Merge pull request #1602 from ministryofjustice/NIT-565-jitbit-remove…

…-old-ecs-ec-2-cluster-from-development-environment Remove old EC2 ECS cluster from development env
ministryofjustice · Mar 7, 2023 · d47ec6a · d47ec6a
2 parents 30dfadb + 3428f71
commit d47ec6a
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 112 deletions.
diff --git a/terraform/environments/delius-jitbit/ecs.tf b/terraform/environments/delius-jitbit/ecs.tf
@@ -1,67 +1,3 @@
-#tfsec:ignore:aws-ec2-no-public-egress-sgr
-#tfsec:ignore:aws-cloudwatch-log-group-customer-key
-module "ecs" {
-
-  source = "github.com/ministryofjustice/modernisation-platform-terraform-ecs?ref=a851639"
-
-  subnet_set_name         = local.subnet_set_name
-  app_name                = local.application_name
-  container_instance_type = local.application_data.accounts[local.environment].container_instance_type
-  ami_image_id            = data.aws_ami.ecs_ami.id
-
-  instance_type = local.application_data.accounts[local.environment].instance_type
-  user_data = base64encode(templatefile("templates/user-data.txt", {
-    CLUSTER_NAME = local.application_name
-  }))
-  key_name               = local.application_data.accounts[local.environment].key_name
-  task_definition        = local.task_definition
-  ec2_desired_capacity   = local.application_data.accounts[local.environment].ec2_desired_capacity
-  ec2_max_size           = local.application_data.accounts[local.environment].ec2_max_size
-  ec2_min_size           = local.application_data.accounts[local.environment].ec2_min_size
-  container_cpu          = local.application_data.accounts[local.environment].container_cpu
-  container_memory       = local.application_data.accounts[local.environment].container_memory
-  task_definition_volume = local.application_data.accounts[local.environment].task_definition_volume
-  network_mode           = local.application_data.accounts[local.environment].network_mode
-  server_port            = local.application_data.accounts[local.environment].server_port
-  app_count              = local.application_data.accounts[local.environment].app_count
-  tags_common            = local.tags
-  lb_tg_name             = aws_lb_target_group.target_group.name
-  ec2_ingress_rules      = local.ec2_ingress_rules
-  ec2_egress_rules       = local.ec2_egress_rules
-
-  # removed a depends on here on the loadbalancer listener - if plan failing, try re-add
-  # adding a module dependson forced terraform to plan the recreation of resources in the module
-  # e.g. the ec2 cluster security group
-
-  depends_on = [aws_lb_listener.listener, aws_lb_target_group.target_group]
-  vpc_id     = data.aws_vpc.shared.id
-}
-
-data "aws_ami" "ecs_ami" {
-  most_recent = true
-  owners      = ["amazon"]
-
-  filter {
-    name   = "name"
-    values = ["amzn2-ami-ecs-hvm-*"]
-  }
-
-  filter {
-    name   = "architecture"
-    values = ["x86_64"]
-  }
-
-  filter {
-    name   = "owner-alias"
-    values = ["amazon"]
-  }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-}
-
 module "ecs-new" {
   source = "github.com/ministryofjustice/terraform-ecs//cluster?ref=4f18199b40db858581c0e21af018e1cf8575d0f3"
 

diff --git a/terraform/environments/delius-jitbit/locals.tf b/terraform/environments/delius-jitbit/locals.tf
@@ -4,51 +4,6 @@ locals {
   ##
   app_url = "${var.networking[0].application}.${var.networking[0].business-unit}-${local.environment}.modernisation-platform.service.justice.gov.uk"
 
-  ##
-  # Variables related to ECS module
-  ##
-  lb_tg_name = "${local.application_name}-tg-${local.environment}"
-
-  ec2_ingress_rules = {
-    "cluster_ec2_lb_ingress" = {
-      description     = "Cluster EC2 loadbalancer ingress rule"
-      from_port       = 5000
-      to_port         = 5000
-      protocol        = "tcp"
-      cidr_blocks     = []
-      security_groups = [aws_security_group.load_balancer_security_group.id]
-    }
-  }
-
-  ec2_egress_rules = {
-    "cluster_ec2_lb_rds_egress" = {
-      description     = "Cluster EC2 loadbalancer egress rule"
-      from_port       = 1433
-      to_port         = 1433
-      protocol        = "tcp"
-      cidr_blocks     = [data.aws_subnet.data_subnets_a.cidr_block, data.aws_subnet.data_subnets_b.cidr_block, data.aws_subnet.data_subnets_c.cidr_block]
-      security_groups = null
-    },
-    "cluster_ec2_lb_https_egress" = {
-      description     = "Allow 443 to internet"
-      from_port       = 443
-      to_port         = 443
-      protocol        = "tcp"
-      cidr_blocks     = ["0.0.0.0/0"]
-      security_groups = null
-    }
-  }
-
-  ecr_repo_name = "delius-jitbit-ecr-repo"
-  ecr_uri       = "${local.environment_management.account_ids["core-shared-services-production"]}.dkr.ecr.${data.aws_region.current.name}.amazonaws.com/${local.ecr_repo_name}"
-
-  task_definition = templatefile("${path.module}/templates/task_definition.json", {
-    APP_NAME                                = local.application_name,
-    DOCKER_IMAGE                            = "${local.ecr_uri}:latest"
-    DATABASE_PASSWORD_CONNECTION_STRING_ARN = aws_secretsmanager_secret.db_app_connection_string.arn
-    APP_URL                                 = "https://${local.app_url}/"
-  })
-
   ##
   # Variables used by certificate validation, as part of the load balancer listener, cert and route 53 record configuration
   ##

diff --git a/terraform/environments/delius-jitbit/rds.tf b/terraform/environments/delius-jitbit/rds.tf
@@ -9,8 +9,7 @@ resource "aws_security_group" "database_security_group" {
     from_port   = 1433
     to_port     = 1433
     security_groups = [
-      module.bastion_linux.bastion_security_group,
-      module.ecs.cluster_ec2_security_group_id,
+      module.bastion_linux.bastion_security_group
     ]
   }
 
@@ -98,4 +97,4 @@ data "aws_iam_policy_document" "rds_enhanced_monitoring" {
       identifiers = ["monitoring.rds.amazonaws.com"]
     }
   }
-}
+}