML" + + content = file("ccms-ssm-document-test.yaml") +} \ No newline at end of file From 1d7695dec896b5f4c1b8a15bd51f07b737eb15d6 Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:15:18 +0000 Subject: [PATCH 03/19] CC-2391: Updated the SSM document. --- .../ccms-ssm-document-service-actions.yaml | 50 +++++++++++++++++++ .../ccms-ebs/ccms-ssm-document-test.yaml | 14 ------ .../ccms-ebs/ccms-ssm-documents.tf | 6 +-- 3 files changed, 53 insertions(+), 17 deletions(-) create mode 100644 terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml delete mode 100644 terraform/environments/ccms-ebs/ccms-ssm-document-test.yaml diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml new file mode 100644 index 00000000000..ccf69a9d60a --- /dev/null +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml @@ -0,0 +1,50 @@ +# ccms-ssm-document-test.yaml +--- +schemaVersion: "2.2" +description: Perform a healthcheck on the target instance +parameters: + action: + type: String + default: "status" + allowedValues: + - restart + - start + - status + - stop +mainSteps: + - name: ServiceRestart + action: aws:runShellScript + precondition: + StringEquals: + - "{{ action }}" + - "restart" + inputs: + runCommand: + - "service chronyd restart" + - name: ServiceStart + action: aws:runShellScript + precondition: + StringEquals: + - "{{ action }}" + - "start" + inputs: + runCommand: + - "service chronyd start" + - name: ServiceStatus + action: aws:runShellScript + precondition: + StringEquals: + - "{{ action }}" + - "status" + inputs: + runCommand: + - "id; service chronyd status" + - name: ServiceStop + action: aws:runShellScript + precondition: + StringEquals: + - "{{ action }}" + - "stop" + inputs: + runCommand: + - "service chronyd stop" \ No newline at end of file diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-test.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-test.yaml deleted file mode 100644 index d916dfb09b7..00000000000 --- a/terraform/environments/ccms-ebs/ccms-ssm-document-test.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# ccms-ssm-document-test.yaml ---- -schemaVersion: "2.2" -description: Perform a healthcheck on the target instance -mainSteps: - - name: TestSSMdocument - action: aws:runShellScript - precondition: - StringEquals: - - platformType - - Linux - inputs: - runCommand: - - "tail -n 16 /var/log/messages" \ No newline at end of file diff --git a/terraform/environments/ccms-ebs/ccms-ssm-documents.tf b/terraform/environments/ccms-ebs/ccms-ssm-documents.tf index 9d22deb8dfd..81f3f3d5353 100644 --- a/terraform/environments/ccms-ebs/ccms-ssm-documents.tf +++ b/terraform/environments/ccms-ebs/ccms-ssm-documents.tf @@ -1,7 +1,7 @@ -resource "aws_ssm_document" "test" { - name = "TestSSMdocument" +resource "aws_ssm_document" "service_actions" { + name = "ServiceActions" document_type = "Command" document_format = "YAML" - content = file("ccms-ssm-document-test.yaml") + content = file("ccms-ssm-document-service-actions.yaml") } \ No newline at end of file From 5508eae3f67e2cda3ddbfc1ae79f534dfed68459 Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:19:16 +0000 Subject: [PATCH 04/19] CC-2391: Fixed a typo. --- .../environments/ccms-ebs/ccms-ssm-document-service-actions.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml index ccf69a9d60a..0d7ad522694 100644 --- a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml @@ -5,7 +5,6 @@ description: Perform a healthcheck on the target instance parameters: action: type: String - default: "status" allowedValues: - restart - start From 64c5429355f02226f4816ba2bfc3c6b0d145469b Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:35:04 +0000 Subject: [PATCH 05/19] CC-2391: Updated the SSM document. --- .../ccms-ebs/ccms-ssm-document-service-actions.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml index 0d7ad522694..bb09482edca 100644 --- a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml @@ -5,6 +5,7 @@ description: Perform a healthcheck on the target instance parameters: action: type: String + default: status allowedValues: - restart - start @@ -13,6 +14,7 @@ parameters: mainSteps: - name: ServiceRestart action: aws:runShellScript + isEnd: true precondition: StringEquals: - "{{ action }}" @@ -22,6 +24,7 @@ mainSteps: - "service chronyd restart" - name: ServiceStart action: aws:runShellScript + isEnd: true precondition: StringEquals: - "{{ action }}" @@ -31,15 +34,17 @@ mainSteps: - "service chronyd start" - name: ServiceStatus action: aws:runShellScript + isEnd: true precondition: StringEquals: - "{{ action }}" - "status" inputs: runCommand: - - "id; service chronyd status" + - "service chronyd status" - name: ServiceStop action: aws:runShellScript + isEnd: true precondition: StringEquals: - "{{ action }}" From 08afeeaa2dab180c943de7f669469c2b471050d8 Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:38:06 +0000 Subject: [PATCH 06/19] CC-2391: Fixed a typo. --- .../ccms-ssm-document-service-actions.yaml | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml index bb09482edca..5921a578e9c 100644 --- a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml @@ -5,44 +5,43 @@ description: Perform a healthcheck on the target instance parameters: action: type: String - default: status allowedValues: + - status - restart - start - - status - stop mainSteps: - - name: ServiceRestart + - name: ServiceStatus action: aws:runShellScript isEnd: true precondition: StringEquals: - "{{ action }}" - - "restart" + - "status" inputs: runCommand: - - "service chronyd restart" - - name: ServiceStart + - "service chronyd status" + - name: ServiceRestart action: aws:runShellScript isEnd: true precondition: StringEquals: - "{{ action }}" - - "start" + - "restart" inputs: runCommand: - - "service chronyd start" - - name: ServiceStatus + - "service chronyd restart" + - name: ServiceStart action: aws:runShellScript isEnd: true precondition: StringEquals: - "{{ action }}" - - "status" + - "start" inputs: runCommand: - - "service chronyd status" - - name: ServiceStop + - "service chronyd start" + - name: ServiceStop action: aws:runShellScript isEnd: true precondition: From c074cb9f480437b7c2d402451473780c5b2fea0a Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 1 Mar 2024 17:45:08 +0000 Subject: [PATCH 07/19] CC-2391: Fixed a typo. --- .../ccms-ebs/ccms-ssm-document-service-actions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml index 5921a578e9c..2c9b9fc789e 100644 --- a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml @@ -41,7 +41,7 @@ mainSteps: inputs: runCommand: - "service chronyd start" - - name: ServiceStop + - name: ServiceStop action: aws:runShellScript isEnd: true precondition: From ffa2c8b67431c582ec096117a0f338502e34987d Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 1 Mar 2024 18:06:43 +0000 Subject: [PATCH 08/19] CC-2391: Updated the SSM document. --- .../ccms-ssm-document-service-actions.yaml | 44 +++++-------------- 1 file changed, 10 insertions(+), 34 deletions(-) diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml index 2c9b9fc789e..f997c50d81a 100644 --- a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml @@ -1,7 +1,7 @@ # ccms-ssm-document-test.yaml --- schemaVersion: "2.2" -description: Perform a healthcheck on the target instance +description: Perform an action on a selected service. parameters: action: type: String @@ -10,44 +10,20 @@ parameters: - restart - start - stop + service: + type: String + allowedValues: + - chronyd + - postfix + - sshd mainSteps: - name: ServiceStatus action: aws:runShellScript isEnd: true precondition: StringEquals: - - "{{ action }}" - - "status" - inputs: - runCommand: - - "service chronyd status" - - name: ServiceRestart - action: aws:runShellScript - isEnd: true - precondition: - StringEquals: - - "{{ action }}" - - "restart" - inputs: - runCommand: - - "service chronyd restart" - - name: ServiceStart - action: aws:runShellScript - isEnd: true - precondition: - StringEquals: - - "{{ action }}" - - "start" - inputs: - runCommand: - - "service chronyd start" - - name: ServiceStop - action: aws:runShellScript - isEnd: true - precondition: - StringEquals: - - "{{ action }}" - - "stop" + - platformType + - Linux inputs: runCommand: - - "service chronyd stop" \ No newline at end of file + - "systemctl {{ action }} {{ service }}" \ No newline at end of file From 4dfa4de62424b4fc5f7ae2882e118cdc7e0bf598 Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 1 Mar 2024 18:13:00 +0000 Subject: [PATCH 09/19] CC-2391: Updated the SSM document. --- .../ccms-ssm-document-service-actions.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml index f997c50d81a..36b69134409 100644 --- a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml @@ -3,6 +3,12 @@ schemaVersion: "2.2" description: Perform an action on a selected service. parameters: + service: + type: String + allowedValues: + - chronyd + - postfix + - sshd action: type: String allowedValues: @@ -10,14 +16,8 @@ parameters: - restart - start - stop - service: - type: String - allowedValues: - - chronyd - - postfix - - sshd mainSteps: - - name: ServiceStatus + - name: ServiceActions action: aws:runShellScript isEnd: true precondition: From 2da6ee9bd96a46d5711fe1c233fdbce51148bfcf Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Tue, 5 Mar 2024 09:18:18 +0000 Subject: [PATCH 10/19] CC-2391: Created an SSM document in ccms-ebs-upgrade-development. --- .../ccms-ssm-document-service-actions.yaml | 31 +++++++++++++++++++ .../ccms-ebs-upgrade/ccms-ssm-documents.tf | 7 +++++ .../ccms-ssm-document-service-actions.yaml | 2 +- 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml create mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml new file mode 100644 index 00000000000..77ea083e259 --- /dev/null +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml @@ -0,0 +1,31 @@ +# ccms-ssm-document-service-actions.yaml +--- +schemaVersion: "2.2" +description: Perform an action on a selected service. +parameters: + action: + type: String + allowedValues: + - start + - stop +mainSteps: + - name: startAPP + action: aws:runShellScript + isEnd: true + precondition: + StringEquals: + - "{{ action }}" + - start + inputs: + runCommand: + - "/home/applmgr/scripts/startAPP.sh" + - name: stopAPP + action: aws:runShellScript + isEnd: true + precondition: + StringEquals: + - "{{ action }}" + - stop + inputs: + runCommand: + - "/home/applmgr/scripts/stopAPP.sh" \ No newline at end of file diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf new file mode 100644 index 00000000000..81f3f3d5353 --- /dev/null +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf @@ -0,0 +1,7 @@ +resource "aws_ssm_document" "service_actions" { + name = "ServiceActions" + document_type = "Command" + document_format = "YAML" + + content = file("ccms-ssm-document-service-actions.yaml") +} \ No newline at end of file diff --git a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml index 36b69134409..734d9585498 100644 --- a/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml +++ b/terraform/environments/ccms-ebs/ccms-ssm-document-service-actions.yaml @@ -1,4 +1,4 @@ -# ccms-ssm-document-test.yaml +# ccms-ssm-document-service-actions.yaml --- schemaVersion: "2.2" description: Perform an action on a selected service. From 22fb0047c40a3d90559e24841be23803c92f23ee Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Tue, 5 Mar 2024 14:22:02 +0000 Subject: [PATCH 11/19] CC-2391: Added 'statusAPP' step. --- .../ccms-ssm-document-service-actions.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml index 77ea083e259..f949d49a449 100644 --- a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml @@ -6,9 +6,20 @@ parameters: action: type: String allowedValues: + - status - start - stop mainSteps: + - name: statusAPP + action: aws:runShellScript + isEnd: true + precondition: + StringEquals: + - "{{ action }}" + - status + inputs: + runCommand: + - "/home/applmgr/scripts/statusAPP.sh" - name: startAPP action: aws:runShellScript isEnd: true From 8cd42d172a9b6cf6dc43984bf35e22183364d2ab Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Tue, 5 Mar 2024 16:56:53 +0000 Subject: [PATCH 12/19] CC-2391: Reorganised SSM documents. --- ...s-ssm-document-ebs-apps-service-start.yaml | 20 +++++++++ ...-ssm-document-ebs-apps-service-status.yaml | 20 +++++++++ ...ms-ssm-document-ebs-apps-service-stop.yaml | 20 +++++++++ .../ccms-ssm-document-service-actions.yaml | 42 ------------------- .../ccms-ebs-upgrade/ccms-ssm-documents.tf | 22 ++++++++-- 5 files changed, 79 insertions(+), 45 deletions(-) create mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-start.yaml create mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-status.yaml create mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-stop.yaml delete mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-start.yaml b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-start.yaml new file mode 100644 index 00000000000..ef5407c0434 --- /dev/null +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-start.yaml @@ -0,0 +1,20 @@ +# ccms-ssm-document-ebs-apps-service-start.yaml +--- +schemaVersion: "2.2" +description: Execute the startAPP.sh script. +parameters: + action: + type: String + allowedValues: + - start +mainSteps: + - name: startAPP + action: aws:runShellScript + isEnd: true + precondition: + StringEquals: + - "{{ action }}" + - start + inputs: + runCommand: + - "/home/applmgr/scripts/startAPP.sh" \ No newline at end of file diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-status.yaml b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-status.yaml new file mode 100644 index 00000000000..8ec63b59af2 --- /dev/null +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-status.yaml @@ -0,0 +1,20 @@ +# ccms-ssm-document-ebs-apps-service-status.yaml +--- +schemaVersion: "2.2" +description: Execute the statusAPP.sh script. +parameters: + action: + type: String + allowedValues: + - status +mainSteps: + - name: statusAPP + action: aws:runShellScript + isEnd: true + precondition: + StringEquals: + - "{{ action }}" + - status + inputs: + runCommand: + - "/home/applmgr/scripts/statusAPP.sh" \ No newline at end of file diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-stop.yaml b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-stop.yaml new file mode 100644 index 00000000000..1a1d12f9fd9 --- /dev/null +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-ebs-apps-service-stop.yaml @@ -0,0 +1,20 @@ +# ccms-ssm-document-ebs-apps-service-stop.yaml +--- +schemaVersion: "2.2" +description: Execute the stopAPP.sh script. +parameters: + action: + type: String + allowedValues: + - stop +mainSteps: + - name: stopAPP + action: aws:runShellScript + isEnd: true + precondition: + StringEquals: + - "{{ action }}" + - stop + inputs: + runCommand: + - "/home/applmgr/scripts/stopAPP.sh" \ No newline at end of file diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml deleted file mode 100644 index f949d49a449..00000000000 --- a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-document-service-actions.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# ccms-ssm-document-service-actions.yaml ---- -schemaVersion: "2.2" -description: Perform an action on a selected service. -parameters: - action: - type: String - allowedValues: - - status - - start - - stop -mainSteps: - - name: statusAPP - action: aws:runShellScript - isEnd: true - precondition: - StringEquals: - - "{{ action }}" - - status - inputs: - runCommand: - - "/home/applmgr/scripts/statusAPP.sh" - - name: startAPP - action: aws:runShellScript - isEnd: true - precondition: - StringEquals: - - "{{ action }}" - - start - inputs: - runCommand: - - "/home/applmgr/scripts/startAPP.sh" - - name: stopAPP - action: aws:runShellScript - isEnd: true - precondition: - StringEquals: - - "{{ action }}" - - stop - inputs: - runCommand: - - "/home/applmgr/scripts/stopAPP.sh" \ No newline at end of file diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf index 81f3f3d5353..9776cfef4ba 100644 --- a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf @@ -1,7 +1,23 @@ -resource "aws_ssm_document" "service_actions" { - name = "ServiceActions" +resource "aws_ssm_document" "ebs_apps_service_start" { + name = "EBS-Apps-Service-Start" document_type = "Command" document_format = "YAML" - content = file("ccms-ssm-document-service-actions.yaml") + content = file("ccms-ssm-document-ebs-apps-service-start.yaml") +} + +resource "aws_ssm_document" "ebs_apps_service_status" { + name = "EBS-Apps-Service-Status" + document_type = "Command" + document_format = "YAML" + + content = file("ccms-ssm-document-ebs-apps-service-status.yaml") +} + +resource "aws_ssm_document" "ebs_apps_service_stop" { + name = "EBS-Apps-Service-Stop" + document_type = "Command" + document_format = "YAML" + + content = file("ccms-ssm-document-ebs-apps-service-stop.yaml") } \ No newline at end of file From 228d5cd67bfbe73783ae76f63daa3f5282433174 Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Thu, 21 Mar 2024 09:35:47 +0000 Subject: [PATCH 13/19] CC-2391: Added 'device-name' and 'instance-role' tags. --- .../ccms-ebs-upgrade/ec2-oracle_accessgate.tf | 22 +++++++- .../ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf | 30 +++++++---- .../ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf | 21 +++++--- .../ccms-ebs-upgrade/ec2-oracle_ebs_db.tf | 51 ++++++++++++------- .../ccms-ebs-upgrade/ec2-oracle_webgate.tf | 22 +++++++- .../environments/ccms-ebs/ccms-ec2-clamav.tf | 2 +- 6 files changed, 109 insertions(+), 39 deletions(-) diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_accessgate.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_accessgate.tf index aac892f341b..d092af764ff 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_accessgate.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_accessgate.tf @@ -38,7 +38,8 @@ resource "aws_instance" "ec2_accessgate" { volume_size = 50 encrypted = true tags = merge(local.tags, - { Name = "root-block" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_accessgate, count.index + 1, "root")) }, + { device-name = "/dev/sda1" } ) } # swap @@ -48,6 +49,10 @@ resource "aws_instance" "ec2_accessgate" { volume_size = 20 encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_accessgate, count.index + 1, "swap")) }, + { device-name = "/dev/sdb" } + ) } # temp ebs_block_device { @@ -56,6 +61,10 @@ resource "aws_instance" "ec2_accessgate" { volume_size = 100 encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_accessgate, count.index + 1, "temp")) }, + { device-name = "/dev/sdc" } + ) } # home ebs_block_device { @@ -64,6 +73,10 @@ resource "aws_instance" "ec2_accessgate" { volume_size = 100 encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_accessgate, count.index + 1, "home")) }, + { device-name = "/dev/sdd" } + ) } # non-AMI mappings start at /dev/sdh @@ -75,11 +88,16 @@ resource "aws_instance" "ec2_accessgate" { iops = local.application_data.accounts[local.environment].accessgate_default_iops encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_accessgate, count.index + 1, "ccms")) }, + { device-name = "/dev/sdh" } + ) } tags = merge(local.tags, { Name = lower(format("ec2-%s-%s-accessgate-%s", local.application_name, local.environment, count.index + 1)) }, - { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling }, + { instance-role = local.application_data.accounts[local.environment].instance_role_accessgate }, + { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling-accessgate }, { backup = "true" } ) depends_on = [aws_security_group.ec2_sg_accessgate] diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf index 7136e078ab9..074d465524d 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf @@ -35,13 +35,15 @@ resource "aws_instance" "ec2_ebsapps" { volume_size = 50 encrypted = true tags = merge(local.tags, - { Name = "root-block" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "root")) }, + { device-name = "/dev/sda1" } ) } tags = merge(local.tags, { Name = lower(format("ec2-%s-%s-ebsapps-%s", local.application_name, local.environment, count.index + 1)) }, - { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling }, + { instance-role = local.application_data.accounts[local.environment].instance_role_ebsapps }, + { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling-ebsapps }, { backup = "true" } ) depends_on = [aws_security_group.ec2_sg_ebsapps] @@ -58,9 +60,10 @@ resource "aws_ebs_volume" "swap" { iops = 3000 encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id - tags = merge(local.tags, - { Name = "swap" } - ) + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "swap")) }, + { device-name = "/dev/sdb" } + ) } resource "aws_volume_attachment" "swap_att" { @@ -83,7 +86,8 @@ resource "aws_ebs_volume" "temp" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "temp" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "temp")) }, + { device-name = "/dev/sdc" } ) } @@ -107,7 +111,8 @@ resource "aws_ebs_volume" "home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "home" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "home")) }, + { device-name = "/dev/sdd" } ) } @@ -132,6 +137,8 @@ resource "aws_ebs_volume" "apps_export_home" { kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, { Name = "export home" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "export-home")) }, + { device-name = "/dev/sdh" } ) } @@ -155,7 +162,8 @@ resource "aws_ebs_volume" "apps_u01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "u01" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "u01")) }, + { device-name = "/dev/sdi" } ) } @@ -179,7 +187,8 @@ resource "aws_ebs_volume" "apps_u03" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "u03" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "u03")) }, + { device-name = "/dev/sdj" } ) } @@ -203,7 +212,8 @@ resource "aws_ebs_volume" "stage" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "stage" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "stage")) }, + { device-name = "/dev/sdk" } ) } diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf index ae67888f00f..c35516a29cc 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf @@ -38,7 +38,8 @@ resource "aws_instance" "ec2_oracle_conc" { tags = merge(local.tags, { Name = lower(format("ec2-%s-%s-ebsconc", local.application_name, local.environment)) }, - { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling }, + { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling-ebsconc }, + { instance-role = local.application_data.accounts[local.environment].instance_role_ebsapps }, { backup = "true" }, { OracleDbLTS-ManagedInstance = "true" } ) @@ -56,7 +57,8 @@ resource "aws_ebs_volume" "conc_export_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "conc export/home" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "export/home")) }, + { device-name = "/dev/sdh" } ) } @@ -77,7 +79,8 @@ resource "aws_ebs_volume" "conc_u01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "conc u01" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "u01")) }, + { device-name = "/dev/sdi" } ) } @@ -98,7 +101,8 @@ resource "aws_ebs_volume" "conc_u03" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "conc u03" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "u03")) }, + { device-name = "/dev/sdj" } ) } @@ -119,7 +123,8 @@ resource "aws_ebs_volume" "conc_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "conc home" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "home")) }, + { device-name = "/dev/sdk" } ) } @@ -140,7 +145,8 @@ resource "aws_ebs_volume" "conc_stage" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "conc stage" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "stage")) }, + { device-name = "/dev/sdl" } ) } @@ -161,7 +167,8 @@ resource "aws_ebs_volume" "conc_temp" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "conc temp" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "temp")) }, + { device-name = "/dev/sdm" } ) } diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_db.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_db.tf index e0bfa431aad..3e4fb8dcdd6 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_db.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_db.tf @@ -39,7 +39,8 @@ resource "aws_instance" "ec2_oracle_ebs" { tags = merge(local.tags, { Name = lower(format("ec2-%s-%s-ebsdb", local.application_name, local.environment)) }, - { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling }, + { instance-role = local.application_data.accounts[local.environment].instance_role_ebsdb }, + { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling-ebsdb }, { backup = "true" }, { OracleDbLTS-ManagedInstance = "true" } ) @@ -57,7 +58,8 @@ resource "aws_ebs_volume" "ebsdb_swap" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "swap" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "swap")) }, + { device-name = "/dev/sdb" } ) } @@ -81,7 +83,8 @@ resource "aws_ebs_volume" "export_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "export/home" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "export-home")) }, + { device-name = "/dev/sdh" } ) } @@ -102,7 +105,8 @@ resource "aws_ebs_volume" "u01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "u01" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "u01")) }, + { device-name = "/dev/sdi" } ) } @@ -123,7 +127,8 @@ resource "aws_ebs_volume" "arch" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "arch" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "arch")) }, + { device-name = "/dev/sdj" } ) } @@ -144,7 +149,8 @@ resource "aws_ebs_volume" "dbf" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "dbf" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf")) }, + { device-name = "/dev/sdk" } ) } @@ -165,7 +171,8 @@ resource "aws_ebs_volume" "dbf01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "dbf01" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf01")) }, + { device-name = "/dev/sde" } ) } @@ -189,7 +196,8 @@ resource "aws_ebs_volume" "dbf02" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "dbf02" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf02")) }, + { device-name = "/dev/sdf" } ) } @@ -213,7 +221,8 @@ resource "aws_ebs_volume" "dbf03" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "dbf03" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf03")) }, + { device-name = "/dev/sdg" } ) } @@ -237,7 +246,8 @@ resource "aws_ebs_volume" "redoA" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "redoA" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "redoA")) }, + { device-name = "/dev/sdl" } ) } @@ -258,7 +268,8 @@ resource "aws_ebs_volume" "techst" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "techst" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "techst")) }, + { device-name = "/dev/sdm" } ) } @@ -280,7 +291,8 @@ resource "aws_ebs_volume" "backup" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "backup" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "backup")) }, + { device-name = "/dev/sdn" } ) } @@ -301,7 +313,8 @@ resource "aws_ebs_volume" "redoB" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "redoB" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "redoB")) }, + { device-name = "/dev/sdo" } ) } @@ -325,7 +338,8 @@ resource "aws_ebs_volume" "diag" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "diag" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "diag")) }, + { device-name = "/dev/sdp" } ) } @@ -350,7 +364,8 @@ resource "aws_ebs_volume" "appshare" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "appshare" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "appshare")) }, + { device-name = "/dev/sdq" } ) } @@ -374,7 +389,8 @@ resource "aws_ebs_volume" "db_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "db home" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "db-home")) }, + { device-name = "/dev/sdr" } ) } @@ -395,7 +411,8 @@ resource "aws_ebs_volume" "db_temp" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "db temp" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "db-temp")) }, + { device-name = "/dev/sds" } ) } diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_webgate.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_webgate.tf index ba188a543c2..fa8e503c2a6 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_webgate.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_webgate.tf @@ -38,7 +38,8 @@ resource "aws_instance" "ec2_webgate" { volume_size = 50 encrypted = true tags = merge(local.tags, - { Name = "root-block" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_webgate, count.index + 1, "root")) }, + { device-name = "/dev/sda1" } ) } # swap @@ -48,6 +49,10 @@ resource "aws_instance" "ec2_webgate" { volume_size = 20 encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_webgate, count.index + 1, "swap")) }, + { device-name = "/dev/sdb" } + ) } # temp ebs_block_device { @@ -56,6 +61,10 @@ resource "aws_instance" "ec2_webgate" { volume_size = 100 encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_webgate, count.index + 1, "temp")) }, + { device-name = "/dev/sdc" } + ) } # home ebs_block_device { @@ -64,6 +73,10 @@ resource "aws_instance" "ec2_webgate" { volume_size = 100 encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_webgate, count.index + 1, "home")) }, + { device-name = "/dev/sdd" } + ) } # non-AMI mappings start at /dev/sdh @@ -75,11 +88,16 @@ resource "aws_instance" "ec2_webgate" { iops = local.application_data.accounts[local.environment].webgate_default_iops encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_webgate, count.index + 1, "ccms")) }, + { device-name = "/dev/sdh" } + ) } tags = merge(local.tags, { Name = lower(format("ec2-%s-%s-webgate-%s", local.application_name, local.environment, count.index + 1)) }, - { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling }, + { instance-role = local.application_data.accounts[local.environment].instance_role_webgate }, + { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling-webgate }, { backup = "true" } ) depends_on = [aws_security_group.ec2_sg_webgate] diff --git a/terraform/environments/ccms-ebs/ccms-ec2-clamav.tf b/terraform/environments/ccms-ebs/ccms-ec2-clamav.tf index 7ef733a8dae..e357e64ad5c 100644 --- a/terraform/environments/ccms-ebs/ccms-ec2-clamav.tf +++ b/terraform/environments/ccms-ebs/ccms-ec2-clamav.tf @@ -36,7 +36,7 @@ resource "aws_instance" "ec2_clamav" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_accessgate, "root")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_clamav, "root")) }, { device-name = "/dev/sda1" } ) } From 6a18db3071e65d0042ca7e8fb620d4ed469ebbd2 Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Thu, 21 Mar 2024 09:38:02 +0000 Subject: [PATCH 14/19] CC-2391: Added SSM Maintenance Windows. --- .../application_variables.json | 13 ++- .../ccms-ebs-upgrade/ccms-ssm-documents.tf | 23 ----- .../environments/ccms-ebs-upgrade/ccms-ssm.tf | 92 +++++++++++++++++++ 3 files changed, 103 insertions(+), 25 deletions(-) delete mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf create mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-ssm.tf diff --git a/terraform/environments/ccms-ebs-upgrade/application_variables.json b/terraform/environments/ccms-ebs-upgrade/application_variables.json index 3fafe74446c..7ab4ddbb43d 100644 --- a/terraform/environments/ccms-ebs-upgrade/application_variables.json +++ b/terraform/environments/ccms-ebs-upgrade/application_variables.json @@ -4,7 +4,11 @@ "short_env": "dev", "dns": "laa-development", "ses_domain_identity": "dev.legalservices.gov.uk", - "instance-scheduling": "skip-scheduling", + "instance-scheduling-accessgate": "skip-scheduling", + "instance-scheduling-ebsapps": "default", + "instance-scheduling-ebsconc": "skip-scheduling", + "instance-scheduling-ebsdb": "skip-scheduling", + "instance-scheduling-webgate": "skip-scheduling", "ec2_oracle_instance_type_ebsdb_test": "x2iedn.8xlarge", "ec2_oracle_instance_type_ebsdb": "m5d.4xlarge", "ec2_oracle_instance_cores_ebsdb": "8", @@ -100,7 +104,12 @@ "ebs_size_ebsconc_home": 100, "ebs_size_ebsconc_stage": 100, "ebs_size_ebsconc_temp": 100, - "ebs_backup_snapshot_id": "snap-0cdfe4b46c1e34ebb" + "ebs_backup_snapshot_id": "snap-0cdfe4b46c1e34ebb", + "instance_role_accessgate": "accessgate", + "instance_role_ebsapps": "apps", + "instance_role_ebsconc": "conc", + "instance_role_ebsdb": "db", + "instance_role_webgate": "webgate" } }, "webgate_ebs": { diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf b/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf deleted file mode 100644 index 9776cfef4ba..00000000000 --- a/terraform/environments/ccms-ebs-upgrade/ccms-ssm-documents.tf +++ /dev/null @@ -1,23 +0,0 @@ -resource "aws_ssm_document" "ebs_apps_service_start" { - name = "EBS-Apps-Service-Start" - document_type = "Command" - document_format = "YAML" - - content = file("ccms-ssm-document-ebs-apps-service-start.yaml") -} - -resource "aws_ssm_document" "ebs_apps_service_status" { - name = "EBS-Apps-Service-Status" - document_type = "Command" - document_format = "YAML" - - content = file("ccms-ssm-document-ebs-apps-service-status.yaml") -} - -resource "aws_ssm_document" "ebs_apps_service_stop" { - name = "EBS-Apps-Service-Stop" - document_type = "Command" - document_format = "YAML" - - content = file("ccms-ssm-document-ebs-apps-service-stop.yaml") -} \ No newline at end of file diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm.tf b/terraform/environments/ccms-ebs-upgrade/ccms-ssm.tf new file mode 100644 index 00000000000..92c364b2ccf --- /dev/null +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm.tf @@ -0,0 +1,92 @@ +resource "aws_ssm_document" "ebs_apps_service_start" { + name = "EBS-Apps-Service-Start" + document_type = "Command" + document_format = "YAML" + + content = file("ccms-ssm-document-ebs-apps-service-start.yaml") +} + +resource "aws_ssm_document" "ebs_apps_service_status" { + name = "EBS-Apps-Service-Status" + document_type = "Command" + document_format = "YAML" + + content = file("ccms-ssm-document-ebs-apps-service-status.yaml") +} + +resource "aws_ssm_document" "ebs_apps_service_stop" { + name = "EBS-Apps-Service-Stop" + document_type = "Command" + document_format = "YAML" + + content = file("ccms-ssm-document-ebs-apps-service-stop.yaml") +} + +resource "aws_ssm_maintenance_window" "ebs_apps_service_status_mw" { + name = "EBS-Apps-Service-Status" + schedule = "cron(*/15 * * * ? *)" + duration = 1 + cutoff = 0 + allow_unassociated_targets = false +} + +resource "aws_ssm_maintenance_window" "ebs_apps_service_start_mw" { + name = "EBS-Apps-Service-Start" + schedule = "cron(15 7 * * ? *)" # "cron(15 7 ? * MON-FRI *)" + duration = 1 + cutoff = 0 + allow_unassociated_targets = false +} + +resource "aws_ssm_maintenance_window" "ebs_apps_service_stop_mw" { + name = "EBS-Apps-Service-Stop" + schedule = "cron(45 17 * * ? *)" + duration = 1 + cutoff = 0 + allow_unassociated_targets = false +} + +# resource "aws_ssm_maintenance_window_target" "ebs_apps_service_status_targets" { +# window_id = aws_ssm_maintenance_window.ebs_apps_service_status_mw.id +# resource_type = "INSTANCE" +# +# targets { +# key = "ResourceGroup" +# values = ["EBS-Apps"] +# } +# } +# +# resource "aws_ssm_maintenance_window_target" "ebs_apps_service_start_targets" { +# window_id = aws_ssm_maintenance_window.ebs_apps_service_start_mw.id +# resource_type = "INSTANCE" +# +# targets { +# key = "ResourceGroup" +# values = ["EBS-Apps"] +# } +# } +# +# resource "aws_ssm_maintenance_window_target" "ebs_apps_service_stop_targets" { +# window_id = aws_ssm_maintenance_window.ebs_apps_service_stop_mw.id +# resource_type = "INSTANCE" +# +# targets { +# key = "ResourceGroup" +# values = ["EBS-Apps"] +# } +# } + +# resource "aws_ssm_association" "start_app_association" { +# name = "StartAppMaintenanceWindowAssociation" +# document_version = "$LATEST" +# instance_id = aws_ssm_maintenance_window_target.foo_ec2_targets.targets[0].key +# targets { +# key = "WindowTargetIds" +# values = [aws_ssm_maintenance_window_target.foo_ec2_targets.id] +# } +# parameters { +# "documentVersion" = "$LATEST" +# "documentName" = aws_ssm_document.start_app_command_document.name +# } +# schedule_expression = "cron(15 7 ? * MON-FRI *)" +# } \ No newline at end of file From cb4958f04336f82410923e315f76b1110aa73d8d Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Thu, 21 Mar 2024 09:54:05 +0000 Subject: [PATCH 15/19] CC-2391: Fixed a typo. --- .../environments/ccms-ebs-upgrade/ccms-ssm.tf | 24 +++---- .../ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf | 33 +++++----- .../ccms-ebs-upgrade/ec2-oracle_ebs_db.tf | 64 +++++++++---------- 3 files changed, 60 insertions(+), 61 deletions(-) diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-ssm.tf b/terraform/environments/ccms-ebs-upgrade/ccms-ssm.tf index 92c364b2ccf..af1ed497e19 100644 --- a/terraform/environments/ccms-ebs-upgrade/ccms-ssm.tf +++ b/terraform/environments/ccms-ebs-upgrade/ccms-ssm.tf @@ -23,26 +23,26 @@ resource "aws_ssm_document" "ebs_apps_service_stop" { } resource "aws_ssm_maintenance_window" "ebs_apps_service_status_mw" { - name = "EBS-Apps-Service-Status" - schedule = "cron(*/15 * * * ? *)" - duration = 1 - cutoff = 0 + name = "EBS-Apps-Service-Status" + schedule = "cron(*/15 * * * ? *)" + duration = 1 + cutoff = 0 allow_unassociated_targets = false } resource "aws_ssm_maintenance_window" "ebs_apps_service_start_mw" { - name = "EBS-Apps-Service-Start" - schedule = "cron(15 7 * * ? *)" # "cron(15 7 ? * MON-FRI *)" - duration = 1 - cutoff = 0 + name = "EBS-Apps-Service-Start" + schedule = "cron(15 7 * * ? *)" # "cron(15 7 ? * MON-FRI *)" + duration = 1 + cutoff = 0 allow_unassociated_targets = false } resource "aws_ssm_maintenance_window" "ebs_apps_service_stop_mw" { - name = "EBS-Apps-Service-Stop" - schedule = "cron(45 17 * * ? *)" - duration = 1 - cutoff = 0 + name = "EBS-Apps-Service-Stop" + schedule = "cron(45 17 * * ? *)" + duration = 1 + cutoff = 0 allow_unassociated_targets = false } diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf index 074d465524d..8532ae6974a 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps.tf @@ -60,10 +60,10 @@ resource "aws_ebs_volume" "swap" { iops = 3000 encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id - tags = merge(local.tags, - { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "swap")) }, - { device-name = "/dev/sdb" } - ) + tags = merge(local.tags, + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "swap")) }, + { device-name = "/dev/sdb" } + ) } resource "aws_volume_attachment" "swap_att" { @@ -86,8 +86,8 @@ resource "aws_ebs_volume" "temp" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "temp")) }, - { device-name = "/dev/sdc" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "temp")) }, + { device-name = "/dev/sdc" } ) } @@ -111,8 +111,8 @@ resource "aws_ebs_volume" "home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "home")) }, - { device-name = "/dev/sdd" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "home")) }, + { device-name = "/dev/sdd" } ) } @@ -136,9 +136,8 @@ resource "aws_ebs_volume" "apps_export_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = "export home" } - { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "export-home")) }, - { device-name = "/dev/sdh" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "export-home")) }, + { device-name = "/dev/sdh" } ) } @@ -162,8 +161,8 @@ resource "aws_ebs_volume" "apps_u01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "u01")) }, - { device-name = "/dev/sdi" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "u01")) }, + { device-name = "/dev/sdi" } ) } @@ -187,8 +186,8 @@ resource "aws_ebs_volume" "apps_u03" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "u03")) }, - { device-name = "/dev/sdj" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "u03")) }, + { device-name = "/dev/sdj" } ) } @@ -212,8 +211,8 @@ resource "aws_ebs_volume" "stage" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "stage")) }, - { device-name = "/dev/sdk" } + { Name = lower(format("%s-%s-%s", local.application_data.accounts[local.environment].instance_role_ebsapps, count.index + 1, "stage")) }, + { device-name = "/dev/sdk" } ) } diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_db.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_db.tf index 3e4fb8dcdd6..b369ececf02 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_db.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_db.tf @@ -58,8 +58,8 @@ resource "aws_ebs_volume" "ebsdb_swap" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "swap")) }, - { device-name = "/dev/sdb" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "swap")) }, + { device-name = "/dev/sdb" } ) } @@ -83,8 +83,8 @@ resource "aws_ebs_volume" "export_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "export-home")) }, - { device-name = "/dev/sdh" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "export-home")) }, + { device-name = "/dev/sdh" } ) } @@ -105,8 +105,8 @@ resource "aws_ebs_volume" "u01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "u01")) }, - { device-name = "/dev/sdi" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "u01")) }, + { device-name = "/dev/sdi" } ) } @@ -127,8 +127,8 @@ resource "aws_ebs_volume" "arch" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "arch")) }, - { device-name = "/dev/sdj" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "arch")) }, + { device-name = "/dev/sdj" } ) } @@ -149,8 +149,8 @@ resource "aws_ebs_volume" "dbf" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf")) }, - { device-name = "/dev/sdk" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf")) }, + { device-name = "/dev/sdk" } ) } @@ -171,8 +171,8 @@ resource "aws_ebs_volume" "dbf01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf01")) }, - { device-name = "/dev/sde" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf01")) }, + { device-name = "/dev/sde" } ) } @@ -196,8 +196,8 @@ resource "aws_ebs_volume" "dbf02" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf02")) }, - { device-name = "/dev/sdf" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf02")) }, + { device-name = "/dev/sdf" } ) } @@ -221,8 +221,8 @@ resource "aws_ebs_volume" "dbf03" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf03")) }, - { device-name = "/dev/sdg" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "dbf03")) }, + { device-name = "/dev/sdg" } ) } @@ -246,8 +246,8 @@ resource "aws_ebs_volume" "redoA" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "redoA")) }, - { device-name = "/dev/sdl" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "redoA")) }, + { device-name = "/dev/sdl" } ) } @@ -268,8 +268,8 @@ resource "aws_ebs_volume" "techst" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "techst")) }, - { device-name = "/dev/sdm" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "techst")) }, + { device-name = "/dev/sdm" } ) } @@ -291,8 +291,8 @@ resource "aws_ebs_volume" "backup" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "backup")) }, - { device-name = "/dev/sdn" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "backup")) }, + { device-name = "/dev/sdn" } ) } @@ -313,8 +313,8 @@ resource "aws_ebs_volume" "redoB" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "redoB")) }, - { device-name = "/dev/sdo" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "redoB")) }, + { device-name = "/dev/sdo" } ) } @@ -338,8 +338,8 @@ resource "aws_ebs_volume" "diag" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "diag")) }, - { device-name = "/dev/sdp" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "diag")) }, + { device-name = "/dev/sdp" } ) } @@ -364,8 +364,8 @@ resource "aws_ebs_volume" "appshare" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "appshare")) }, - { device-name = "/dev/sdq" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "appshare")) }, + { device-name = "/dev/sdq" } ) } @@ -389,8 +389,8 @@ resource "aws_ebs_volume" "db_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "db-home")) }, - { device-name = "/dev/sdr" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "db-home")) }, + { device-name = "/dev/sdr" } ) } @@ -411,8 +411,8 @@ resource "aws_ebs_volume" "db_temp" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "db-temp")) }, - { device-name = "/dev/sds" } + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "db-temp")) }, + { device-name = "/dev/sds" } ) } From 5aac76f9857426f48030638a71d64e52a028360d Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Thu, 21 Mar 2024 09:58:58 +0000 Subject: [PATCH 16/19] CC-2391: 'skip-scheduling' for EBS Apps. --- .../environments/ccms-ebs-upgrade/application_variables.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/ccms-ebs-upgrade/application_variables.json b/terraform/environments/ccms-ebs-upgrade/application_variables.json index 7ab4ddbb43d..17c8109723b 100644 --- a/terraform/environments/ccms-ebs-upgrade/application_variables.json +++ b/terraform/environments/ccms-ebs-upgrade/application_variables.json @@ -5,7 +5,7 @@ "dns": "laa-development", "ses_domain_identity": "dev.legalservices.gov.uk", "instance-scheduling-accessgate": "skip-scheduling", - "instance-scheduling-ebsapps": "default", + "instance-scheduling-ebsapps": "skip-scheduling", "instance-scheduling-ebsconc": "skip-scheduling", "instance-scheduling-ebsdb": "skip-scheduling", "instance-scheduling-webgate": "skip-scheduling", From 945b59f72c401a8e2b54470dac4ace4c2fea7aab Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:12:46 +0000 Subject: [PATCH 17/19] CC-2391: Fixed typos. --- .../ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf index c35516a29cc..abb22a932d9 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf @@ -39,7 +39,7 @@ resource "aws_instance" "ec2_oracle_conc" { tags = merge(local.tags, { Name = lower(format("ec2-%s-%s-ebsconc", local.application_name, local.environment)) }, { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling-ebsconc }, - { instance-role = local.application_data.accounts[local.environment].instance_role_ebsapps }, + { instance-role = local.application_data.accounts[local.environment].instance_role_conc }, { backup = "true" }, { OracleDbLTS-ManagedInstance = "true" } ) @@ -57,7 +57,7 @@ resource "aws_ebs_volume" "conc_export_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "export/home")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "export/home")) }, { device-name = "/dev/sdh" } ) } @@ -79,7 +79,7 @@ resource "aws_ebs_volume" "conc_u01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "u01")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "u01")) }, { device-name = "/dev/sdi" } ) } @@ -101,7 +101,7 @@ resource "aws_ebs_volume" "conc_u03" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "u03")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "u03")) }, { device-name = "/dev/sdj" } ) } @@ -123,7 +123,7 @@ resource "aws_ebs_volume" "conc_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "home")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "home")) }, { device-name = "/dev/sdk" } ) } @@ -145,7 +145,7 @@ resource "aws_ebs_volume" "conc_stage" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "stage")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "stage")) }, { device-name = "/dev/sdl" } ) } @@ -167,7 +167,7 @@ resource "aws_ebs_volume" "conc_temp" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsdb, "temp")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "temp")) }, { device-name = "/dev/sdm" } ) } From 2e0881018659beaa62eacdfdd1e15cbf6c9710de Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:15:24 +0000 Subject: [PATCH 18/19] CC-2391: Fixed typos. --- .../ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf index abb22a932d9..37774056771 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_conc.tf @@ -39,7 +39,7 @@ resource "aws_instance" "ec2_oracle_conc" { tags = merge(local.tags, { Name = lower(format("ec2-%s-%s-ebsconc", local.application_name, local.environment)) }, { instance-scheduling = local.application_data.accounts[local.environment].instance-scheduling-ebsconc }, - { instance-role = local.application_data.accounts[local.environment].instance_role_conc }, + { instance-role = local.application_data.accounts[local.environment].instance_role_ebsconc }, { backup = "true" }, { OracleDbLTS-ManagedInstance = "true" } ) @@ -57,7 +57,7 @@ resource "aws_ebs_volume" "conc_export_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "export/home")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsconc, "export/home")) }, { device-name = "/dev/sdh" } ) } @@ -79,7 +79,7 @@ resource "aws_ebs_volume" "conc_u01" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "u01")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsconc, "u01")) }, { device-name = "/dev/sdi" } ) } @@ -101,7 +101,7 @@ resource "aws_ebs_volume" "conc_u03" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "u03")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsconc, "u03")) }, { device-name = "/dev/sdj" } ) } @@ -123,7 +123,7 @@ resource "aws_ebs_volume" "conc_home" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "home")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsconc, "home")) }, { device-name = "/dev/sdk" } ) } @@ -145,7 +145,7 @@ resource "aws_ebs_volume" "conc_stage" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "stage")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsconc, "stage")) }, { device-name = "/dev/sdl" } ) } @@ -167,7 +167,7 @@ resource "aws_ebs_volume" "conc_temp" { encrypted = true kms_key_id = data.aws_kms_key.ebs_shared.key_id tags = merge(local.tags, - { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_conc, "temp")) }, + { Name = lower(format("%s-%s", local.application_data.accounts[local.environment].instance_role_ebsconc, "temp")) }, { device-name = "/dev/sdm" } ) } From 67e09cd5df8d0c43aa9218b387820397e8d154f6 Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:32:23 +0000 Subject: [PATCH 19/19] CC-2391: Added Resource Groups. --- .../ccms-ebs-upgrade/ccms-resource-groups.tf | 119 ++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 terraform/environments/ccms-ebs-upgrade/ccms-resource-groups.tf diff --git a/terraform/environments/ccms-ebs-upgrade/ccms-resource-groups.tf b/terraform/environments/ccms-ebs-upgrade/ccms-resource-groups.tf new file mode 100644 index 00000000000..a868287a62c --- /dev/null +++ b/terraform/environments/ccms-ebs-upgrade/ccms-resource-groups.tf @@ -0,0 +1,119 @@ +resource "aws_resourcegroups_group" "accessgate" { + name = "accessgate" + description = "Accessgate instances" + + resource_query { + query = <