Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
…tion-platform-environments into LAWS-3514-Backup-Lambda

to merge apex codebuild resources
  • Loading branch information
tajewole-moj committed Oct 23, 2023
2 parents 3ebcba4 + fbe5596 commit db8bd5b
Show file tree
Hide file tree
Showing 32 changed files with 463 additions and 222 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/code-scanning.yml
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ jobs:
fetch-depth: 0
- name: Run Checkov action
id: checkov
uses: bridgecrewio/checkov-action@96706fc4e79ab92bb5b6f336bf0f559845e2449d # v12.2533.0
uses: bridgecrewio/checkov-action@1e5ae68a3287d2637f0d11ae4add409484f06022 # v12.2538.0
with:
directory: ./
framework: terraform
Expand Down
4 changes: 2 additions & 2 deletions terraform/environments/apex/modules/codebuild/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -117,8 +117,8 @@ data "template_file" "s3_resource_bucket_policy" {
template = file("${path.module}/s3_bucket_policy.json.tpl")

vars = {
account_id = var.account_id,
s3_resource_name = aws_s3_bucket.codebuild_resources.id,
account_id = var.account_id,
s3_resource_name = aws_s3_bucket.codebuild_resources.id,
codebuild_role_name = aws_iam_role.codebuild_s3.id
}
}
Expand Down
6 changes: 3 additions & 3 deletions terraform/environments/ccms-ebs/ccms-s3.tf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# S3 Bucket - Artefacts
module "s3-bucket" { #tfsec:ignore:aws-s3-enable-versioning
source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"

bucket_name = local.artefact_bucket_name
# bucket_prefix = "s3-bucket-example"
Expand Down Expand Up @@ -94,7 +94,7 @@ data "aws_iam_policy_document" "artefacts_s3_policy" {

# S3 Bucket - Logging
module "s3-bucket-logging" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"

bucket_name = local.logging_bucket_name
versioning_enabled = false
Expand Down Expand Up @@ -184,7 +184,7 @@ data "aws_iam_policy_document" "logging_s3_policy" {

# S3 Bucket - R-sync
module "s3-bucket-dbbackup" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.1.0"

bucket_name = local.rsync_bucket_name
versioning_enabled = false
Expand Down
28 changes: 28 additions & 0 deletions terraform/environments/corporate-staff-rostering/ec2_common.tf
Original file line number Diff line number Diff line change
Expand Up @@ -24,4 +24,32 @@ resource "aws_ssm_document" "windows_domain_join" {
Name = "windows-domain-join"
},
)
}

resource "aws_ssm_document" "cloud_watch_agent" {
name = "windows-cloudwatch-agent-config"
document_type = "Command"
document_format = "YAML"
content = file("./ssm-documents/windows-cloudwatch-agent-config.yaml")

tags = merge(
local.tags,
{
Name = "windows-cloudwatch-agent-config"
},
)
}

resource "aws_ssm_document" "ami_build" {
name = "ami-build"
document_type = "Command"
document_format = "YAML"
content = file("./ssm-documents/ami-build.yaml")

tags = merge(
local.tags,
{
Name = "ami-build"
},
)
}
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ locals {
monitoring = true
vpc_security_group_ids = ["data-db"]
tags = {
backup-plan = "daily-and-weekly"
backup-plan = "daily-and-weekly"
instance-scheduling = "skip-scheduling"
}
})

Expand Down Expand Up @@ -74,12 +75,11 @@ locals {
}

tags = {
description = "PP CSR DB server"
ami = "base_ol_8_5"
os-type = "Linux"
component = "test"
server-type = "csr-db"
instance-scheduling = "skip-scheduling"
description = "PP CSR DB server"
ami = "base_ol_8_5"
os-type = "Linux"
component = "test"
server-type = "csr-db"
}
}

Expand All @@ -96,7 +96,8 @@ locals {
monitoring = true
vpc_security_group_ids = ["domain", "app", "jumpserver"]
tags = {
backup-plan = "daily-and-weekly"
backup-plan = "daily-and-weekly"
instance-scheduling = "skip-scheduling"
}
})
ebs_volumes = {
Expand Down Expand Up @@ -130,7 +131,8 @@ locals {
monitoring = true
vpc_security_group_ids = ["migration-web-sg", "domain-controller"]
tags = {
backup-plan = "daily-and-weekly"
backup-plan = "daily-and-weekly"
instance-scheduling = "skip-scheduling"
}
})
ebs_volumes = {
Expand Down Expand Up @@ -158,7 +160,8 @@ locals {
monitoring = true
vpc_security_group_ids = ["migration-web-sg", "domain-controller"]
tags = {
backup-plan = "daily-and-weekly"
backup-plan = "daily-and-weekly"
instance-scheduling = "skip-scheduling"
}
})
ebs_volumes = {
Expand Down Expand Up @@ -186,7 +189,8 @@ locals {
monitoring = true
vpc_security_group_ids = ["migration-web-sg", "domain-controller"]
tags = {
backup-plan = "daily-and-weekly"
backup-plan = "daily-and-weekly"
instance-scheduling = "skip-scheduling"
}
})
ebs_volumes = {
Expand Down Expand Up @@ -216,7 +220,8 @@ locals {
monitoring = true
vpc_security_group_ids = ["domain", "web", "jumpserver"]
tags = {
backup-plan = "daily-and-weekly"
backup-plan = "daily-and-weekly"
instance-scheduling = "skip-scheduling"
}
})
ebs_volumes = {
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,178 @@
---
schemaVersion: "2.2"
description: "SSM Document to convert an Azure VM into an AWS AMI."
parameters:
InstanceId:
type: "String"
description: "ID of the MGN replicated Azure server"
VolumeId:
type: "String"
description: "Root volume ID to be snapshotted"
SnapshotName:
type: "String"
description: "Name of the resultant snapshot"
AMIName:
type: "String"
description: "Name of the AMI being built"

mainSteps:
- name: CreateSnapshot
action: aws:runDocument
inputs:
documentType: SSMDocument
documentPath: AWS-CreateSnapshot
documentParameters:
VolumeId: "{{ VolumeId }}"
description: "{{ SnapshotName }}"
onFailure: Abort

- name: getRootVolumeSpace
action: aws:runPowerShellScript
inputs:
runCommand:
- |
$rootVolume = Get-WmiObject -Query "SELECT * FROM Win32_LogicalDisk WHERE DeviceID = 'C:'"
$availableSpaceGB = [math]::Round(($rootVolume.FreeSpace / 1GB), 2)
Write-Output "Available space on the C drive is $availableSpaceGB"
- name: spaceAvailable
action: aws:runPowerShellScript
inputs:
runCommand:
- |
$totalSpaceGB = [math]::Round(($rootVolume.Size / 1GB), 2)
$availablePercentage = [math]::Round((($availableSpaceGB / $totalSpaceGB) * 100), 2)
Write-Output "Available space on the root volume (C:) is $availablePercentage% of the total space"
- name: extendDiskStop
action: aws:runPowerShellScript
maxAttempts: 1
inputs:
runCommand:
- |
if ($availablePercentage% -lt 50) {
Write-Output "Available disk space is less than 50%. Stopping doc execution."
Exit 1
}
onFailure: Abort

- name: stopDiscoveryAgent
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Stop-Service -Name 'AWSDiscoveryService' -ErrorAction SilentlyContinue
- name: UninstallDiscoveryAgent
action: aws:runPowerShellScript
inputs:
runCommand:
- |
if (Test-Path 'C:\Program Files\Amazon\Amazon AppStream\aws-discovery-agent\uninstall.exe') {
Start-Process 'C:\Program Files\Amazon\Amazon AppStream\aws-discovery-agent\uninstall.exe' -ArgumentList '/S' -Wait
} elseif (Test-Path 'C:\Program Files\AWS\AWS Discovery Agent\uninstall.exe') {
Start-Process 'C:\Program Files\AWS\AWS Discovery Agent\uninstall.exe' -ArgumentList '/S' -Wait
} else {
Write-Host "AWS Discovery Agent not found for uninstallation."
}
- name: verifyUninstallation
action: aws:runPowerShellScript
inputs:
runCommand:
- |
if (-not (Test-Path 'C:\Program Files\Amazon\Amazon AppStream\aws-discovery-agent\uninstall.exe') -and -not (Test-Path 'C:\Program Files\AWS\AWS Discovery Agent\uninstall.exe'))
{
Write-Host "AWS Discovery Agent is successfully uninstalled."
} else {
Write-Host "AWS Discovery Agent uninstallation may have failed."
}
onFailure: Abort

- name: InstallFirefoxBrowser
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Invoke-WebRequest -URI "https://download.mozilla.org/?product=firefox-esr-next-latest-ssl&os=win64&lang=en-GB" -OutFile "$ENV:TEMP\MozillaFirefox.exe"
Invoke-Item "$ENV:TEMP\MozillaFirefox.exe"
# wireshark

- name: InstallNmapTool
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Invoke-WebRequest -URI "https://nmap.org/download" -OutFile "$ENV:TEMP\nmap.exe"
Invoke-Item "$ENV:TEMP\nmap.exe"
- name: checkADModulePresent
action: aws:runPowerShellScript
inputs:
runCommand:
- |
$module = Get-Module -ListAvailable -Name ActiveDirectory
if (-not $module) {
Write-Error "Active Directory module is not installed. Installing..."
}
- name: InstallActiveDirectoryModule
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Install-WindowsFeature -Name "RSAT-AD-PowerShell" -IncludeAllSubFeature
- name: InstallEC2LaunchV2
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Invoke-WebRequest -URI https://s3.amazonaws.com/ec2-downloads-windows/SSM-Agent/EC2Launch/latest/install.ps1 -OutFile $env:TEMP\install.ps1
powershell -ExecutionPolicy Bypass -File $env:TEMP\install.ps1
- name: verifyInstallation
action: aws:runPowerShellScript
inputs:
runCommand:
- |
if (Get-Service -Name EC2Launch | Where-Object {$_.Status -eq 'Running'}) {
Write-Output "EC2LaunchV2 driver installed and running successfully."
} else {
Write-Output "EC2LaunchV2 driver installation or service startup failed."
}
- name: stopInstance
action: aws:changeInstanceState
inputs:
instaneID: "{{ InstanceId }}"
desiredState: stopped

- name: createImage
action: aws:createImage
inputs:
InstanceId: "{{ InstanceId }}"
name: "{{ AMIName }}"
description: AMI created from "{{ InstanceId }}"
noReboot: true

- name: outputImageId
action: aws:runPowerShellScript
inputs:
runCommand:
- |
Write-Output "Image ID: $ImageId"
- name: waitForAMI # update this
action: aws:waitForImages
inputs:
imageIds: ["{{ createImage.ImageId }}"]
state: available
maxResults: 1

- name: startInstance
action: aws:changeInstanceState
inputs:
instanceId: "{{ InstanceId }}"
desiredState: running
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
schemaVersion: "2.2"
description: Ensure Cloudwatch agent is installed and configured
parameters:
optionalConfigurationLocation:
description: name of ssm parameter that contains the CW Agent config
type: String
default: "cloud-watch-config-windows"
mainSteps:
- name: installCWAgent
action: aws:runDocument
inputs:
documentType: SSMDocument
documentPath: AWS-ConfigureAWSPackage
documentParameters:
action: Install
name: AmazonCloudWatchAgent
- name: configureCWAgent
action: aws:runDocument
inputs:
documentType: SSMDocument
documentPath: AmazonCloudWatch-ManageAgent
documentParameters:
action: configure
mode: ec2
optionalConfigurationSource: ssm
optionalConfigurationLocation: "{{ optionalConfigurationLocation }}"
optionalRestart: "yes"
Loading

0 comments on commit db8bd5b

Please sign in to comment.