diff --git a/scripts/minimise-comments/README.md b/scripts/minimise-comments/README.md index b7d226bc79b..13c123f71e8 100644 --- a/scripts/minimise-comments/README.md +++ b/scripts/minimise-comments/README.md @@ -1,8 +1,10 @@ +# Minimise Comments + Script for hiding comments in a PR Set environment variables as follows before running the script -``` +```go COMMENT_BODY_CONTAINS="set this to a string which is in the comment to hide" PR_NUMBER="set this to the PR number" GITHUB_REPOSITORY="set to name of repo" @@ -11,7 +13,7 @@ GITHUB_TOKEN="set to github token" Example usage once environment vars are set -``` +```go go build ./minimise-comments ``` diff --git a/terraform/environments/apex/modules/alb/README.md b/terraform/environments/apex/modules/alb/README.md index e3310e63f2e..292257cd015 100644 --- a/terraform/environments/apex/modules/alb/README.md +++ b/terraform/environments/apex/modules/alb/README.md @@ -1,8 +1,6 @@ -This `alb` local Terraform module is taken from the MP provided module - , and subsequently we have developed from the code there. Below is the README.md taken form the MP module. - # Modernisation Platform Terraform Loadbalancer Module with Access Logs enabled -[![repo standards badge](https://img.shields.io/badge/dynamic/json?color=blue&style=for-the-badge&logo=github&label=MoJ%20Compliant&query=%24.result&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fmodernisation-platform-terraform-loadbalancer)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-github-repositories.html#modernisation-platform-terraform-loadbalancer "Link to report") +This `alb` local Terraform module is taken from the MP provided module - , and subsequently we have developed from the code there. Below is the README.md taken form the MP module. A Terraform module that creates application loadbalancer (with loadbalancer security groups) in AWS with logging enabled, s3 to store logs and Athena DB to query logs. @@ -10,7 +8,7 @@ An s3 bucket name can be provided in the module by adding the `existing_bucket_n A locals for the loadbalancer security group is necessary to satisfy the `loadbalancer_ingress_rules` and `loadbalancer_egress_rules` variables and creates security group rules for the loadbalancer security group. Below is an example: -``` +```terraform locals { loadbalancer_ingress_rules = { "lb_ingress" = { @@ -43,10 +41,9 @@ Click the new saved query that is named ``-create-table and Run it. Try a query like `select * from lb_logs limit 100;` - ## Usage -```hcl +```terraform module "alb" { source = "./modules/alb" @@ -182,128 +179,133 @@ module "alb" { } ``` + + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.1 | -| [aws](#requirement\_aws) | ~> 4.0 | +| Name | Version | +| ------------------------------------------------------------------------ | -------- | +| [terraform](#requirement_terraform) | >= 1.0.1 | +| [aws](#requirement_aws) | ~> 4.0 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 4.0 | -| [template](#provider\_template) | n/a | +| Name | Version | +| --------------------------------------------------------------- | ------- | +| [aws](#provider_aws) | ~> 4.0 | +| [template](#provider_template) | n/a | ## Modules -| Name | Source | Version | -|------|--------|---------| -| [s3-bucket](#module\_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v6.1.1 | +| Name | Source | Version | +| -------------------------------------------------------------- | ----------------------------------------------------------------------- | ------- | +| [s3-bucket](#module_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v6.1.1 | ## Resources -| Name | Type | -|------|------| -| [aws_athena_database.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database) | resource | -| [aws_athena_named_query.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_named_query) | resource | -| [aws_athena_workgroup.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup) | resource | -| [aws_lb.loadbalancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | -| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | +| Name | Type | +| ------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_athena_database.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database) | resource | +| [aws_athena_named_query.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_named_query) | resource | +| [aws_athena_workgroup.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup) | resource | +| [aws_lb.loadbalancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | +| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | | [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | -| [template_file.lb-access-logs](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | +| [template_file.lb-access-logs](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [account\_number](#input\_account\_number) | Account number of current environment | `string` | n/a | yes | -| [application\_name](#input\_application\_name) | Name of application | `string` | n/a | yes | -| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | n/a | yes | -| [existing\_bucket\_name](#input\_existing\_bucket\_name) | The name of the existing bucket name. If no bucket is provided one will be created for them. | `string` | `""` | no | -| [force\_destroy\_bucket](#input\_force\_destroy\_bucket) | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | -| [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle. | `string` | n/a | yes | -| [loadbalancer\_egress\_rules](#input\_loadbalancer\_egress\_rules) | Security group egress rules for the loadbalancer | 
map(object({
    description     = string
    from_port       = number
    to_port         = number
    protocol        = string
    security_groups = list(string)
    cidr_blocks     = list(string)
  }))
| n/a | yes | -| [loadbalancer\_ingress\_rules](#input\_loadbalancer\_ingress\_rules) | Security group ingress rules for the loadbalancer | 
map(object({
    description     = string
    from_port       = number
    to_port         = number
    protocol        = string
    security_groups = list(string)
    cidr_blocks     = list(string)
  }))
| n/a | yes | -| [public\_subnets](#input\_public\_subnets) | Public subnets | `list(string)` | n/a | yes | -| [region](#input\_region) | AWS Region where resources are to be created | `string` | n/a | yes | -| [tags](#input\_tags) | Common tags to be used by all resources | `map(string)` | n/a | yes | -| [vpc\_all](#input\_vpc\_all) | The full name of the VPC (including environment) used to create resources | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +| --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | :------: | +| [account_number](#input_account_number) | Account number of current environment | `string` | n/a | yes | +| [application_name](#input_application_name) | Name of application | `string` | n/a | yes | +| [enable_deletion_protection](#input_enable_deletion_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | n/a | yes | +| [existing_bucket_name](#input_existing_bucket_name) | The name of the existing bucket name. If no bucket is provided one will be created for them. | `string` | `""` | no | +| [force_destroy_bucket](#input_force_destroy_bucket) | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | +| [idle_timeout](#input_idle_timeout) | The time in seconds that the connection is allowed to be idle. | `string` | n/a | yes | +| [loadbalancer_egress_rules](#input_loadbalancer_egress_rules) | Security group egress rules for the loadbalancer | 
map(object({
 description = string
 from_port = number
 to_port = number
 protocol = string
 security_groups = list(string)
 cidr_blocks = list(string)
 }))
| n/a | yes | +| [loadbalancer_ingress_rules](#input_loadbalancer_ingress_rules) | Security group ingress rules for the loadbalancer | 
map(object({
 description = string
 from_port = number
 to_port = number
 protocol = string
 security_groups = list(string)
 cidr_blocks = list(string)
 }))
| n/a | yes | +| [public_subnets](#input_public_subnets) | Public subnets | `list(string)` | n/a | yes | +| [region](#input_region) | AWS Region where resources are to be created | `string` | n/a | yes | +| [tags](#input_tags) | Common tags to be used by all resources | `map(string)` | n/a | yes | +| [vpc_all](#input_vpc_all) | The full name of the VPC (including environment) used to create resources | `string` | n/a | yes | ## Outputs -| Name | Description | -|------|-------------| -| [athena\_db](#output\_athena\_db) | n/a | -| [load\_balancer](#output\_load\_balancer) | n/a | -| [security\_group](#output\_security\_group) | n/a | +| Name | Description | +| ----------------------------------------------------------------------------- | ----------- | +| [athena_db](#output_athena_db) | n/a | +| [load_balancer](#output_load_balancer) | n/a | +| [security_group](#output_security_group) | n/a | ## Looking for issues? + If you're looking to raise an issue with this module, please create a new issue in the [Modernisation Platform repository](https://github.com/ministryofjustice/modernisation-platform/issues). + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.1 | -| [aws](#requirement\_aws) | ~> 4.0 | +| Name | Version | +| ------------------------------------------------------------------------ | -------- | +| [terraform](#requirement_terraform) | >= 1.0.1 | +| [aws](#requirement_aws) | ~> 4.0 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| Name | Version | +| ------------------------------------------------ | ------- | +| [aws](#provider_aws) | ~> 4.0 | ## Modules -| Name | Source | Version | -|------|--------|---------| -| [s3-bucket](#module\_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v6.2.0 | +| Name | Source | Version | +| -------------------------------------------------------------- | ----------------------------------------------------------------------- | ------- | +| [s3-bucket](#module_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v6.2.0 | ## Resources -| Name | Type | -|------|------| -| [aws_athena_database.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database) | resource | -| [aws_athena_named_query.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_named_query) | resource | -| [aws_athena_workgroup.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup) | resource | -| [aws_lb.loadbalancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | -| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | +| Name | Type | +| ------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_athena_database.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database) | resource | +| [aws_athena_named_query.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_named_query) | resource | +| [aws_athena_workgroup.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup) | resource | +| [aws_lb.loadbalancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | +| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | | [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | +| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [account\_number](#input\_account\_number) | Account number of current environment | `string` | n/a | yes | -| [application\_name](#input\_application\_name) | Name of application | `string` | n/a | yes | -| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | n/a | yes | -| [existing\_bucket\_name](#input\_existing\_bucket\_name) | The name of the existing bucket name. If no bucket is provided one will be created for them. | `string` | `""` | no | -| [force\_destroy\_bucket](#input\_force\_destroy\_bucket) | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | -| [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle. | `string` | n/a | yes | -| [internal\_lb](#input\_internal\_lb) | A boolean that determines whether the load balancer is internal or internet-facing. | `bool` | `false` | no | -| [loadbalancer\_egress\_rules](#input\_loadbalancer\_egress\_rules) | Security group egress rules for the loadbalancer | 
map(object({
    description     = string
    from_port       = number
    to_port         = number
    protocol        = string
    security_groups = list(string)
    cidr_blocks     = list(string)
  }))
| n/a | yes | -| [loadbalancer\_ingress\_rules](#input\_loadbalancer\_ingress\_rules) | Security group ingress rules for the loadbalancer | 
map(object({
    description     = string
    from_port       = number
    to_port         = number
    protocol        = string
    security_groups = list(string)
    cidr_blocks     = list(string)
  }))
| n/a | yes | -| [public\_subnets](#input\_public\_subnets) | Public subnets | `list(string)` | n/a | yes | -| [region](#input\_region) | AWS Region where resources are to be created | `string` | n/a | yes | -| [tags](#input\_tags) | Common tags to be used by all resources | `map(string)` | n/a | yes | -| [vpc\_all](#input\_vpc\_all) | The full name of the VPC (including environment) used to create resources | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +| --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | :------: | +| [account_number](#input_account_number) | Account number of current environment | `string` | n/a | yes | +| [application_name](#input_application_name) | Name of application | `string` | n/a | yes | +| [enable_deletion_protection](#input_enable_deletion_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | n/a | yes | +| [existing_bucket_name](#input_existing_bucket_name) | The name of the existing bucket name. If no bucket is provided one will be created for them. | `string` | `""` | no | +| [force_destroy_bucket](#input_force_destroy_bucket) | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | +| [idle_timeout](#input_idle_timeout) | The time in seconds that the connection is allowed to be idle. | `string` | n/a | yes | +| [internal_lb](#input_internal_lb) | A boolean that determines whether the load balancer is internal or internet-facing. | `bool` | `false` | no | +| [loadbalancer_egress_rules](#input_loadbalancer_egress_rules) | Security group egress rules for the loadbalancer | 
map(object({
 description = string
 from_port = number
 to_port = number
 protocol = string
 security_groups = list(string)
 cidr_blocks = list(string)
 }))
| n/a | yes | +| [loadbalancer_ingress_rules](#input_loadbalancer_ingress_rules) | Security group ingress rules for the loadbalancer | 
map(object({
 description = string
 from_port = number
 to_port = number
 protocol = string
 security_groups = list(string)
 cidr_blocks = list(string)
 }))
| n/a | yes | +| [public_subnets](#input_public_subnets) | Public subnets | `list(string)` | n/a | yes | +| [region](#input_region) | AWS Region where resources are to be created | `string` | n/a | yes | +| [tags](#input_tags) | Common tags to be used by all resources | `map(string)` | n/a | yes | +| [vpc_all](#input_vpc_all) | The full name of the VPC (including environment) used to create resources | `string` | n/a | yes | ## Outputs -| Name | Description | -|------|-------------| -| [athena\_db](#output\_athena\_db) | n/a | -| [load\_balancer](#output\_load\_balancer) | n/a | -| [security\_group](#output\_security\_group) | n/a | - \ No newline at end of file +| Name | Description | +| ----------------------------------------------------------------------------- | ----------- | +| [athena_db](#output_athena_db) | n/a | +| [load_balancer](#output_load_balancer) | n/a | +| [security_group](#output_security_group) | n/a | + + diff --git a/terraform/environments/apex/modules/ecs/README.md b/terraform/environments/apex/modules/ecs/README.md index 56a3f7e40ac..50633472007 100644 --- a/terraform/environments/apex/modules/ecs/README.md +++ b/terraform/environments/apex/modules/ecs/README.md @@ -1,8 +1,6 @@ -This `ecs` local Terraform module is taken from the MP provided module - , and subsequently we have developed from the code there. Below is the README.md taken form the MP module. - # Modernisation Platform ECS Cluster Module -[![repo standards badge](https://img.shields.io/badge/dynamic/json?color=blue&style=for-the-badge&logo=github&label=MoJ%20Compliant&query=%24.result&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fmodernisation-platform-terraform-ecs)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-github-repositories.html#modernisation-platform-terraform-ecs "Link to report") +This `ecs` local Terraform module is taken from the MP provided module - , and subsequently we have developed from the code there. Below is the README.md taken form the MP module. ## Usage @@ -141,4 +139,4 @@ No modules. ## Looking for issues? -If you're looking to raise an issue with this module, please create a new issue in the [Modernisation Platform repository](https://github.com/ministryofjustice/modernisation-platform/issues). \ No newline at end of file +If you're looking to raise an issue with this module, please create a new issue in the [Modernisation Platform repository](https://github.com/ministryofjustice/modernisation-platform/issues). diff --git a/terraform/environments/corporate-staff-rostering/.ssh/README.md b/terraform/environments/corporate-staff-rostering/.ssh/README.md index 8f82c029685..7f79f5ccf51 100644 --- a/terraform/environments/corporate-staff-rostering/.ssh/README.md +++ b/terraform/environments/corporate-staff-rostering/.ssh/README.md @@ -1,3 +1,5 @@ +# SSH keys + Each environment has its own public/private ssh key pair for the default ec2-user. The private key is uploaded as a SSM parameter in each environment under `ec2-user_pem`. @@ -5,7 +7,7 @@ The private key is uploaded as a SSM parameter in each environment under `ec2-us 1. Generate keys (don't set password) -``` +```shell app=corporate-staff-rostering for env in development test preproduction production; do mkdir -p $app-$env @@ -21,7 +23,7 @@ done Assumes you have correct aws config profiles setup -``` +```shell app=corporate-staff-rostering for env in development test preproduction production; do pem=$(cat $app-$env/ec2-user) @@ -31,7 +33,7 @@ done 4. Delete any local private keys -``` +```shell rm */ec2-user ``` @@ -43,7 +45,8 @@ Example ssh config found [here](https://github.com/ministryofjustice/dso-useful- This assumes keys are stored under your .ssh directory, e.g. `~/.ssh/corporate-staff-rostering-development/ec2-user` Setup soft links in your own .ssh directory like this -``` + +```shell dir=$(pwd) ( cd ~/.ssh diff --git a/terraform/environments/corporate-staff-rostering/README.md b/terraform/environments/corporate-staff-rostering/README.md index 0a5581cfd33..172eb19ef4a 100644 --- a/terraform/environments/corporate-staff-rostering/README.md +++ b/terraform/environments/corporate-staff-rostering/README.md @@ -8,6 +8,7 @@ _If you have any questions surrounding this page please post in the `#dso-intern ## Mandatory Information ### **Last review date:** + 11/03/2024 ### **Description:** @@ -16,35 +17,35 @@ CSR provides scheduling, annual leave & overtime for around 30,000 Prison Office ### **Service URLs:** -*Production:* -Region | Geographical regions | URL| -| -------- | ------------------------ | ----------------------------- | -| Region 1 | North East & West Midlands | r1.csr.service.justice.gov.uk | +_Production:_ + +| Region | Geographical regions | URL | +| -------- | ----------------------------------------- | ----------------------------- | +| Region 1 | North East & West Midlands | r1.csr.service.justice.gov.uk | | Region 2 | Yorkshire & Humbleside, and High Security | r2.csr.service.justice.gov.uk | -| Region 3 | North West & London | r3.csr.service.justice.gov.uk | -| Region 4 | Wales & South Central | r4.csr.service.justice.gov.uk | -| Region 5 | Eastern & South West | r5.csr.service.justice.gov.uk | -| Region 6 | East Midlands, and Kent & Sussex | r6.csr.service.justice.gov.uk | +| Region 3 | North West & London | r3.csr.service.justice.gov.uk | +| Region 4 | Wales & South Central | r4.csr.service.justice.gov.uk | +| Region 5 | Eastern & South West | r5.csr.service.justice.gov.uk | +| Region 6 | East Midlands, and Kent & Sussex | r6.csr.service.justice.gov.uk | -*Training Servers:* +_Training Servers:_ traina.pp.csr.service.justice.gov.uk -trainb.pp.csr.service.justice.gov.uk - +trainb.pp.csr.service.justice.gov.uk -### **Incident response hours:** +### **Incident response hours:** -24/7/365 cover is provided by the Application Support Team for application issues, and DBAs for database issues. +24/7/365 cover is provided by the Application Support Team for application issues, and DBAs for database issues. -### **Incident contact details:** +### **Incident contact details:** Email for database issues. Email for application issues. -Email for infrastructure issues. +Email for infrastructure issues. -### **Service team contact:** +### **Service team contact:** ask-digital-studio-ops - + ### **Hosting environment:** diff --git a/terraform/environments/corporate-staff-rostering/configs/prod/README.md b/terraform/environments/corporate-staff-rostering/configs/prod/README.md index d16307825dc..685b199247d 100644 --- a/terraform/environments/corporate-staff-rostering/configs/prod/README.md +++ b/terraform/environments/corporate-staff-rostering/configs/prod/README.md @@ -1,7 +1,10 @@ -# All config files +# Configuration Files + +## All config files + - credentials have been removed and replaced with template values -# iis-R1 & iis-R2 configs +## iis-R1 & iis-R2 configs + - all application settings code blocks have been removed from sample config files - application settings code is NOT the same between R1 & R2 - diff --git a/terraform/environments/delius-iaps/.ssh/README.md b/terraform/environments/delius-iaps/.ssh/README.md index 530342ef71c..9e7c1817cac 100644 --- a/terraform/environments/delius-iaps/.ssh/README.md +++ b/terraform/environments/delius-iaps/.ssh/README.md @@ -1,9 +1,11 @@ +# SSH keys + Each environment has its own public/private ssh key pair for the default ec2-user. The private key is uploaded as a SSM parameter in each environment under `ec2-user_pem`. For example: -``` +```shell PROFILE=delius-iaps-development #for example pem=$(cat $PROFILE/ec2-user) aws ssm put-parameter --name "ec2-user_pem" --type "SecureString" --data-type "text" --value "$pem" --profile "$PROFILE" diff --git a/terraform/environments/hmpps-oem/.ssh/README.md b/terraform/environments/hmpps-oem/.ssh/README.md index 878a15b5ccc..17234506646 100644 --- a/terraform/environments/hmpps-oem/.ssh/README.md +++ b/terraform/environments/hmpps-oem/.ssh/README.md @@ -1,3 +1,5 @@ +# SSH keys + Each environment has its own public/private ssh key pair for the default ec2-user. The private key is uploaded as a SSM parameter in each environment under `ec2-user_pem`. @@ -5,7 +7,7 @@ The private key is uploaded as a SSM parameter in each environment under `ec2-us 1. Generate keys (don't set password) -``` +```shell app=hmpps-oem for env in development test preproduction production; do mkdir -p $app-$env @@ -21,7 +23,7 @@ done Assumes you have correct aws config profiles setup -``` +```shell app=hmpps-oem for env in development test preproduction production; do pem=$(cat $app-$env/ec2-user) @@ -31,7 +33,7 @@ done 4. Delete any local private keys -``` +```shell rm */ec2-user ``` @@ -43,7 +45,8 @@ Example ssh config found [here](https://github.com/ministryofjustice/dso-useful- This assumes keys are stored under your .ssh directory, e.g. `~/.ssh/hmpps-oem-development/ec2-user` Setup soft links in your own .ssh directory like this -``` + +```shell dir=$(pwd) ( cd ~/.ssh diff --git a/terraform/environments/mlra/README.md b/terraform/environments/mlra/README.md index f0c0be51649..506e3fd0fb9 100644 --- a/terraform/environments/mlra/README.md +++ b/terraform/environments/mlra/README.md @@ -14,6 +14,7 @@ _If you have any questions surrounding this page please post in the `#ask-laa-op ### **Description:** + MLRA (Means Assessment Administration Tool - Libra Record Access) is a web enabled application used to process criminal legal aid applications in the Magistrates and Crown Courts. Also used for assessing if defendants are entitled to legal aid for criminal cases. End users consist of approximately 400 criminal case workers. @@ -36,13 +37,13 @@ Also redirects to the above URL. This -# laa-crime-apps is the slack channel for raising any issues with the product team +## laa-crime-apps is the slack channel for raising any issues with the product team ### **Service team contact:** -# laa-crime-apps +## laa-crime-apps ### **Hosting environment:** @@ -50,7 +51,6 @@ Modernisation Platform - ## Optional ### **Other URLs:** diff --git a/terraform/environments/mlra/modules/alb/README.md b/terraform/environments/mlra/modules/alb/README.md index fa0d25b0d5c..292257cd015 100644 --- a/terraform/environments/mlra/modules/alb/README.md +++ b/terraform/environments/mlra/modules/alb/README.md @@ -1,8 +1,6 @@ -This `alb` local Terraform module is taken from the MP provided module - , and subsequently we have developed from the code there. Below is the README.md taken form the MP module. - # Modernisation Platform Terraform Loadbalancer Module with Access Logs enabled -[![repo standards badge](https://img.shields.io/badge/dynamic/json?color=blue&style=for-the-badge&logo=github&label=MoJ%20Compliant&query=%24.result&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fmodernisation-platform-terraform-loadbalancer)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-github-repositories.html#modernisation-platform-terraform-loadbalancer "Link to report") +This `alb` local Terraform module is taken from the MP provided module - , and subsequently we have developed from the code there. Below is the README.md taken form the MP module. A Terraform module that creates application loadbalancer (with loadbalancer security groups) in AWS with logging enabled, s3 to store logs and Athena DB to query logs. @@ -10,7 +8,7 @@ An s3 bucket name can be provided in the module by adding the `existing_bucket_n A locals for the loadbalancer security group is necessary to satisfy the `loadbalancer_ingress_rules` and `loadbalancer_egress_rules` variables and creates security group rules for the loadbalancer security group. Below is an example: -``` +```terraform locals { loadbalancer_ingress_rules = { "lb_ingress" = { @@ -43,10 +41,9 @@ Click the new saved query that is named ``-create-table and Run it. Try a query like `select * from lb_logs limit 100;` - ## Usage -```hcl +```terraform module "alb" { source = "./modules/alb" @@ -182,128 +179,133 @@ module "alb" { } ``` + + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.1 | -| [aws](#requirement\_aws) | ~> 4.0 | +| Name | Version | +| ------------------------------------------------------------------------ | -------- | +| [terraform](#requirement_terraform) | >= 1.0.1 | +| [aws](#requirement_aws) | ~> 4.0 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 4.0 | -| [template](#provider\_template) | n/a | +| Name | Version | +| --------------------------------------------------------------- | ------- | +| [aws](#provider_aws) | ~> 4.0 | +| [template](#provider_template) | n/a | ## Modules -| Name | Source | Version | -|------|--------|---------| -| [s3-bucket](#module\_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v6.1.1 | +| Name | Source | Version | +| -------------------------------------------------------------- | ----------------------------------------------------------------------- | ------- | +| [s3-bucket](#module_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v6.1.1 | ## Resources -| Name | Type | -|------|------| -| [aws_athena_database.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database) | resource | -| [aws_athena_named_query.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_named_query) | resource | -| [aws_athena_workgroup.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup) | resource | -| [aws_lb.loadbalancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | -| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | +| Name | Type | +| ------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_athena_database.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database) | resource | +| [aws_athena_named_query.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_named_query) | resource | +| [aws_athena_workgroup.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup) | resource | +| [aws_lb.loadbalancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | +| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | | [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | -| [template_file.lb-access-logs](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | +| [template_file.lb-access-logs](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [account\_number](#input\_account\_number) | Account number of current environment | `string` | n/a | yes | -| [application\_name](#input\_application\_name) | Name of application | `string` | n/a | yes | -| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | n/a | yes | -| [existing\_bucket\_name](#input\_existing\_bucket\_name) | The name of the existing bucket name. If no bucket is provided one will be created for them. | `string` | `""` | no | -| [force\_destroy\_bucket](#input\_force\_destroy\_bucket) | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | -| [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle. | `string` | n/a | yes | -| [loadbalancer\_egress\_rules](#input\_loadbalancer\_egress\_rules) | Security group egress rules for the loadbalancer | 
map(object({
    description     = string
    from_port       = number
    to_port         = number
    protocol        = string
    security_groups = list(string)
    cidr_blocks     = list(string)
  }))
| n/a | yes | -| [loadbalancer\_ingress\_rules](#input\_loadbalancer\_ingress\_rules) | Security group ingress rules for the loadbalancer | 
map(object({
    description     = string
    from_port       = number
    to_port         = number
    protocol        = string
    security_groups = list(string)
    cidr_blocks     = list(string)
  }))
| n/a | yes | -| [public\_subnets](#input\_public\_subnets) | Public subnets | `list(string)` | n/a | yes | -| [region](#input\_region) | AWS Region where resources are to be created | `string` | n/a | yes | -| [tags](#input\_tags) | Common tags to be used by all resources | `map(string)` | n/a | yes | -| [vpc\_all](#input\_vpc\_all) | The full name of the VPC (including environment) used to create resources | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +| --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | :------: | +| [account_number](#input_account_number) | Account number of current environment | `string` | n/a | yes | +| [application_name](#input_application_name) | Name of application | `string` | n/a | yes | +| [enable_deletion_protection](#input_enable_deletion_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | n/a | yes | +| [existing_bucket_name](#input_existing_bucket_name) | The name of the existing bucket name. If no bucket is provided one will be created for them. | `string` | `""` | no | +| [force_destroy_bucket](#input_force_destroy_bucket) | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | +| [idle_timeout](#input_idle_timeout) | The time in seconds that the connection is allowed to be idle. | `string` | n/a | yes | +| [loadbalancer_egress_rules](#input_loadbalancer_egress_rules) | Security group egress rules for the loadbalancer | 
map(object({
 description = string
 from_port = number
 to_port = number
 protocol = string
 security_groups = list(string)
 cidr_blocks = list(string)
 }))
| n/a | yes | +| [loadbalancer_ingress_rules](#input_loadbalancer_ingress_rules) | Security group ingress rules for the loadbalancer | 
map(object({
 description = string
 from_port = number
 to_port = number
 protocol = string
 security_groups = list(string)
 cidr_blocks = list(string)
 }))
| n/a | yes | +| [public_subnets](#input_public_subnets) | Public subnets | `list(string)` | n/a | yes | +| [region](#input_region) | AWS Region where resources are to be created | `string` | n/a | yes | +| [tags](#input_tags) | Common tags to be used by all resources | `map(string)` | n/a | yes | +| [vpc_all](#input_vpc_all) | The full name of the VPC (including environment) used to create resources | `string` | n/a | yes | ## Outputs -| Name | Description | -|------|-------------| -| [athena\_db](#output\_athena\_db) | n/a | -| [load\_balancer](#output\_load\_balancer) | n/a | -| [security\_group](#output\_security\_group) | n/a | +| Name | Description | +| ----------------------------------------------------------------------------- | ----------- | +| [athena_db](#output_athena_db) | n/a | +| [load_balancer](#output_load_balancer) | n/a | +| [security_group](#output_security_group) | n/a | ## Looking for issues? + If you're looking to raise an issue with this module, please create a new issue in the [Modernisation Platform repository](https://github.com/ministryofjustice/modernisation-platform/issues). + ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.1 | -| [aws](#requirement\_aws) | ~> 4.0 | +| Name | Version | +| ------------------------------------------------------------------------ | -------- | +| [terraform](#requirement_terraform) | >= 1.0.1 | +| [aws](#requirement_aws) | ~> 4.0 | ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 4.0 | +| Name | Version | +| ------------------------------------------------ | ------- | +| [aws](#provider_aws) | ~> 4.0 | ## Modules -| Name | Source | Version | -|------|--------|---------| -| [s3-bucket](#module\_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v6.2.0 | +| Name | Source | Version | +| -------------------------------------------------------------- | ----------------------------------------------------------------------- | ------- | +| [s3-bucket](#module_s3-bucket) | github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket | v6.2.0 | ## Resources -| Name | Type | -|------|------| -| [aws_athena_database.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database) | resource | -| [aws_athena_named_query.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_named_query) | resource | -| [aws_athena_workgroup.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup) | resource | -| [aws_lb.loadbalancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | -| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | -| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | +| Name | Type | +| ------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| [aws_athena_database.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_database) | resource | +| [aws_athena_named_query.main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_named_query) | resource | +| [aws_athena_workgroup.lb-access-logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/athena_workgroup) | resource | +| [aws_lb.loadbalancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb) | resource | +| [aws_security_group.lb](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | +| [aws_elb_service_account.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/elb_service_account) | data source | | [aws_iam_policy_document.bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | +| [aws_vpc.shared](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source | ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [account\_number](#input\_account\_number) | Account number of current environment | `string` | n/a | yes | -| [application\_name](#input\_application\_name) | Name of application | `string` | n/a | yes | -| [enable\_deletion\_protection](#input\_enable\_deletion\_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | n/a | yes | -| [existing\_bucket\_name](#input\_existing\_bucket\_name) | The name of the existing bucket name. If no bucket is provided one will be created for them. | `string` | `""` | no | -| [force\_destroy\_bucket](#input\_force\_destroy\_bucket) | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | -| [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle. | `string` | n/a | yes | -| [internal\_lb](#input\_internal\_lb) | A boolean that determines whether the load balancer is internal or internet-facing. | `bool` | `false` | no | -| [loadbalancer\_egress\_rules](#input\_loadbalancer\_egress\_rules) | Security group egress rules for the loadbalancer | 
map(object({
    description     = string
    from_port       = number
    to_port         = number
    protocol        = string
    security_groups = list(string)
    cidr_blocks     = list(string)
  }))
| n/a | yes | -| [loadbalancer\_ingress\_rules](#input\_loadbalancer\_ingress\_rules) | Security group ingress rules for the loadbalancer | 
map(object({
    description     = string
    from_port       = number
    to_port         = number
    protocol        = string
    security_groups = list(string)
    cidr_blocks     = list(string)
  }))
| n/a | yes | -| [public\_subnets](#input\_public\_subnets) | Public subnets | `list(string)` | n/a | yes | -| [region](#input\_region) | AWS Region where resources are to be created | `string` | n/a | yes | -| [tags](#input\_tags) | Common tags to be used by all resources | `map(string)` | n/a | yes | -| [vpc\_all](#input\_vpc\_all) | The full name of the VPC (including environment) used to create resources | `string` | n/a | yes | +| Name | Description | Type | Default | Required | +| --------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | :------: | +| [account_number](#input_account_number) | Account number of current environment | `string` | n/a | yes | +| [application_name](#input_application_name) | Name of application | `string` | n/a | yes | +| [enable_deletion_protection](#input_enable_deletion_protection) | If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. | `bool` | n/a | yes | +| [existing_bucket_name](#input_existing_bucket_name) | The name of the existing bucket name. If no bucket is provided one will be created for them. | `string` | `""` | no | +| [force_destroy_bucket](#input_force_destroy_bucket) | A boolean that indicates all objects (including any locked objects) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are not recoverable. | `bool` | `false` | no | +| [idle_timeout](#input_idle_timeout) | The time in seconds that the connection is allowed to be idle. | `string` | n/a | yes | +| [internal_lb](#input_internal_lb) | A boolean that determines whether the load balancer is internal or internet-facing. | `bool` | `false` | no | +| [loadbalancer_egress_rules](#input_loadbalancer_egress_rules) | Security group egress rules for the loadbalancer | 
map(object({
 description = string
 from_port = number
 to_port = number
 protocol = string
 security_groups = list(string)
 cidr_blocks = list(string)
 }))
| n/a | yes | +| [loadbalancer_ingress_rules](#input_loadbalancer_ingress_rules) | Security group ingress rules for the loadbalancer | 
map(object({
 description = string
 from_port = number
 to_port = number
 protocol = string
 security_groups = list(string)
 cidr_blocks = list(string)
 }))
| n/a | yes | +| [public_subnets](#input_public_subnets) | Public subnets | `list(string)` | n/a | yes | +| [region](#input_region) | AWS Region where resources are to be created | `string` | n/a | yes | +| [tags](#input_tags) | Common tags to be used by all resources | `map(string)` | n/a | yes | +| [vpc_all](#input_vpc_all) | The full name of the VPC (including environment) used to create resources | `string` | n/a | yes | ## Outputs -| Name | Description | -|------|-------------| -| [athena\_db](#output\_athena\_db) | n/a | -| [load\_balancer](#output\_load\_balancer) | n/a | -| [security\_group](#output\_security\_group) | n/a | +| Name | Description | +| ----------------------------------------------------------------------------- | ----------- | +| [athena_db](#output_athena_db) | n/a | +| [load_balancer](#output_load_balancer) | n/a | +| [security_group](#output_security_group) | n/a | + diff --git a/terraform/environments/mlra/modules/ecs/README.md b/terraform/environments/mlra/modules/ecs/README.md index d5d85a60173..03b3d894921 100644 --- a/terraform/environments/mlra/modules/ecs/README.md +++ b/terraform/environments/mlra/modules/ecs/README.md @@ -1,12 +1,10 @@ -This `ecs` local Terraform module is taken from the MP provided module - , and subsequently we have developed from the code there. Below is the README.md taken form the MP module. - # Modernisation Platform ECS Cluster Module -[![repo standards badge](https://img.shields.io/badge/dynamic/json?color=blue&style=for-the-badge&logo=github&label=MoJ%20Compliant&query=%24.result&url=https%3A%2F%2Foperations-engineering-reports.cloud-platform.service.justice.gov.uk%2Fapi%2Fv1%2Fcompliant_public_repositories%2Fmodernisation-platform-terraform-ecs)](https://operations-engineering-reports.cloud-platform.service.justice.gov.uk/public-github-repositories.html#modernisation-platform-terraform-ecs "Link to report") +This `ecs` local Terraform module is taken from the MP provided module - , and subsequently we have developed from the code there. Below is the README.md taken form the MP module. ## Usage -```hcl +```terraform module "mlra-ecs" { diff --git a/terraform/environments/nomis-combined-reporting/.ssh/README.md b/terraform/environments/nomis-combined-reporting/.ssh/README.md index 780073d7a37..b92b46fd44f 100644 --- a/terraform/environments/nomis-combined-reporting/.ssh/README.md +++ b/terraform/environments/nomis-combined-reporting/.ssh/README.md @@ -1,9 +1,11 @@ +# SSH keys + Each environment has its own public/private ssh key pair for the default ec2-user. The private key is uploaded as a SSM parameter in each environment under `ec2-user_pem`. For example: -``` +```shell PROFILE=nomis-development # for example pem=$(cat $PROFILE/ec2-user) aws ssm put-parameter --name "ec2-user_pem" --type "SecureString" --data-type "text" --value "$pem" --profile "$PROFILE" diff --git a/terraform/environments/nomis-data-hub/.ssh/README.md b/terraform/environments/nomis-data-hub/.ssh/README.md index 780073d7a37..b92b46fd44f 100644 --- a/terraform/environments/nomis-data-hub/.ssh/README.md +++ b/terraform/environments/nomis-data-hub/.ssh/README.md @@ -1,9 +1,11 @@ +# SSH keys + Each environment has its own public/private ssh key pair for the default ec2-user. The private key is uploaded as a SSM parameter in each environment under `ec2-user_pem`. For example: -``` +```shell PROFILE=nomis-development # for example pem=$(cat $PROFILE/ec2-user) aws ssm put-parameter --name "ec2-user_pem" --type "SecureString" --data-type "text" --value "$pem" --profile "$PROFILE" diff --git a/terraform/environments/nomis/.ssh/README.md b/terraform/environments/nomis/.ssh/README.md index fa6047fb7aa..e00fb99cbaa 100644 --- a/terraform/environments/nomis/.ssh/README.md +++ b/terraform/environments/nomis/.ssh/README.md @@ -4,11 +4,13 @@ Each environment has its own public/private ssh key pair for the default ec2-use The private key is uploaded as a SSM parameter in each environment under `ec2-user_pem`. ## Creating the keys + Run [create-keys.sh](create-keys.sh) to create the initial keys Then create the SSM placeholder parameters in AWS Then update the SSM parameters with [put-keys.sh](put-keys.sh) ## Using the keys + Run [get-keys.sh](get-keys.sh) from this directory to download all of the keys. Run [create-links.sh](create-links.sh) from this directory to create soft links in your ~/.ssh directory diff --git a/terraform/environments/nomis/README.md b/terraform/environments/nomis/README.md index 50bf1e00287..94cad594d7a 100644 --- a/terraform/environments/nomis/README.md +++ b/terraform/environments/nomis/README.md @@ -39,7 +39,7 @@ Email for database and ap ### **Service team contact:** -# ask-digital-studio-ops +## ask-digital-studio-ops diff --git a/terraform/environments/oasys/.ssh/README.md b/terraform/environments/oasys/.ssh/README.md index 780073d7a37..b92b46fd44f 100644 --- a/terraform/environments/oasys/.ssh/README.md +++ b/terraform/environments/oasys/.ssh/README.md @@ -1,9 +1,11 @@ +# SSH keys + Each environment has its own public/private ssh key pair for the default ec2-user. The private key is uploaded as a SSM parameter in each environment under `ec2-user_pem`. For example: -``` +```shell PROFILE=nomis-development # for example pem=$(cat $PROFILE/ec2-user) aws ssm put-parameter --name "ec2-user_pem" --type "SecureString" --data-type "text" --value "$pem" --profile "$PROFILE" diff --git a/terraform/environments/planetfm/.ssh/README.md b/terraform/environments/planetfm/.ssh/README.md index 5d5810dc301..490e13be4a0 100644 --- a/terraform/environments/planetfm/.ssh/README.md +++ b/terraform/environments/planetfm/.ssh/README.md @@ -1,11 +1,13 @@ +# SSH keys + Each environment has its own public/private ssh key pair for the default ec2-user. The private key is uploaded as a SSM parameter in each environment under `ec2-user_pem`. -# Creating Keys +## Creating Keys 1. Generate keys (don't set password) -``` +```shell app=planetfm for env in development test preproduction production; do mkdir -p $app-$env @@ -21,7 +23,7 @@ done Assumes you have correct aws config profiles setup -``` +```shell app=planetfm for env in development test preproduction production; do pem=$(cat $app-$env/ec2-user) @@ -31,11 +33,11 @@ done 4. Delete any local private keys -``` +```shell rm */ec2-user ``` -# Using keys +## Using keys Run [get-keys.sh](get-keys.sh) from this directory to download all of the keys (set a password you can remember). @@ -43,7 +45,8 @@ Example ssh config found [here](https://github.com/ministryofjustice/dso-useful- This assumes keys are stored under your .ssh directory, e.g. `~/.ssh/planetfm-development/ec2-user` Setup soft links in your own .ssh directory like this -``` + +```shell dir=$(pwd) ( cd ~/.ssh diff --git a/terraform/environments/pra-register/README.md b/terraform/environments/pra-register/README.md index 66593368f4e..ea0919311f4 100644 --- a/terraform/environments/pra-register/README.md +++ b/terraform/environments/pra-register/README.md @@ -1,3 +1,5 @@ +# Service Runbook + ## Mandatory Information ### **Last review date:** @@ -6,7 +8,7 @@ ### **Description:** -The Parental Responsibility Agreement Register (PRA) application is a business critical application that allows HMCTS Central Family court staff to register all Parental Responsibility Agreements (PRAs) submitted to Central Family Court. Staff users can also view submitted PRAs within the lifecycle of the Agreement and search for agreements using selected criteria. +The Parental Responsibility Agreement Register (PRA) application is a business critical application that allows HMCTS Central Family court staff to register all Parental Responsibility Agreements (PRAs) submitted to Central Family Court. Staff users can also view submitted PRAs within the lifecycle of the Agreement and search for agreements using selected criteria. PRA agreements are termed certificates once signed and witnessed by the relevant parties. diff --git a/terraform/environments/wardship/README.md b/terraform/environments/wardship/README.md index f56037035dc..09bdfc8a984 100644 --- a/terraform/environments/wardship/README.md +++ b/terraform/environments/wardship/README.md @@ -1,3 +1,5 @@ +# Service Runbook + ## Mandatory Information ### **Last review date:** diff --git a/terraform/modules/acm_certificate/README.md b/terraform/modules/acm_certificate/README.md index 58a0caa7309..e010ebf367f 100644 --- a/terraform/modules/acm_certificate/README.md +++ b/terraform/modules/acm_certificate/README.md @@ -1,3 +1,5 @@ +# ACM certificate + Create an AWS ACM certificate with DNS validation against zones in current account, core-vpc account or core-network-shared-services account. Ensure the validation map contains entries for both the `domain_name` and all @@ -15,7 +17,7 @@ If the DNS zone which is being added to a certificate is in azure i.e. in exampl Example usage: -``` +```terraform locals { acm_certificates = { common = { @@ -86,7 +88,7 @@ Validation records are created in the relevant zone. The zone is looked up from variable using the domain name as the key to the map. Alternatively, use the `validation` option to explicitly define the mapping between `domain_name` and `zone`, e.g. -``` +```terraform validation = { "modernisation-platform.service.justice.gov.uk" = { account = "core-network-services" diff --git a/terraform/modules/cost_usage_report/README.md b/terraform/modules/cost_usage_report/README.md index a3e1d289c90..a9f9a51956c 100644 --- a/terraform/modules/cost_usage_report/README.md +++ b/terraform/modules/cost_usage_report/README.md @@ -1,10 +1,12 @@ +# Cost Usage Report + Enable Cost Usage Reports on a 'per-environment' basis. ## Usage For example: -``` +```terraform module "cost_usage_report" { count = lookup(var.cost_usage_report, "create", false) ? 1 : 0 @@ -26,7 +28,7 @@ module "cost_usage_report" { triggered by the following in the environment configuration file: -``` +```terraform cost_usage_report = { create = true } @@ -42,4 +44,4 @@ The main challenge with this module is whether/when AWS decide to change their r The module translates the planetfm-cost-usage-report-create-table.sql file into a terraform 'aws_glue_catalog_table' resource. This has been done manually and is not automated so if the schema changes then the terraform resource will need to be updated. This sql table file is created in the S3 bucket when the `aws_cur_report_definition` resource is created. -This also performs a check to make sure that the s3 bucket is writable by the report definition. Any permission failures will be reported in the terraform plan. \ No newline at end of file +This also performs a check to make sure that the s3 bucket is writable by the report definition. Any permission failures will be reported in the terraform plan. diff --git a/terraform/modules/environment/README.md b/terraform/modules/environment/README.md index b95eab40df5..93181a95469 100644 --- a/terraform/modules/environment/README.md +++ b/terraform/modules/environment/README.md @@ -19,7 +19,7 @@ resources and local variables which are often needed, such as: For example: -``` +```terraform module "environment" { source = "../../modules/environment" diff --git a/terraform/modules/lb_listener/README.md b/terraform/modules/lb_listener/README.md index 4a7e8dd9f61..c9f9b8671f1 100644 --- a/terraform/modules/lb_listener/README.md +++ b/terraform/modules/lb_listener/README.md @@ -1,3 +1,5 @@ +# Load Balancer Listener + Create an `aws_lb_listener` with associated resources such as: - `aws_lb_listener_rule` @@ -16,7 +18,7 @@ variables. Example usage: -``` +```terraform locals { lb_http_7777_rule = {