From 8a4e54a57826efe072b054ef0074b65ca3f7b99e Mon Sep 17 00:00:00 2001 From: W Date: Wed, 13 Mar 2024 16:44:13 +0000 Subject: [PATCH] oasys ptctrn load balancer oasys ptctrn load balancer --- .../environments/oasys/locals_production.tf | 272 +++++++++++------- 1 file changed, 172 insertions(+), 100 deletions(-) diff --git a/terraform/environments/oasys/locals_production.tf b/terraform/environments/oasys/locals_production.tf index 2ac598a8ba7..74cc3af0b04 100644 --- a/terraform/environments/oasys/locals_production.tf +++ b/terraform/environments/oasys/locals_production.tf @@ -190,22 +190,22 @@ locals { } ] } - # Ec2ProdBipPolicy = { - # description = "Permissions required for prod Bip EC2s" - # statements = [ - # { - # effect = "Allow" - # actions = [ - # "secretsmanager:GetSecretValue", - # ] - # resources = [ - # "arn:aws:secretsmanager:*:*:secret:/oracle/database/*PD/bip-*", - # "arn:aws:secretsmanager:*:*:secret:/oracle/database/PD*/bip-*", - # "arn:aws:secretsmanager:*:*:secret:/oracle/bip/production/*", - # ] - # } - # ] - # } + Ec2ProdBipPolicy = { + description = "Permissions required for prod Bip EC2s" + statements = [ + { + effect = "Allow" + actions = [ + "secretsmanager:GetSecretValue", + ] + resources = [ + "arn:aws:secretsmanager:*:*:secret:/oracle/database/*PD/bip-*", + "arn:aws:secretsmanager:*:*:secret:/oracle/database/PD*/bip-*", + "arn:aws:secretsmanager:*:*:secret:/oracle/bip/production/*", + ] + } + ] + } } baseline_ec2_instances = { @@ -359,91 +359,127 @@ locals { } baseline_lbs = { - # public = { - # internal_lb = false - # access_logs = false - # s3_versioning = false - # force_destroy_bucket = true - # enable_delete_protection = false - # existing_target_groups = {} - # idle_timeout = 3600 # 60 is default - # security_groups = ["public_lb"] - # subnets = module.environment.subnets["public"].ids - # tags = local.tags + public = { + internal_lb = false + access_logs = false + s3_versioning = false + force_destroy_bucket = true + enable_delete_protection = false + existing_target_groups = {} + idle_timeout = 3600 # 60 is default + security_groups = ["public_lb"] + subnets = module.environment.subnets["public"].ids + tags = local.tags - # listeners = { - # https = { - # port = 443 - # protocol = "HTTPS" - # ssl_policy = "ELBSecurityPolicy-2016-08" - # certificate_names_or_arns = ["pd_${local.application_name}_cert"] - # default_action = { - # type = "fixed-response" - # fixed_response = { - # content_type = "text/plain" - # message_body = "Use www.oasys.service.justice.gov.uk, or for practice ptc.oasys.service.justice.gov.uk, or for training trn.oasys.service.justice.gov.uk" - # status_code = "200" - # } - # } - # # default_action = { - # # type = "forward" - # # target_group_name = "pd-${local.application_name}-web-a-pb-http-8080" - # # } - # rules = { - # pd-web-http-8080 = { - # priority = 100 - # actions = [{ - # type = "forward" - # target_group_name = "pd-${local.application_name}-web-a-pb-http-8080" - # }] - # conditions = [ - # { - # host_header = { - # values = [ - # "oasys.service.justice.gov.uk", - # "bridge-oasys.az.justice.gov.uk", - # "www.oasys.service.justice.gov.uk", - # ] - # } - # } - # ] - # } - # pd-web-a-http-8080 = { - # priority = 200 - # actions = [{ - # type = "forward" - # target_group_name = "pd-${local.application_name}-web-a-pb-http-8080" - # }] - # conditions = [ - # { - # host_header = { - # values = [ - # "a.oasys.service.justice.gov.uk", - # ] - # } - # } - # ] - # } - # pd-web-b-http-8080 = { - # priority = 200 - # actions = [{ - # type = "forward" - # target_group_name = "pd-${local.application_name}-web-b-pb-http-8080" - # }] - # conditions = [ - # { - # host_header = { - # values = [ - # "b.oasys.service.justice.gov.uk", - # ] - # } - # } - # ] - # } - # } - # } - # } - # } + listeners = { + https = { + port = 443 + protocol = "HTTPS" + ssl_policy = "ELBSecurityPolicy-2016-08" + certificate_names_or_arns = ["pd_${local.application_name}_cert"] + default_action = { + type = "fixed-response" + fixed_response = { + content_type = "text/plain" + message_body = "Use www.oasys.service.justice.gov.uk, or for practice ptc.oasys.service.justice.gov.uk, or for training trn.oasys.service.justice.gov.uk" + status_code = "200" + } + } + # default_action = { + # type = "forward" + # target_group_name = "pd-${local.application_name}-web-a-pb-http-8080" + # } + rules = { + # pd-web-http-8080 = { + # priority = 100 + # actions = [{ + # type = "forward" + # target_group_name = "pd-${local.application_name}-web-a-pb-http-8080" + # }] + # conditions = [ + # { + # host_header = { + # values = [ + # "oasys.service.justice.gov.uk", + # "bridge-oasys.az.justice.gov.uk", + # "www.oasys.service.justice.gov.uk", + # ] + # } + # } + # ] + # } + ptc-web-http-8080 = { + priority = 100 + actions = [{ + type = "forward" + target_group_name = "ptc-${local.application_name}-web-a-pb-http-8080" + }] + conditions = [ + { + host_header = { + values = [ + "ptc.oasys.service.justice.gov.uk", + "practice.bridge-oasys.az.justice.gov.uk", + "practice.oasys.service.justice.gov.uk", + ] + } + } + ] + } + trn-web-http-8080 = { + priority = 100 + actions = [{ + type = "forward" + target_group_name = "trn-${local.application_name}-web-a-pb-http-8080" + }] + conditions = [ + { + host_header = { + values = [ + "trn.oasys.service.justice.gov.uk", + "training.bridge-oasys.az.justice.gov.uk", + "training.oasys.service.justice.gov.uk", + ] + } + } + ] + } + # pd-web-a-http-8080 = { + # priority = 200 + # actions = [{ + # type = "forward" + # target_group_name = "pd-${local.application_name}-web-a-pb-http-8080" + # }] + # conditions = [ + # { + # host_header = { + # values = [ + # "a.oasys.service.justice.gov.uk", + # ] + # } + # } + # ] + # } + # pd-web-b-http-8080 = { + # priority = 200 + # actions = [{ + # type = "forward" + # target_group_name = "pd-${local.application_name}-web-b-pb-http-8080" + # }] + # conditions = [ + # { + # host_header = { + # values = [ + # "b.oasys.service.justice.gov.uk", + # ] + # } + # } + # ] + # } + } + } + } + } private = { internal_lb = true access_logs = true @@ -493,6 +529,42 @@ locals { # } # ] # } + ptc-web-http-8080 = { + priority = 100 + actions = [{ + type = "forward" + target_group_name = "ptc-${local.application_name}-web-a-pv-http-8080" + }] + conditions = [ + { + host_header = { + values = [ + "ptc-int.oasys.service.justice.gov.uk", + "practice.oasys.az.justice.gov.uk", + "practice.p-oasys.az.justice.gov.uk", + ] + } + } + ] + } + trn-web-http-8080 = { + priority = 100 + actions = [{ + type = "forward" + target_group_name = "ptc-${local.application_name}-web-a-pv-http-8080" + }] + conditions = [ + { + host_header = { + values = [ + "trn-int.oasys.service.justice.gov.uk", + "training.oasys.az.justice.gov.uk", + "training.p-oasys.az.justice.gov.uk", + ] + } + } + ] + } # pd-web-a-http-8080 = { # priority = 200 # actions = [{