Skip to content

Commit

Permalink
Merge pull request #5350 from ministryofjustice/oasys-ptctrn-load-bal…
Browse files Browse the repository at this point in the history 
…ancer

oasys ptctrn load balancer
  • Loading branch information
@wullub
wullub authored Mar 13, 2024
2 parents e0e76b4 + 8a4e54a commit e8a1024
Showing 1 changed file with 172 additions and 100 deletions.
272 changes: 172 additions & 100 deletions terraform/environments/oasys/locals_production.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,22 +190,22 @@ locals {
}
]
}
# Ec2ProdBipPolicy = {
# description = "Permissions required for prod Bip EC2s"
# statements = [
# {
# effect = "Allow"
# actions = [
# "secretsmanager:GetSecretValue",
# ]
# resources = [
# "arn:aws:secretsmanager:*:*:secret:/oracle/database/*PD/bip-*",
# "arn:aws:secretsmanager:*:*:secret:/oracle/database/PD*/bip-*",
# "arn:aws:secretsmanager:*:*:secret:/oracle/bip/production/*",
# ]
# }
# ]
# }
Ec2ProdBipPolicy = {
description = "Permissions required for prod Bip EC2s"
statements = [
{
effect = "Allow"
actions = [
"secretsmanager:GetSecretValue",
]
resources = [
"arn:aws:secretsmanager:*:*:secret:/oracle/database/*PD/bip-*",
"arn:aws:secretsmanager:*:*:secret:/oracle/database/PD*/bip-*",
"arn:aws:secretsmanager:*:*:secret:/oracle/bip/production/*",
]
}
]
}
}

baseline_ec2_instances = {
Expand Down Expand Up @@ -359,91 +359,127 @@ locals {
}

baseline_lbs = {
# public = {
# internal_lb = false
# access_logs = false
# s3_versioning = false
# force_destroy_bucket = true
# enable_delete_protection = false
# existing_target_groups = {}
# idle_timeout = 3600 # 60 is default
# security_groups = ["public_lb"]
# subnets = module.environment.subnets["public"].ids
# tags = local.tags
public = {
internal_lb = false
access_logs = false
s3_versioning = false
force_destroy_bucket = true
enable_delete_protection = false
existing_target_groups = {}
idle_timeout = 3600 # 60 is default
security_groups = ["public_lb"]
subnets = module.environment.subnets["public"].ids
tags = local.tags

# listeners = {
# https = {
# port = 443
# protocol = "HTTPS"
# ssl_policy = "ELBSecurityPolicy-2016-08"
# certificate_names_or_arns = ["pd_${local.application_name}_cert"]
# default_action = {
# type = "fixed-response"
# fixed_response = {
# content_type = "text/plain"
# message_body = "Use www.oasys.service.justice.gov.uk, or for practice ptc.oasys.service.justice.gov.uk, or for training trn.oasys.service.justice.gov.uk"
# status_code = "200"
# }
# }
# # default_action = {
# # type = "forward"
# # target_group_name = "pd-${local.application_name}-web-a-pb-http-8080"
# # }
# rules = {
# pd-web-http-8080 = {
# priority = 100
# actions = [{
# type = "forward"
# target_group_name = "pd-${local.application_name}-web-a-pb-http-8080"
# }]
# conditions = [
# {
# host_header = {
# values = [
# "oasys.service.justice.gov.uk",
# "bridge-oasys.az.justice.gov.uk",
# "www.oasys.service.justice.gov.uk",
# ]
# }
# }
# ]
# }
# pd-web-a-http-8080 = {
# priority = 200
# actions = [{
# type = "forward"
# target_group_name = "pd-${local.application_name}-web-a-pb-http-8080"
# }]
# conditions = [
# {
# host_header = {
# values = [
# "a.oasys.service.justice.gov.uk",
# ]
# }
# }
# ]
# }
# pd-web-b-http-8080 = {
# priority = 200
# actions = [{
# type = "forward"
# target_group_name = "pd-${local.application_name}-web-b-pb-http-8080"
# }]
# conditions = [
# {
# host_header = {
# values = [
# "b.oasys.service.justice.gov.uk",
# ]
# }
# }
# ]
# }
# }
# }
# }
# }
listeners = {
https = {
port = 443
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
certificate_names_or_arns = ["pd_${local.application_name}_cert"]
default_action = {
type = "fixed-response"
fixed_response = {
content_type = "text/plain"
message_body = "Use www.oasys.service.justice.gov.uk, or for practice ptc.oasys.service.justice.gov.uk, or for training trn.oasys.service.justice.gov.uk"
status_code = "200"
}
}
# default_action = {
# type = "forward"
# target_group_name = "pd-${local.application_name}-web-a-pb-http-8080"
# }
rules = {
# pd-web-http-8080 = {
# priority = 100
# actions = [{
# type = "forward"
# target_group_name = "pd-${local.application_name}-web-a-pb-http-8080"
# }]
# conditions = [
# {
# host_header = {
# values = [
# "oasys.service.justice.gov.uk",
# "bridge-oasys.az.justice.gov.uk",
# "www.oasys.service.justice.gov.uk",
# ]
# }
# }
# ]
# }
ptc-web-http-8080 = {
priority = 100
actions = [{
type = "forward"
target_group_name = "ptc-${local.application_name}-web-a-pb-http-8080"
}]
conditions = [
{
host_header = {
values = [
"ptc.oasys.service.justice.gov.uk",
"practice.bridge-oasys.az.justice.gov.uk",
"practice.oasys.service.justice.gov.uk",
]
}
}
]
}
trn-web-http-8080 = {
priority = 100
actions = [{
type = "forward"
target_group_name = "trn-${local.application_name}-web-a-pb-http-8080"
}]
conditions = [
{
host_header = {
values = [
"trn.oasys.service.justice.gov.uk",
"training.bridge-oasys.az.justice.gov.uk",
"training.oasys.service.justice.gov.uk",
]
}
}
]
}
# pd-web-a-http-8080 = {
# priority = 200
# actions = [{
# type = "forward"
# target_group_name = "pd-${local.application_name}-web-a-pb-http-8080"
# }]
# conditions = [
# {
# host_header = {
# values = [
# "a.oasys.service.justice.gov.uk",
# ]
# }
# }
# ]
# }
# pd-web-b-http-8080 = {
# priority = 200
# actions = [{
# type = "forward"
# target_group_name = "pd-${local.application_name}-web-b-pb-http-8080"
# }]
# conditions = [
# {
# host_header = {
# values = [
# "b.oasys.service.justice.gov.uk",
# ]
# }
# }
# ]
# }
}
}
}
}
private = {
internal_lb = true
access_logs = true
Expand Down Expand Up @@ -493,6 +529,42 @@ locals {
# }
# ]
# }
ptc-web-http-8080 = {
priority = 100
actions = [{
type = "forward"
target_group_name = "ptc-${local.application_name}-web-a-pv-http-8080"
}]
conditions = [
{
host_header = {
values = [
"ptc-int.oasys.service.justice.gov.uk",
"practice.oasys.az.justice.gov.uk",
"practice.p-oasys.az.justice.gov.uk",
]
}
}
]
}
trn-web-http-8080 = {
priority = 100
actions = [{
type = "forward"
target_group_name = "ptc-${local.application_name}-web-a-pv-http-8080"
}]
conditions = [
{
host_header = {
values = [
"trn-int.oasys.service.justice.gov.uk",
"training.oasys.az.justice.gov.uk",
"training.p-oasys.az.justice.gov.uk",
]
}
}
]
}
# pd-web-a-http-8080 = {
# priority = 200
# actions = [{
Expand Down

0 comments on commit e8a1024

Please sign in to comment.