From a119a49c0cd2f826e2965fa735dea159ee24d672 Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Thu, 12 Oct 2023 11:29:43 +0100 Subject: [PATCH 01/10] add monitoring for web instances --- .../environments/corporate-staff-rostering/locals_app.tf | 8 ++++++++ .../corporate-staff-rostering/locals_database.tf | 5 +++++ .../corporate-staff-rostering/locals_preproduction.tf | 5 +++-- .../environments/corporate-staff-rostering/locals_web.tf | 8 ++++++++ 4 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 terraform/environments/corporate-staff-rostering/locals_app.tf create mode 100644 terraform/environments/corporate-staff-rostering/locals_web.tf diff --git a/terraform/environments/corporate-staff-rostering/locals_app.tf b/terraform/environments/corporate-staff-rostering/locals_app.tf new file mode 100644 index 00000000000..24d78801fbb --- /dev/null +++ b/terraform/environments/corporate-staff-rostering/locals_app.tf @@ -0,0 +1,8 @@ +locals { + + app_ec2_cloudwatch_metric_alarms = merge( + module.baseline_presets.cloudwatch_metric_alarms.ec2, + module.baseline_presets.cloudwatch_metric_alarms.ec2_cwagent_windows + ) + +} \ No newline at end of file diff --git a/terraform/environments/corporate-staff-rostering/locals_database.tf b/terraform/environments/corporate-staff-rostering/locals_database.tf index b0ad8d9f62c..228f9ede8a2 100644 --- a/terraform/environments/corporate-staff-rostering/locals_database.tf +++ b/terraform/environments/corporate-staff-rostering/locals_database.tf @@ -6,4 +6,9 @@ locals { } } + database_ec2_cloudwatch_metric_alarms = merge( + module.baseline_presets.cloudwatch_metric_alarms.ec2, + module.baseline_presets.cloudwatch_metric_alarms.ec2_cwagent_linux + ) + } diff --git a/terraform/environments/corporate-staff-rostering/locals_preproduction.tf b/terraform/environments/corporate-staff-rostering/locals_preproduction.tf index e6a60c11c6f..0876b25e4c4 100644 --- a/terraform/environments/corporate-staff-rostering/locals_preproduction.tf +++ b/terraform/environments/corporate-staff-rostering/locals_preproduction.tf @@ -244,7 +244,7 @@ locals { } baseline_ec2_autoscaling_groups = { - prepprod-tst-1 = { + pp-web-tst-1 = { config = merge(module.baseline_presets.ec2_instance.config.default, { ami_name = "hmpps_windows_server_2022_release_2023-*" # Microsoft Windows Server 2019 Base ami_owner = "754260907303" @@ -252,9 +252,10 @@ locals { user_data_raw = base64encode(file("./templates/test-user-data.yaml")) instance_profile_policies = concat(module.baseline_presets.ec2_instance.config.default.instance_profile_policies, ["CSRWebServerPolicy"]) }) + cloudwatch_metric_alarms = local.app_ec2_cloudwatch_metric_alarms instance = merge(module.baseline_presets.ec2_instance.instance.default, { - vpc_security_group_ids = ["migration-web-sg", "domain-controller"] + vpc_security_group_ids = ["web", "domain", "jumpserver"] instance_type = "t3.medium" }) diff --git a/terraform/environments/corporate-staff-rostering/locals_web.tf b/terraform/environments/corporate-staff-rostering/locals_web.tf new file mode 100644 index 00000000000..6e041ebc23f --- /dev/null +++ b/terraform/environments/corporate-staff-rostering/locals_web.tf @@ -0,0 +1,8 @@ +locals { + + web_ec2_cloudwatch_metric_alarms = merge( + module.baseline_presets.cloudwatch_metric_alarms.ec2, + module.baseline_presets.cloudwatch_metric_alarms.ec2_cwagent_windows + ) + +} \ No newline at end of file From ab62ac15054031b23f93bc744c9bd7dd69ffc4ef Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Thu, 12 Oct 2023 11:55:17 +0100 Subject: [PATCH 02/10] comment out sns topics --- .../environments/corporate-staff-rostering/locals.tf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/terraform/environments/corporate-staff-rostering/locals.tf b/terraform/environments/corporate-staff-rostering/locals.tf index 3f55b733bbb..d399ed781d2 100644 --- a/terraform/environments/corporate-staff-rostering/locals.tf +++ b/terraform/environments/corporate-staff-rostering/locals.tf @@ -26,7 +26,12 @@ locals { iam_policies_filter = ["ImageBuilderS3BucketWriteAndDeleteAccessPolicy"] iam_policies_ec2_default = ["EC2S3BucketWriteAndDeleteAccessPolicy", "ImageBuilderS3BucketWriteAndDeleteAccessPolicy"] s3_iam_policies = ["EC2S3BucketWriteAndDeleteAccessPolicy"] - sns_topics = {} + sns_topics = { + # TODO: comment this in when MP have implemented the pagerduty integration + # pagerduty_integrations = { + # csr_pagerduty = "csr_alarms" + # } + } } baseline_acm_certificates = {} @@ -78,6 +83,7 @@ locals { jumpserver = local.security_groups.jumpserver } - baseline_sns_topics = {} baseline_ssm_parameters = {} + + baseline_sns_topics = {} } From a0ce98de45ccc4af95329d76c79e268109b58a6a Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 16 Oct 2023 10:25:00 +0100 Subject: [PATCH 03/10] pause doing things on this for the moment --- .../environments/corporate-staff-rostering/locals.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/environments/corporate-staff-rostering/locals.tf b/terraform/environments/corporate-staff-rostering/locals.tf index d399ed781d2..7f3e138a694 100644 --- a/terraform/environments/corporate-staff-rostering/locals.tf +++ b/terraform/environments/corporate-staff-rostering/locals.tf @@ -27,10 +27,10 @@ locals { iam_policies_ec2_default = ["EC2S3BucketWriteAndDeleteAccessPolicy", "ImageBuilderS3BucketWriteAndDeleteAccessPolicy"] s3_iam_policies = ["EC2S3BucketWriteAndDeleteAccessPolicy"] sns_topics = { - # TODO: comment this in when MP have implemented the pagerduty integration - # pagerduty_integrations = { - # csr_pagerduty = "csr_alarms" - # } + # TODO: change this when we have a new csr integration for pagerduty + pagerduty_integrations = { + csr_pagerduty = "csr_alarms" + } } } From 8c35131dfc0b991b76e17a565959424fa3de8add Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 16 Oct 2023 13:13:02 +0100 Subject: [PATCH 04/10] add monitoring backend --- .../corporate-staff-rostering/monitoring.tf | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 terraform/environments/corporate-staff-rostering/monitoring.tf diff --git a/terraform/environments/corporate-staff-rostering/monitoring.tf b/terraform/environments/corporate-staff-rostering/monitoring.tf new file mode 100644 index 00000000000..2f0c6f206c5 --- /dev/null +++ b/terraform/environments/corporate-staff-rostering/monitoring.tf @@ -0,0 +1,26 @@ +# Pager duty integration + +# Get the map of pagerduty integration keys from the modernisation platform account +data "aws_secretsmanager_secret" "pagerduty_integration_keys" { + provider = aws.modernisation-platform + name = "pagerduty_integration_keys" +} +data "aws_secretsmanager_secret_version" "pagerduty_integration_keys" { + provider = aws.modernisation-platform + secret_id = data.aws_secretsmanager_secret.pagerduty_integration_keys.id +} + +# Add a local to get the keys +locals { + pagerduty_integration_keys = jsondecode(data.aws_secretsmanager_secret_version.pagerduty_integration_keys.secret_string) +} + +# link the sns topic to the service +module "pagerduty_core_alerts" { + depends_on = [ + aws_sns_topic.csr_alarms, + ] + source = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v1.0.0" + sns_topics = [aws_sns_topic.csr_alarms.name] + pagerduty_integration_key = local.pagerduty_integration_keys["csr_alarms"] +} \ No newline at end of file From 15710416e9c92e4079e79ff9f7aa1acf80f69d03 Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 16 Oct 2023 15:49:40 +0100 Subject: [PATCH 05/10] use v2.0.0 in module reference --- terraform/environments/corporate-staff-rostering/monitoring.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/corporate-staff-rostering/monitoring.tf b/terraform/environments/corporate-staff-rostering/monitoring.tf index 2f0c6f206c5..0ac15e2b1f8 100644 --- a/terraform/environments/corporate-staff-rostering/monitoring.tf +++ b/terraform/environments/corporate-staff-rostering/monitoring.tf @@ -20,7 +20,7 @@ module "pagerduty_core_alerts" { depends_on = [ aws_sns_topic.csr_alarms, ] - source = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v1.0.0" + source = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v2.0.0" sns_topics = [aws_sns_topic.csr_alarms.name] pagerduty_integration_key = local.pagerduty_integration_keys["csr_alarms"] } \ No newline at end of file From ed399f4c137409331ac7554bab5841f2a432a0c8 Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 16 Oct 2023 16:42:09 +0100 Subject: [PATCH 06/10] reference pagerduty_integrations as default --- .../corporate-staff-rostering/locals.tf | 8 +++--- .../corporate-staff-rostering/locals_app.tf | 4 +-- .../corporate-staff-rostering/locals_web.tf | 4 +-- .../corporate-staff-rostering/monitoring.tf | 26 ------------------- 4 files changed, 8 insertions(+), 34 deletions(-) delete mode 100644 terraform/environments/corporate-staff-rostering/monitoring.tf diff --git a/terraform/environments/corporate-staff-rostering/locals.tf b/terraform/environments/corporate-staff-rostering/locals.tf index 7f3e138a694..f377238bc77 100644 --- a/terraform/environments/corporate-staff-rostering/locals.tf +++ b/terraform/environments/corporate-staff-rostering/locals.tf @@ -19,7 +19,7 @@ locals { enable_ec2_self_provision = true enable_ec2_oracle_enterprise_managed_server = true enable_ec2_user_keypair = true - cloudwatch_metric_alarms = {} + cloudwatch_metric_alarms_default_actions = ["csr_alarms"] route53_resolver_rules = { # outbound-data-and-private-subnets = ["azure-fixngo-domain"] # already set by nomis account } @@ -27,9 +27,8 @@ locals { iam_policies_ec2_default = ["EC2S3BucketWriteAndDeleteAccessPolicy", "ImageBuilderS3BucketWriteAndDeleteAccessPolicy"] s3_iam_policies = ["EC2S3BucketWriteAndDeleteAccessPolicy"] sns_topics = { - # TODO: change this when we have a new csr integration for pagerduty - pagerduty_integrations = { - csr_pagerduty = "csr_alarms" + pagerduty_integrations = { + csr_alarms = "csr_alarms" } } } @@ -86,4 +85,5 @@ locals { baseline_ssm_parameters = {} baseline_sns_topics = {} + } diff --git a/terraform/environments/corporate-staff-rostering/locals_app.tf b/terraform/environments/corporate-staff-rostering/locals_app.tf index 24d78801fbb..1552864857b 100644 --- a/terraform/environments/corporate-staff-rostering/locals_app.tf +++ b/terraform/environments/corporate-staff-rostering/locals_app.tf @@ -1,8 +1,8 @@ locals { - app_ec2_cloudwatch_metric_alarms = merge( + app_ec2_cloudwatch_metric_alarms = merge( module.baseline_presets.cloudwatch_metric_alarms.ec2, module.baseline_presets.cloudwatch_metric_alarms.ec2_cwagent_windows - ) + ) } \ No newline at end of file diff --git a/terraform/environments/corporate-staff-rostering/locals_web.tf b/terraform/environments/corporate-staff-rostering/locals_web.tf index 6e041ebc23f..835f2e07e94 100644 --- a/terraform/environments/corporate-staff-rostering/locals_web.tf +++ b/terraform/environments/corporate-staff-rostering/locals_web.tf @@ -1,8 +1,8 @@ locals { - web_ec2_cloudwatch_metric_alarms = merge( + web_ec2_cloudwatch_metric_alarms = merge( module.baseline_presets.cloudwatch_metric_alarms.ec2, module.baseline_presets.cloudwatch_metric_alarms.ec2_cwagent_windows - ) + ) } \ No newline at end of file diff --git a/terraform/environments/corporate-staff-rostering/monitoring.tf b/terraform/environments/corporate-staff-rostering/monitoring.tf deleted file mode 100644 index 0ac15e2b1f8..00000000000 --- a/terraform/environments/corporate-staff-rostering/monitoring.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Pager duty integration - -# Get the map of pagerduty integration keys from the modernisation platform account -data "aws_secretsmanager_secret" "pagerduty_integration_keys" { - provider = aws.modernisation-platform - name = "pagerduty_integration_keys" -} -data "aws_secretsmanager_secret_version" "pagerduty_integration_keys" { - provider = aws.modernisation-platform - secret_id = data.aws_secretsmanager_secret.pagerduty_integration_keys.id -} - -# Add a local to get the keys -locals { - pagerduty_integration_keys = jsondecode(data.aws_secretsmanager_secret_version.pagerduty_integration_keys.secret_string) -} - -# link the sns topic to the service -module "pagerduty_core_alerts" { - depends_on = [ - aws_sns_topic.csr_alarms, - ] - source = "github.com/ministryofjustice/modernisation-platform-terraform-pagerduty-integration?ref=v2.0.0" - sns_topics = [aws_sns_topic.csr_alarms.name] - pagerduty_integration_key = local.pagerduty_integration_keys["csr_alarms"] -} \ No newline at end of file From de8f622a7f580817696e3ba7ba54eaecc20fa882 Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 16 Oct 2023 16:44:03 +0100 Subject: [PATCH 07/10] reference correct instance --- .../corporate-staff-rostering/locals_preproduction.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/corporate-staff-rostering/locals_preproduction.tf b/terraform/environments/corporate-staff-rostering/locals_preproduction.tf index 0876b25e4c4..815a85e37fa 100644 --- a/terraform/environments/corporate-staff-rostering/locals_preproduction.tf +++ b/terraform/environments/corporate-staff-rostering/locals_preproduction.tf @@ -252,7 +252,7 @@ locals { user_data_raw = base64encode(file("./templates/test-user-data.yaml")) instance_profile_policies = concat(module.baseline_presets.ec2_instance.config.default.instance_profile_policies, ["CSRWebServerPolicy"]) }) - cloudwatch_metric_alarms = local.app_ec2_cloudwatch_metric_alarms + cloudwatch_metric_alarms = local.web_ec2_cloudwatch_metric_alarms instance = merge(module.baseline_presets.ec2_instance.instance.default, { vpc_security_group_ids = ["web", "domain", "jumpserver"] From 0be0a09ae23d52e1992004bf8178b26d4c687be6 Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 23 Oct 2023 08:55:42 +0100 Subject: [PATCH 08/10] test alarms in csr-development env --- .../corporate-staff-rostering/locals_development.tf | 2 +- .../corporate-staff-rostering/locals_preproduction.tf | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/terraform/environments/corporate-staff-rostering/locals_development.tf b/terraform/environments/corporate-staff-rostering/locals_development.tf index 27e047db39e..5695adb47c6 100644 --- a/terraform/environments/corporate-staff-rostering/locals_development.tf +++ b/terraform/environments/corporate-staff-rostering/locals_development.tf @@ -39,7 +39,7 @@ locals { user_data_raw = base64encode(file("./templates/test-user-data.yaml")) instance_profile_policies = concat(module.baseline_presets.ec2_instance.config.default.instance_profile_policies, ["CSRWebServerPolicy"]) }) - + cloudwatch_metric_alarms = local.app_ec2_cloudwatch_metric_alarms instance = merge(module.baseline_presets.ec2_instance.instance.default, { vpc_security_group_ids = ["app", "domain", "jumpserver"] instance_type = "t3.medium" diff --git a/terraform/environments/corporate-staff-rostering/locals_preproduction.tf b/terraform/environments/corporate-staff-rostering/locals_preproduction.tf index 815a85e37fa..145943ad54c 100644 --- a/terraform/environments/corporate-staff-rostering/locals_preproduction.tf +++ b/terraform/environments/corporate-staff-rostering/locals_preproduction.tf @@ -246,13 +246,12 @@ locals { baseline_ec2_autoscaling_groups = { pp-web-tst-1 = { config = merge(module.baseline_presets.ec2_instance.config.default, { - ami_name = "hmpps_windows_server_2022_release_2023-*" # Microsoft Windows Server 2019 Base + ami_name = "hmpps_windows_server_2022_release_2023-*" # Microsoft Windows Server 2022 Base ami_owner = "754260907303" ebs_volumes_copy_all_from_ami = false user_data_raw = base64encode(file("./templates/test-user-data.yaml")) instance_profile_policies = concat(module.baseline_presets.ec2_instance.config.default.instance_profile_policies, ["CSRWebServerPolicy"]) }) - cloudwatch_metric_alarms = local.web_ec2_cloudwatch_metric_alarms instance = merge(module.baseline_presets.ec2_instance.instance.default, { vpc_security_group_ids = ["web", "domain", "jumpserver"] From 06696d3a2879fab2dac8f2fa737838f6559c8ed3 Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 23 Oct 2023 10:29:10 +0100 Subject: [PATCH 09/10] rename to make it clearer what's happening --- terraform/environments/corporate-staff-rostering/locals.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/corporate-staff-rostering/locals.tf b/terraform/environments/corporate-staff-rostering/locals.tf index f377238bc77..d1d61ee112d 100644 --- a/terraform/environments/corporate-staff-rostering/locals.tf +++ b/terraform/environments/corporate-staff-rostering/locals.tf @@ -19,7 +19,7 @@ locals { enable_ec2_self_provision = true enable_ec2_oracle_enterprise_managed_server = true enable_ec2_user_keypair = true - cloudwatch_metric_alarms_default_actions = ["csr_alarms"] + cloudwatch_metric_alarms_default_actions = ["csr_pagerduty"] route53_resolver_rules = { # outbound-data-and-private-subnets = ["azure-fixngo-domain"] # already set by nomis account } @@ -28,7 +28,7 @@ locals { s3_iam_policies = ["EC2S3BucketWriteAndDeleteAccessPolicy"] sns_topics = { pagerduty_integrations = { - csr_alarms = "csr_alarms" + csr_pagerduty = "csr_alarms" } } } From 4b9b42e3cba4c1b57556cddb3896aa71b5df8255 Mon Sep 17 00:00:00 2001 From: robertsweetman Date: Mon, 23 Oct 2023 12:03:05 +0100 Subject: [PATCH 10/10] comment out non-working ssm doc --- .../environments/corporate-staff-rostering/ec2_common.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform/environments/corporate-staff-rostering/ec2_common.tf b/terraform/environments/corporate-staff-rostering/ec2_common.tf index e5a4af1c760..03dab62ef7f 100644 --- a/terraform/environments/corporate-staff-rostering/ec2_common.tf +++ b/terraform/environments/corporate-staff-rostering/ec2_common.tf @@ -40,7 +40,8 @@ resource "aws_ssm_document" "cloud_watch_agent" { ) } -resource "aws_ssm_document" "ami_build" { +# commented out for now as this currently returns an error on apply +/* resource "aws_ssm_document" "ami_build" { name = "ami-build" document_type = "Automation" document_format = "YAML" @@ -52,4 +53,4 @@ resource "aws_ssm_document" "ami_build" { Name = "ami-build" }, ) -} \ No newline at end of file +} */ \ No newline at end of file