generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' of https://github.com/ministryofjustice/modernisa…
…tion-platform-environments into ifs-ecs
- Loading branch information
Showing
139 changed files
with
3,248 additions
and
2,752 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
--- | ||
name: cortex-xsiam | ||
on: | ||
push: | ||
branches: | ||
- main | ||
paths: | ||
- 'terraform/environments/cortex-xsiam/**' | ||
- '.github/workflows/cortex-xsiam.yml' | ||
|
||
pull_request: | ||
branches: | ||
- main | ||
types: [opened, edited, reopened, synchronize] | ||
paths: | ||
- 'terraform/environments/cortex-xsiam/**' | ||
- '.github/workflows/cortex-xsiam.yml' | ||
|
||
workflow_dispatch: | ||
inputs: | ||
action: | ||
description: 'Set either [deploy|destroy].' | ||
default: 'deploy' | ||
required: true | ||
type: string | ||
options: | ||
- deploy | ||
- destroy | ||
|
||
permissions: | ||
id-token: write # This is required for requesting the JWT | ||
contents: read # This is required for actions/checkout | ||
|
||
jobs: | ||
strategy: | ||
uses: ./.github/workflows/reusable_terraform_strategy.yml | ||
if: inputs.action != 'destroy' | ||
with: | ||
application: "${{ github.workflow }}" | ||
|
||
terraform: | ||
needs: strategy | ||
if: inputs.action != 'destroy' | ||
strategy: | ||
fail-fast: false | ||
matrix: ${{ fromJson(needs.strategy.outputs.matrix) }} | ||
uses: ./.github/workflows/reusable_terraform_plan_apply.yml | ||
with: | ||
application: "${{ github.workflow }}" | ||
environment: "${{ matrix.target }}" | ||
action: "${{ matrix.action }}" | ||
secrets: | ||
modernisation_platform_environments: "${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }}" | ||
pipeline_github_token: "${{ secrets.MODERNISATION_PLATFORM_CI_USER_ENVIRONMENTS_REPO_PAT }}" | ||
|
||
destroy-development: | ||
if: inputs.action == 'destroy' | ||
uses: ./.github/workflows/reusable_terraform_plan_apply.yml | ||
with: | ||
application: "${{ github.workflow }}" | ||
environment: "development" | ||
action: "plan_apply" | ||
plan_apply_tfargs: "-destroy" | ||
secrets: | ||
modernisation_platform_environments: "${{ secrets.MODERNISATION_PLATFORM_ENVIRONMENTS }}" | ||
pipeline_github_token: "${{ secrets.MODERNISATION_PLATFORM_CI_USER_ENVIRONMENTS_REPO_PAT }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
143 changes: 42 additions & 101 deletions
143
terraform/environments/corporate-staff-rostering/ec2_common.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,111 +1,52 @@ | ||
resource "aws_ssm_document" "windows_domain_join" { | ||
name = "windows-domain-join" | ||
document_type = "Command" | ||
document_format = "YAML" | ||
content = file("./ssm-documents/windows-domain-join.yaml") | ||
|
||
tags = merge( | ||
local.tags, | ||
{ | ||
Name = "windows-domain-join" | ||
}, | ||
) | ||
} | ||
|
||
resource "aws_ssm_document" "cloud_watch_agent" { | ||
name = "windows-cloudwatch-agent-config" | ||
document_type = "Command" | ||
document_format = "YAML" | ||
content = file("./ssm-documents/windows-cloudwatch-agent-config.yaml") | ||
|
||
tags = merge( | ||
local.tags, | ||
{ | ||
Name = "windows-cloudwatch-agent-config" | ||
}, | ||
) | ||
locals { | ||
# this local is used in locals.tf | ||
ssm_doc_cloudwatch_log_groups = { | ||
for key, value in local.ssm_docs : | ||
"/aws/ssm/${try(value.name, key)}" => { | ||
retention_in_days = 30 | ||
} | ||
} | ||
ssm_docs = { | ||
windows-domain-join = { | ||
content = file("./ssm-documents/windows-domain-join.yaml") | ||
} | ||
windows-cloudwatch-agent-config = { | ||
content = file("./ssm-documents/windows-cloudwatch-agent-config.yaml") | ||
} | ||
ami-build-command = { | ||
content = file("./ssm-documents/ami-build-command.yaml") | ||
} | ||
ami-build-automation = { | ||
document_type = "Automation" | ||
content = file("./ssm-documents/ami-build-automation.yaml") | ||
} | ||
leave-windows-domain = { | ||
content = file("./ssm-documents/leave-windows-domain.yaml") | ||
} | ||
remove-local-users-windows = { | ||
content = file("./ssm-documents/remove-local-users-windows.yaml") | ||
} | ||
network-testing-tools = { | ||
content = file("./ssm-documents/network-testing-tools.yaml") | ||
} | ||
# windows-psreadline-fix = { | ||
# content = file("./ssm-documents/windows-psreadline-fix.yaml") | ||
# } | ||
} | ||
} | ||
|
||
resource "aws_ssm_document" "ami_build_command" { | ||
name = "ami-build-command" | ||
document_type = "Command" | ||
document_format = "YAML" | ||
content = file("./ssm-documents/ami-build-command.yaml") | ||
|
||
tags = merge( | ||
local.tags, | ||
{ | ||
Name = "ami-build-command" | ||
}, | ||
) | ||
} | ||
resource "aws_ssm_document" "ssm_documents" { | ||
for_each = local.ssm_docs | ||
|
||
resource "aws_ssm_document" "ami_build_automation" { | ||
name = "ami-build-automation" | ||
document_type = "Automation" | ||
document_format = "YAML" | ||
content = file("./ssm-documents/ami-build-automation.yaml") | ||
name = try(each.value.name, each.key) | ||
document_type = try(each.value.document_type, "Command") | ||
document_format = try(each.value.format, "YAML") | ||
content = try(each.value.content) | ||
|
||
tags = merge( | ||
local.tags, | ||
{ | ||
Name = "ami-build-automation" | ||
Name = try(each.value.name, each.key) | ||
}, | ||
) | ||
} | ||
|
||
resource "aws_ssm_document" "leave_windows_domain" { | ||
name = "leave-windows-domain" | ||
document_type = "Command" | ||
document_format = "YAML" | ||
content = file("./ssm-documents/leave-windows-domain.yaml") | ||
|
||
tags = merge( | ||
local.tags, | ||
{ | ||
Name = "leave-windows-domain" | ||
}, | ||
) | ||
} | ||
|
||
resource "aws_ssm_document" "remove_local_users_windows" { | ||
name = "remove-local-users-windows" | ||
document_type = "Command" | ||
document_format = "YAML" | ||
content = file("./ssm-documents/remove-local-users-windows.yaml") | ||
|
||
tags = merge( | ||
local.tags, | ||
{ | ||
Name = "remove-local-users-windows" | ||
}, | ||
) | ||
} | ||
|
||
resource "aws_ssm_document" "network-testing-tools" { | ||
name = "network-testing-tools" | ||
document_type = "Command" | ||
document_format = "YAML" | ||
content = file("./ssm-documents/network-testing-tools.yaml") | ||
|
||
tags = merge( | ||
local.tags, | ||
{ | ||
Name = "network-testing-tools" | ||
}, | ||
) | ||
} | ||
|
||
# resource "aws_ssm_document" "windows-psreadline-fix" { | ||
# name = "windows-psreadline-fix" | ||
# document_type = "Command" | ||
# document_format = "YAML" | ||
# content = file("./ssm-documents/windows-psreadline-fix.yaml") | ||
|
||
# tags = merge( | ||
# local.tags, | ||
# { | ||
# Name = "windows-psreadline-fix" | ||
# }, | ||
# ) | ||
# } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
terraform/environments/corporate-staff-rostering/lambda.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
locals { | ||
lambda_ad_object_cleanup = { | ||
function_name = "AD-Object-Clean-Up" | ||
} | ||
} | ||
|
||
module "ad-clean-up-lambda" { | ||
source = "github.com/ministryofjustice/modernisation-platform-terraform-lambda-function" # ref for V3.1 | ||
count = local.environment == "test" ? 1 : 0 # temporary # temporary whilst on-going work | ||
|
||
|
||
application_name = local.lambda_ad_object_cleanup.function_name | ||
function_name = local.lambda_ad_object_cleanup.function_name | ||
description = "Lambda to remove corresponding computer object from Active Directory upon server termination" | ||
package_type = "Zip" | ||
filename = data.archive_file.ad-cleanup-lambda.output_path | ||
source_code_hash = data.archive_file.ad-cleanup-lambda.output_base64sha256 | ||
handler = "lambda_function.lambda_handler" | ||
runtime = "python3.8" | ||
|
||
create_role = false | ||
lambda_role = aws_iam_role.lambda-ad-role[count.index].arn | ||
|
||
vpc_subnet_ids = tolist(data.aws_subnets.shared-private.ids) | ||
vpc_security_group_ids = [module.baseline.security_groups["domain"].id] | ||
|
||
tags = merge( | ||
local.tags, | ||
{ | ||
Name = "ad-object-clean-up-lambda" | ||
}, | ||
) | ||
} | ||
|
||
data "archive_file" "ad-cleanup-lambda" { | ||
type = "zip" | ||
source_dir = "lambda/ad-clean-up" | ||
output_path = "lambda/ad-clean-up/ad-clean-up-lambda-payload-test.zip" | ||
} | ||
|
Oops, something went wrong.