From 97c857c3b8914b9084a790a70bfca3cfee779d7d Mon Sep 17 00:00:00 2001 From: modernisation-platform-ci Date: Mon, 22 Jul 2024 05:00:31 +0000 Subject: [PATCH] Updates from GitHub Actions Format Code workflow --- terraform/environments/cica-tariff/locals.tf | 38 ++++++------ .../cica-tariff/tariff_ec2_app.tf | 28 ++++----- .../cica-tariff/tariff_vpc_endpoints.tf | 60 +++++++++---------- .../application_variables.json | 1 - .../contract-work-administration/ses.tf | 4 +- .../contract-work-administration/smtp.tf | 28 ++++----- .../delius-mis/locals_preproduction.tf | 18 +++--- .../environments/delius-mis/locals_stage.tf | 18 +++--- .../application_variables.json | 34 ++++++----- .../digital-prison-reporting/outputs.tf | 2 +- .../edw/application_variables.json | 1 - terraform/environments/edw/ec2.tf | 6 +- .../electronic-monitoring-data/lambdas_iam.tf | 22 +++---- .../lambdas_main.tf | 36 +++++------ .../locals_ec2_autoscaling_groups.tf | 2 +- .../locals_preproduction.tf | 2 +- .../hmpps-oem/locals_development.tf | 2 +- .../templates/cloud_watch_windows.json | 8 +-- .../environments/performance-hub/database.tf | 22 +++---- 19 files changed, 166 insertions(+), 166 deletions(-) diff --git a/terraform/environments/cica-tariff/locals.tf b/terraform/environments/cica-tariff/locals.tf index d2671d03bee..0552da5e979 100644 --- a/terraform/environments/cica-tariff/locals.tf +++ b/terraform/environments/cica-tariff/locals.tf @@ -1,43 +1,43 @@ #### This file can be used to store locals specific to the member account #### -locals{ -pubkey = { -"development" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3Fq4UnSs9jsFRxG7WV/2g4C4gTaG+7J5p5oi3Eup27MMoNBGTQV64ZETq8Gzx0Dx9R5xnj/y1DT350om2cdcGUYUDu47mOY+VXXtJpzK94R5ZzN+74xjz/swTgJQaOY8iaeSNsILkFMm50xTr7gzSaAswL95RH8h1IibzheqmwkHtN97JEaXkJbhE/CYNPmJzUahNG05vEnBG4op7OG5oLi+7cvZlrnho9lpkWRcOgXaS/mQsMKb45plYCU52reWIZhO9IoxaXULoYybk617I0Blhe2IvYcXfWZGw5xrfJrPJFiiK5fmYGgMp0d1J730kKZ5sOh0Y7Bdf3XXefUIaHlKe95/rXQczw5EeMG+lRt6cOS3XAh4CquyvwY3Oj2HgDLE2JMQS3Y9k8dBpopUCGLvk7MnHMb4SLF4FEoaeJQdv07c6amOQm5Hk0l13TAzlQg+xkyW0y3aluLdAyH6fucbwFiUnAINm9tqem7ZGghWxaC6X9xBUpCDOWPO/3KjpLvPNRrmIgEfSh73o3Jks16Ef3f94XOCM+exO8mTuAYK3F6Uhc2I6xMb3Wp35PBOZbKBEZCeoDvyb841UKHd6LLrgQELEOG+xd3UzM24JMh2FEnbCj3orIw2Zj1B4Udyu2EyV7BLpUhMt/jNt9Jonf1MqVzn9M3JfjUQEjYwVqQ==" -} -cidr_cica_ss_a = "10.10.10.0/24" -cidr_cica_ss_b = "10.10.110.0/24" +locals { + pubkey = { + "development" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3Fq4UnSs9jsFRxG7WV/2g4C4gTaG+7J5p5oi3Eup27MMoNBGTQV64ZETq8Gzx0Dx9R5xnj/y1DT350om2cdcGUYUDu47mOY+VXXtJpzK94R5ZzN+74xjz/swTgJQaOY8iaeSNsILkFMm50xTr7gzSaAswL95RH8h1IibzheqmwkHtN97JEaXkJbhE/CYNPmJzUahNG05vEnBG4op7OG5oLi+7cvZlrnho9lpkWRcOgXaS/mQsMKb45plYCU52reWIZhO9IoxaXULoYybk617I0Blhe2IvYcXfWZGw5xrfJrPJFiiK5fmYGgMp0d1J730kKZ5sOh0Y7Bdf3XXefUIaHlKe95/rXQczw5EeMG+lRt6cOS3XAh4CquyvwY3Oj2HgDLE2JMQS3Y9k8dBpopUCGLvk7MnHMb4SLF4FEoaeJQdv07c6amOQm5Hk0l13TAzlQg+xkyW0y3aluLdAyH6fucbwFiUnAINm9tqem7ZGghWxaC6X9xBUpCDOWPO/3KjpLvPNRrmIgEfSh73o3Jks16Ef3f94XOCM+exO8mTuAYK3F6Uhc2I6xMb3Wp35PBOZbKBEZCeoDvyb841UKHd6LLrgQELEOG+xd3UzM24JMh2FEnbCj3orIw2Zj1B4Udyu2EyV7BLpUhMt/jNt9Jonf1MqVzn9M3JfjUQEjYwVqQ==" + } + cidr_cica_ss_a = "10.10.10.0/24" + cidr_cica_ss_b = "10.10.110.0/24" -#get snapshot IDs for each volume. Required to stop instance replacement on apply -block_device_mapping_xvde = { + #get snapshot IDs for each volume. Required to stop instance replacement on apply + block_device_mapping_xvde = { for mapping in data.aws_ami.shared_ami.block_device_mappings : "0" => mapping if mapping.device_name == "xvde" } -snapshot_id_xvde = local.block_device_mapping_xvde[0].ebs.snapshot_id - -block_device_mapping_xvdf = { + snapshot_id_xvde = local.block_device_mapping_xvde[0].ebs.snapshot_id + + block_device_mapping_xvdf = { for mapping in data.aws_ami.shared_ami.block_device_mappings : "1" => mapping if mapping.device_name == "xvdf" } -snapshot_id_xvdf = local.block_device_mapping_xvdf[1].ebs.snapshot_id + snapshot_id_xvdf = local.block_device_mapping_xvdf[1].ebs.snapshot_id -block_device_mapping_xvdg = { + block_device_mapping_xvdg = { for mapping in data.aws_ami.shared_ami.block_device_mappings : "2" => mapping if mapping.device_name == "xvdg" } -snapshot_id_xvdg = local.block_device_mapping_xvdg[2].ebs.snapshot_id + snapshot_id_xvdg = local.block_device_mapping_xvdg[2].ebs.snapshot_id -block_device_mapping_xvdh = { + block_device_mapping_xvdh = { for mapping in data.aws_ami.shared_ami.block_device_mappings : "3" => mapping if mapping.device_name == "xvdh" } -snapshot_id_xvdh = local.block_device_mapping_xvdh[3].ebs.snapshot_id + snapshot_id_xvdh = local.block_device_mapping_xvdh[3].ebs.snapshot_id -block_device_mapping_xvdi = { + block_device_mapping_xvdi = { for mapping in data.aws_ami.shared_ami.block_device_mappings : "4" => mapping if mapping.device_name == "xvdi" } -snapshot_id_xvdi = local.block_device_mapping_xvdi[4].ebs.snapshot_id + snapshot_id_xvdi = local.block_device_mapping_xvdi[4].ebs.snapshot_id -block_device_mapping_merge = merge(local.block_device_mapping_xvde, local.block_device_mapping_xvdf, local.block_device_mapping_xvdg, local.block_device_mapping_xvdh, local.block_device_mapping_xvdi) + block_device_mapping_merge = merge(local.block_device_mapping_xvde, local.block_device_mapping_xvdf, local.block_device_mapping_xvdg, local.block_device_mapping_xvdh, local.block_device_mapping_xvdi) } diff --git a/terraform/environments/cica-tariff/tariff_ec2_app.tf b/terraform/environments/cica-tariff/tariff_ec2_app.tf index 2f17aac1300..73a5cbddfd1 100644 --- a/terraform/environments/cica-tariff/tariff_ec2_app.tf +++ b/terraform/environments/cica-tariff/tariff_ec2_app.tf @@ -31,47 +31,47 @@ resource "aws_instance" "tariff_app" { volume_size = 20 } ebs_block_device { - device_name = "xvde" + device_name = "xvde" delete_on_termination = true encrypted = true volume_size = 100 - snapshot_id = local.snapshot_id_xvde + snapshot_id = local.snapshot_id_xvde } - ebs_block_device { - device_name = "xvdf" + ebs_block_device { + device_name = "xvdf" delete_on_termination = true encrypted = true volume_size = 100 - snapshot_id = local.snapshot_id_xvdf + snapshot_id = local.snapshot_id_xvdf } ebs_block_device { - device_name = "xvdg" + device_name = "xvdg" delete_on_termination = true encrypted = true volume_size = 100 snapshot_id = local.snapshot_id_xvdg } - + ebs_block_device { - device_name = "xvdh" + device_name = "xvdh" delete_on_termination = true encrypted = true volume_size = 16 - snapshot_id = local.snapshot_id_xvdh + snapshot_id = local.snapshot_id_xvdh } ebs_block_device { - device_name = "xvdi" + device_name = "xvdi" delete_on_termination = true encrypted = true volume_size = 30 - snapshot_id = local.snapshot_id_xvdi + snapshot_id = local.snapshot_id_xvdi } volume_tags = merge(tomap({ - "Name" = "${local.application_name}-app-root", - "volume-attach-host" = "app", - "volume-mount-path" = "/" + "Name" = "${local.application_name}-app-root", + "volume-attach-host" = "app", + "volume-mount-path" = "/" }), local.tags) tags = merge(tomap({ diff --git a/terraform/environments/cica-tariff/tariff_vpc_endpoints.tf b/terraform/environments/cica-tariff/tariff_vpc_endpoints.tf index 19e12139911..8665be14027 100644 --- a/terraform/environments/cica-tariff/tariff_vpc_endpoints.tf +++ b/terraform/environments/cica-tariff/tariff_vpc_endpoints.tf @@ -2,11 +2,11 @@ #ssm resource "aws_vpc_endpoint" "ssm" { - vpc_id = data.aws_vpc.shared.id - service_name = "com.amazonaws.eu-west-2.ssm" - vpc_endpoint_type = "Interface" - subnet_ids = data.aws_subnets.shared-private.ids - tags = merge(tomap({ + vpc_id = data.aws_vpc.shared.id + service_name = "com.amazonaws.eu-west-2.ssm" + vpc_endpoint_type = "Interface" + subnet_ids = data.aws_subnets.shared-private.ids + tags = merge(tomap({ "Name" = lower(format("ssm-%s-endpoint", local.application_name)), "hostname" = "${local.application_name}-app", }), local.tags) @@ -14,11 +14,11 @@ resource "aws_vpc_endpoint" "ssm" { } resource "aws_vpc_endpoint" "ec2messages" { - vpc_id = data.aws_vpc.shared.id - service_name = "com.amazonaws.eu-west-2.ec2messages" - vpc_endpoint_type = "Interface" - subnet_ids = data.aws_subnets.shared-private.ids - tags = merge(tomap({ + vpc_id = data.aws_vpc.shared.id + service_name = "com.amazonaws.eu-west-2.ec2messages" + vpc_endpoint_type = "Interface" + subnet_ids = data.aws_subnets.shared-private.ids + tags = merge(tomap({ "Name" = lower(format("ec2-messages-%s-endpoint", local.application_name)), "hostname" = "${local.application_name}-app", }), local.tags) @@ -28,22 +28,22 @@ resource "aws_vpc_endpoint" "ec2messages" { resource "aws_vpc_endpoint" "ec2" { - vpc_id = data.aws_vpc.shared.id - service_name = "com.amazonaws.eu-west-2.ec2" - vpc_endpoint_type = "Interface" - subnet_ids = data.aws_subnets.shared-private.ids - tags = merge(tomap({ + vpc_id = data.aws_vpc.shared.id + service_name = "com.amazonaws.eu-west-2.ec2" + vpc_endpoint_type = "Interface" + subnet_ids = data.aws_subnets.shared-private.ids + tags = merge(tomap({ "Name" = lower(format("ec2-%s-endpoint", local.application_name)), "hostname" = "${local.application_name}-app", }), local.tags) } resource "aws_vpc_endpoint" "ssm_messages" { - vpc_id = data.aws_vpc.shared.id - service_name = "com.amazonaws.eu-west-2.ssmmessages" - vpc_endpoint_type = "Interface" - subnet_ids = data.aws_subnets.shared-private.ids - tags = merge(tomap({ + vpc_id = data.aws_vpc.shared.id + service_name = "com.amazonaws.eu-west-2.ssmmessages" + vpc_endpoint_type = "Interface" + subnet_ids = data.aws_subnets.shared-private.ids + tags = merge(tomap({ "Name" = lower(format("ssm-messages-%s-endpoint", local.application_name)), "hostname" = "${local.application_name}-app", }), local.tags) @@ -51,11 +51,11 @@ resource "aws_vpc_endpoint" "ssm_messages" { } resource "aws_vpc_endpoint" "kms" { - vpc_id = data.aws_vpc.shared.id - service_name = "com.amazonaws.eu-west-2.kms" - vpc_endpoint_type = "Interface" - subnet_ids = data.aws_subnets.shared-private.ids - tags = merge(tomap({ + vpc_id = data.aws_vpc.shared.id + service_name = "com.amazonaws.eu-west-2.kms" + vpc_endpoint_type = "Interface" + subnet_ids = data.aws_subnets.shared-private.ids + tags = merge(tomap({ "Name" = lower(format("kms-%s-endpoint", local.application_name)), "hostname" = "${local.application_name}-app", }), local.tags) @@ -63,11 +63,11 @@ resource "aws_vpc_endpoint" "kms" { } resource "aws_vpc_endpoint" "logs" { - vpc_id = data.aws_vpc.shared.id - service_name = "com.amazonaws.eu-west-2.logs" - vpc_endpoint_type = "Interface" - subnet_ids = data.aws_subnets.shared-private.ids - tags = merge(tomap({ + vpc_id = data.aws_vpc.shared.id + service_name = "com.amazonaws.eu-west-2.logs" + vpc_endpoint_type = "Interface" + subnet_ids = data.aws_subnets.shared-private.ids + tags = merge(tomap({ "Name" = lower(format("logs-%s-endpoint", local.application_name)), "hostname" = "${local.application_name}-app", }), local.tags) diff --git a/terraform/environments/contract-work-administration/application_variables.json b/terraform/environments/contract-work-administration/application_variables.json index 387ee6ddde6..15dcc475555 100644 --- a/terraform/environments/contract-work-administration/application_variables.json +++ b/terraform/environments/contract-work-administration/application_variables.json @@ -47,7 +47,6 @@ "smtp_instance_type": "t2.large", "old_mail_server_url": "mail.aws.dev.legalservices.gov.uk", "old_domain_name": "dev.legalservices.gov.uk" - }, "test": { "example_var": "test-data" diff --git a/terraform/environments/contract-work-administration/ses.tf b/terraform/environments/contract-work-administration/ses.tf index 6ceb3c54aee..199353e4a2a 100644 --- a/terraform/environments/contract-work-administration/ses.tf +++ b/terraform/environments/contract-work-administration/ses.tf @@ -2,7 +2,7 @@ resource "aws_sesv2_email_identity" "cwa" { email_identity = local.environment == "production" ? "tbc" : data.aws_route53_zone.external.name configuration_set_name = local.environment == "production" ? aws_sesv2_configuration_set.cwa[0].configuration_set_name : null dkim_signing_attributes { - next_signing_key_length = "RSA_1024_BIT" + next_signing_key_length = "RSA_1024_BIT" } tags = local.tags } @@ -142,7 +142,7 @@ resource "aws_secretsmanager_secret" "smtp_sesrsa" { ## TODO Create Kinesis Data Firehose and IAM role for Production, then enable below to set event destination resource "aws_sesv2_configuration_set" "cwa" { - count = contains(["production"], local.environment) ? 1 : 0 + count = contains(["production"], local.environment) ? 1 : 0 configuration_set_name = "${local.environment}-configuration-set" delivery_options { diff --git a/terraform/environments/contract-work-administration/smtp.tf b/terraform/environments/contract-work-administration/smtp.tf index d5a60f442b9..7bd763fb489 100644 --- a/terraform/environments/contract-work-administration/smtp.tf +++ b/terraform/environments/contract-work-administration/smtp.tf @@ -48,14 +48,14 @@ EOF ###################################### resource "aws_instance" "smtp" { - ami = local.application_data.accounts[local.environment].smtp_ami_id - availability_zone = "eu-west-2a" - instance_type = local.application_data.accounts[local.environment].smtp_instance_type - monitoring = true - vpc_security_group_ids = [aws_security_group.smtp.id] - subnet_id = data.aws_subnet.data_subnets_a.id - iam_instance_profile = aws_iam_instance_profile.smtp.id -# key_name = aws_key_pair.cwa.key_name + ami = local.application_data.accounts[local.environment].smtp_ami_id + availability_zone = "eu-west-2a" + instance_type = local.application_data.accounts[local.environment].smtp_instance_type + monitoring = true + vpc_security_group_ids = [aws_security_group.smtp.id] + subnet_id = data.aws_subnet.data_subnets_a.id + iam_instance_profile = aws_iam_instance_profile.smtp.id + # key_name = aws_key_pair.cwa.key_name user_data_base64 = base64encode(local.smtp_userdata) user_data_replace_on_change = true metadata_options { @@ -92,11 +92,11 @@ resource "aws_vpc_security_group_egress_rule" "smtp_outbound" { } resource "aws_vpc_security_group_ingress_rule" "smtp_vpc" { - security_group_id = aws_security_group.smtp.id - description = "SMTP access" - cidr_ipv4 = data.aws_vpc.shared.cidr_block - from_port = 25 - ip_protocol = "tcp" - to_port = 25 + security_group_id = aws_security_group.smtp.id + description = "SMTP access" + cidr_ipv4 = data.aws_vpc.shared.cidr_block + from_port = 25 + ip_protocol = "tcp" + to_port = 25 } diff --git a/terraform/environments/delius-mis/locals_preproduction.tf b/terraform/environments/delius-mis/locals_preproduction.tf index b9df3153d2d..186e3dd47ec 100644 --- a/terraform/environments/delius-mis/locals_preproduction.tf +++ b/terraform/environments/delius-mis/locals_preproduction.tf @@ -297,15 +297,15 @@ locals { ebs_volumes = { "/dev/sdb" = { label = "app", size = 200 } # /u01 "/dev/sdc" = { label = "app", size = 100 } # /u02 - "/dev/sdf" = { label = "data" } # DATA - "/dev/sdg" = { label = "data" } # DATA - "/dev/sdh" = { label = "data" } # DATA - "/dev/sdi" = { label = "data" } # DATA - "/dev/sdj" = { label = "data" } # DATA - "/dev/sdk" = { label = "flash" } # FLASH - "/dev/sdl" = { label = "flash" } # FLASH - "/dev/sdm" = { label = "flash" } # FLASH - "/dev/sdn" = { label = "flash" } # FLASH + "/dev/sdf" = { label = "data" } # DATA + "/dev/sdg" = { label = "data" } # DATA + "/dev/sdh" = { label = "data" } # DATA + "/dev/sdi" = { label = "data" } # DATA + "/dev/sdj" = { label = "data" } # DATA + "/dev/sdk" = { label = "flash" } # FLASH + "/dev/sdl" = { label = "flash" } # FLASH + "/dev/sdm" = { label = "flash" } # FLASH + "/dev/sdn" = { label = "flash" } # FLASH "/dev/sds" = { label = "swap" } } ebs_volume_config = { diff --git a/terraform/environments/delius-mis/locals_stage.tf b/terraform/environments/delius-mis/locals_stage.tf index 387fdaa53d6..90eaf29176b 100644 --- a/terraform/environments/delius-mis/locals_stage.tf +++ b/terraform/environments/delius-mis/locals_stage.tf @@ -340,15 +340,15 @@ locals { ebs_volumes = { "/dev/sdb" = { label = "app", size = 200 } # /u01 "/dev/sdc" = { label = "app", size = 100 } # /u02 - "/dev/sdf" = { label = "data" } # DATA - "/dev/sdg" = { label = "data" } # DATA - "/dev/sdh" = { label = "data" } # DATA - "/dev/sdi" = { label = "data" } # DATA - "/dev/sdj" = { label = "data" } # DATA - "/dev/sdk" = { label = "flash" } # FLASH - "/dev/sdl" = { label = "flash" } # FLASH - "/dev/sdm" = { label = "flash" } # FLASH - "/dev/sdn" = { label = "flash" } # FLASH + "/dev/sdf" = { label = "data" } # DATA + "/dev/sdg" = { label = "data" } # DATA + "/dev/sdh" = { label = "data" } # DATA + "/dev/sdi" = { label = "data" } # DATA + "/dev/sdj" = { label = "data" } # DATA + "/dev/sdk" = { label = "flash" } # FLASH + "/dev/sdl" = { label = "flash" } # FLASH + "/dev/sdm" = { label = "flash" } # FLASH + "/dev/sdn" = { label = "flash" } # FLASH "/dev/sds" = { label = "swap" } } ebs_volume_config = { diff --git a/terraform/environments/digital-prison-reporting/application_variables.json b/terraform/environments/digital-prison-reporting/application_variables.json index c0a546938e6..a583c43c42b 100644 --- a/terraform/environments/digital-prison-reporting/application_variables.json +++ b/terraform/environments/digital-prison-reporting/application_variables.json @@ -574,22 +574,24 @@ "enable_dbt_k8s_secrets": true, "dpr_generic_athena_workgroup": true, "analytics_generic_athena_workgroup": true, - "analytical_platform_share": [{ - "target_account_name": "analytical-platform-data-production", - "target_account_id": "593291632749", - "assume_account_name": "analytical-platform-management-production", - "assume_account_id": "042130406152", - "data_locations": [ - "dpr-structured-historical-preproduction" - ], - "resource_shares": [{ - "glue_database": "curated_prisons_history_preprod_dbt", - "glue_tables": [ - "nomis_offender_course_attendances", - "nomis_offender_program_profiles" - ] - }] - }] + "analytical_platform_share": [ + { + "target_account_name": "analytical-platform-data-production", + "target_account_id": "593291632749", + "assume_account_name": "analytical-platform-management-production", + "assume_account_id": "042130406152", + "data_locations": ["dpr-structured-historical-preproduction"], + "resource_shares": [ + { + "glue_database": "curated_prisons_history_preprod_dbt", + "glue_tables": [ + "nomis_offender_course_attendances", + "nomis_offender_program_profiles" + ] + } + ] + } + ] }, "production": { "project_short_id": "dpr", diff --git a/terraform/environments/digital-prison-reporting/outputs.tf b/terraform/environments/digital-prison-reporting/outputs.tf index a5167af8319..0935d07bfd3 100644 --- a/terraform/environments/digital-prison-reporting/outputs.tf +++ b/terraform/environments/digital-prison-reporting/outputs.tf @@ -140,7 +140,7 @@ output "cluster_nodes" { output "ec2_private_key" { description = "Ec2 Private Key" value = module.ec2_kinesis_agent.private_key - sensitive = true + sensitive = true } # DMS Subnet ids diff --git a/terraform/environments/edw/application_variables.json b/terraform/environments/edw/application_variables.json index f2239e64f05..0124621a9e1 100644 --- a/terraform/environments/edw/application_variables.json +++ b/terraform/environments/edw/application_variables.json @@ -66,7 +66,6 @@ "oraarch_snapshot_id": "snap-00dbc56ab1d6c9930", "software_snapshot_id": "snap-01e51c08b7e397fdc", "oraredo_snapshot_id": "snap-0936e759e58c09af9" - }, "test": { "example_var": "test-data" diff --git a/terraform/environments/edw/ec2.tf b/terraform/environments/edw/ec2.tf index 3d3e845623f..4651629de85 100644 --- a/terraform/environments/edw/ec2.tf +++ b/terraform/environments/edw/ec2.tf @@ -134,7 +134,7 @@ resource "aws_ebs_volume" "orahomeVolume" { size = local.application_data.accounts[local.environment].edw_OrahomeVolumeSize encrypted = true type = "gp3" - kms_key_id = data.aws_kms_key.ebs_shared.key_id + kms_key_id = data.aws_kms_key.ebs_shared.key_id snapshot_id = local.application_data.accounts[local.environment].orahome_snapshot_id # This is used for when data is being migrated tags = { @@ -153,7 +153,7 @@ resource "aws_ebs_volume" "oratempVolume" { size = local.application_data.accounts[local.environment].edw_OratempVolumeSize encrypted = true type = "gp3" - kms_key_id = data.aws_kms_key.ebs_shared.key_id + kms_key_id = data.aws_kms_key.ebs_shared.key_id snapshot_id = local.application_data.accounts[local.environment].oraredo_snapshot_id # This is used for when data is being migrated tags = { @@ -172,7 +172,7 @@ resource "aws_ebs_volume" "oradataVolume" { size = local.application_data.accounts[local.environment].edw_OradataVolumeSize encrypted = true type = "gp3" - kms_key_id = data.aws_kms_key.ebs_shared.key_id + kms_key_id = data.aws_kms_key.ebs_shared.key_id snapshot_id = local.application_data.accounts[local.environment].oradata_snapshot_id # This is used for when data is being migrated tags = { diff --git a/terraform/environments/electronic-monitoring-data/lambdas_iam.tf b/terraform/environments/electronic-monitoring-data/lambdas_iam.tf index a286cd4039b..83a77aa3921 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_iam.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_iam.tf @@ -485,7 +485,7 @@ resource "aws_lambda_permission" "s3_allow_output_file_structure_as_json_from_zi # ------------------------------------------ resource "aws_iam_role" "load_json_table" { - name = "load_json_table" + name = "load_json_table" assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"] } @@ -502,15 +502,15 @@ data "aws_iam_policy_document" "load_json_table_s3_policy_document" { ] resources = [ "${module.json-directory-structure-bucket.bucket.arn}/*", - module.json-directory-structure-bucket.bucket.arn, - "${module.athena-s3-bucket.bucket.arn}/*", - module.athena-s3-bucket.bucket.arn, - module.metadata-s3-bucket.bucket.arn, - "${module.metadata-s3-bucket.bucket.arn}/*", - ] + module.json-directory-structure-bucket.bucket.arn, + "${module.athena-s3-bucket.bucket.arn}/*", + module.athena-s3-bucket.bucket.arn, + module.metadata-s3-bucket.bucket.arn, + "${module.metadata-s3-bucket.bucket.arn}/*", + ] } statement { - sid = "AthenaPermissionsForLoadingJsonTable" + sid = "AthenaPermissionsForLoadingJsonTable" effect = "Allow" actions = [ "athena:StartQueryExecution", @@ -521,7 +521,7 @@ data "aws_iam_policy_document" "load_json_table_s3_policy_document" { resources = ["*"] } statement { - sid = "GluePermissionsForLoadingJsonTable" + sid = "GluePermissionsForLoadingJsonTable" effect = "Allow" actions = [ "glue:GetTable", @@ -535,8 +535,8 @@ data "aws_iam_policy_document" "load_json_table_s3_policy_document" { ] resources = ["*"] } - statement { - sid = "SecretGetSlackKey" + statement { + sid = "SecretGetSlackKey" effect = "Allow" actions = [ "secretsmanager:GetSecretValue", diff --git a/terraform/environments/electronic-monitoring-data/lambdas_main.tf b/terraform/environments/electronic-monitoring-data/lambdas_main.tf index e4739b0198f..cb1b7d7f9a7 100644 --- a/terraform/environments/electronic-monitoring-data/lambdas_main.tf +++ b/terraform/environments/electronic-monitoring-data/lambdas_main.tf @@ -262,24 +262,24 @@ module "output_file_structure_as_json_from_zip" { #----------------------------------------------------------------------------------- module "load_json_table" { - source = "./modules/lambdas" - function_name = "load_json_table" - is_image = true - role_name = aws_iam_role.load_json_table.name - role_arn = aws_iam_role.load_json_table.arn - memory_size = 1024 - timeout = 900 - env_account_id = local.env_account_id - core_shared_services_id = local.environment_management.account_ids["core-shared-services-production"] - production_dev = local.is-production ? "prod" : "dev" - environment_variables = { - DLT_PROJECT_DIR: "/tmp" - DLT_DATA_DIR: "/tmp" - DLT_PIPELINE_DIR: "/tmp" - BUCKET_URI = "s3://${module.json-directory-structure-bucket.bucket.id}" - STANDARD_FILESYSTEM__QUERY_RESULT_BUCKET = "s3://${module.athena-s3-bucket.bucket.id}/output" - SCHEMA_PATH = "s3://${module.metadata-s3-bucket.bucket.id}/dlt_schemas" - } + source = "./modules/lambdas" + function_name = "load_json_table" + is_image = true + role_name = aws_iam_role.load_json_table.name + role_arn = aws_iam_role.load_json_table.arn + memory_size = 1024 + timeout = 900 + env_account_id = local.env_account_id + core_shared_services_id = local.environment_management.account_ids["core-shared-services-production"] + production_dev = local.is-production ? "prod" : "dev" + environment_variables = { + DLT_PROJECT_DIR : "/tmp" + DLT_DATA_DIR : "/tmp" + DLT_PIPELINE_DIR : "/tmp" + BUCKET_URI = "s3://${module.json-directory-structure-bucket.bucket.id}" + STANDARD_FILESYSTEM__QUERY_RESULT_BUCKET = "s3://${module.athena-s3-bucket.bucket.id}/output" + SCHEMA_PATH = "s3://${module.metadata-s3-bucket.bucket.id}/dlt_schemas" + } } diff --git a/terraform/environments/hmpps-domain-services/locals_ec2_autoscaling_groups.tf b/terraform/environments/hmpps-domain-services/locals_ec2_autoscaling_groups.tf index b936e771b08..31e77e608ea 100644 --- a/terraform/environments/hmpps-domain-services/locals_ec2_autoscaling_groups.tf +++ b/terraform/environments/hmpps-domain-services/locals_ec2_autoscaling_groups.tf @@ -69,7 +69,7 @@ locals { "EC2S3BucketWriteAndDeleteAccessPolicy", "ImageBuilderS3BucketWriteAndDeleteAccessPolicy", ] - subnet_name = "private" + subnet_name = "private" user_data_raw = base64encode(templatefile( "../../modules/baseline_presets/ec2-user-data/user-data-pwsh.yaml.tftpl", { branch = "main" diff --git a/terraform/environments/hmpps-domain-services/locals_preproduction.tf b/terraform/environments/hmpps-domain-services/locals_preproduction.tf index 0d1c9631fcf..3298355f4bc 100644 --- a/terraform/environments/hmpps-domain-services/locals_preproduction.tf +++ b/terraform/environments/hmpps-domain-services/locals_preproduction.tf @@ -87,7 +87,7 @@ locals { pp-rds-1-a = merge(local.ec2_instances.rds, { config = merge(local.ec2_instances.rds.config, { - availability_zone = "eu-west-2a" + availability_zone = "eu-west-2a" }) tags = merge(local.ec2_instances.rds.tags, { description = "Remote Desktop Services for azure.hmpp.root domain" diff --git a/terraform/environments/hmpps-oem/locals_development.tf b/terraform/environments/hmpps-oem/locals_development.tf index 8b783dc5271..4f924e0999e 100644 --- a/terraform/environments/hmpps-oem/locals_development.tf +++ b/terraform/environments/hmpps-oem/locals_development.tf @@ -33,7 +33,7 @@ locals { "EC2S3BucketWriteAndDeleteAccessPolicy", "ImageBuilderS3BucketWriteAndDeleteAccessPolicy" ] - subnet_name = "private" + subnet_name = "private" } instance = { disable_api_termination = false diff --git a/terraform/environments/oasys-national-reporting/templates/cloud_watch_windows.json b/terraform/environments/oasys-national-reporting/templates/cloud_watch_windows.json index fbf75c0a009..5d906c97faf 100644 --- a/terraform/environments/oasys-national-reporting/templates/cloud_watch_windows.json +++ b/terraform/environments/oasys-national-reporting/templates/cloud_watch_windows.json @@ -111,10 +111,10 @@ "num_threads", "pid_count", "pid", - "read_bytes", + "read_bytes", "write_bytes" ] - }, + }, { "exe": "SvcMgr", "measurement": [ @@ -124,10 +124,10 @@ "num_threads", "pid_count", "pid", - "read_bytes", + "read_bytes", "write_bytes" ] - } + } ] }, "append_dimensions": { diff --git a/terraform/environments/performance-hub/database.tf b/terraform/environments/performance-hub/database.tf index d5a6c44d0fa..f4c3c79fdaa 100644 --- a/terraform/environments/performance-hub/database.tf +++ b/terraform/environments/performance-hub/database.tf @@ -21,20 +21,20 @@ resource "aws_db_instance" "database" { iam_database_authentication_enabled = false vpc_security_group_ids = [aws_security_group.db.id] #snapshot_identifier = format("arn:aws:rds:eu-west-2:%s:snapshot:%s", data.aws_caller_identity.current.account_id, local.app_data.accounts[local.environment].db_snapshot_identifier) - backup_retention_period = 30 - maintenance_window = "Mon:00:00-Mon:03:00" - backup_window = "03:00-06:00" - final_snapshot_identifier = "final-snapshot" - kms_key_id = aws_kms_key.rds.arn - deletion_protection = false - option_group_name = aws_db_option_group.db_option_group.name - db_subnet_group_name = aws_db_subnet_group.db.id - enabled_cloudwatch_logs_exports = ["error"] - ca_cert_identifier = "rds-ca-rsa2048-g1" + backup_retention_period = 30 + maintenance_window = "Mon:00:00-Mon:03:00" + backup_window = "03:00-06:00" + final_snapshot_identifier = "final-snapshot" + kms_key_id = aws_kms_key.rds.arn + deletion_protection = false + option_group_name = aws_db_option_group.db_option_group.name + db_subnet_group_name = aws_db_subnet_group.db.id + enabled_cloudwatch_logs_exports = ["error"] + ca_cert_identifier = "rds-ca-rsa2048-g1" # BE VERY CAREFUL with apply_immediately = true. Useful if you want to see the results, but can cause a reboot # of RDS meaning the connected app will fail. # When apply_immediately=false, RDS changes are applied during the next maintenance_window - apply_immediately = false + apply_immediately = false # timeouts { # create = "40m"