ministryofjustice · ASTRobinson · Jun 24, 2024 · Jun 24, 2024
@@ -52,8 +52,8 @@ locals {
       target_buckets = ["mojap-land"]
 
       /* Transfer Server */
-      transfer_server_hostname               = "sftp.ingestion.analytical-platform.service.justice.gov.uk"
-      transfer_server_sftp_users             = {}
+      transfer_server_hostname   = "sftp.ingestion.analytical-platform.service.justice.gov.uk"
+      transfer_server_sftp_users = {}
       transfer_server_sftp_users_with_egress = {
         "essex-police" = {
           ssh_key               = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpNyYzfbqmy4QkViLRyASRqxrEK7G34o3Bc6Jdp8vK555/oBuAUXUxfavtenZnxuxdxsrBYBSCBFcU4+igeXN/nN2kVfaUlt1xBZBCRUaajinhmt+3CLbr8bWmHR/5vL/DhxHH+j/+gDH5A244XN/ybZQvCGX/ilgKiae8s0tiOZD2hmX0fhRTCohQFG/DIu06gqKIyxUQoHBoBJxjzaDvjqioJgqmD9893DN+Gx1KozmaQWHM+0f7iK1UFp8BkdeFBVkj8TOfx60o/EmAjWQ/U+WSHblaXo0nI+LQKZYkW52uTEnfSkbkyvs/vj8E8+vagwYi0noyTVmb5qReSuk1kyuqEP2ycKIaWKt+Z4LnwxHm7KO51SMMeBgpiFHaUTQWXZHYuU2aXVfFIgJkCtHdEjG7Qe2P8K5XU5rG+CrQ/Y9PxPrKQHk+2nox9dLfCWo2Eho1N85z9/rA7A0oNwsHkjWAl3k87lWdpg7y3VNLzqsMNF4M4HjpQV60MH73dUU= [email protected]"

@@ -6,33 +6,33 @@ module "apex-ecs" {
 
   source = "./modules/ecs"
 
-  subnet_set_name           = local.subnet_set_name
-  vpc_all                   = local.vpc_all
-  app_name                  = local.application_name
-  container_instance_type   = local.application_data.accounts[local.environment].container_instance_type
-  ami_image_id              = local.application_data.accounts[local.environment].ami_image_id
-  instance_type             = local.application_data.accounts[local.environment].instance_type
-  user_data                 = local.user_data
-  key_name                  = local.application_data.accounts[local.environment].key_name
-  task_definition           = local.task_definition
-  ec2_desired_capacity      = local.application_data.accounts[local.environment].ec2_desired_capacity
-  ec2_max_size              = local.application_data.accounts[local.environment].ec2_max_size
-  ec2_min_size              = local.application_data.accounts[local.environment].ec2_min_size
-  task_definition_volume    = local.application_data.accounts[local.environment].task_definition_volume
-  network_mode              = local.application_data.accounts[local.environment].network_mode
-  server_port               = local.application_data.accounts[local.environment].server_port
-  app_count                 = local.application_data.accounts[local.environment].app_count
-  ec2_ingress_rules         = local.ec2_ingress_rules
-  ec2_egress_rules          = local.ec2_egress_rules
-  lb_tg_arn                 = module.alb.target_group_arn
-  tags_common               = local.tags
-  appscaling_min_capacity   = local.application_data.accounts[local.environment].appscaling_min_capacity
-  appscaling_max_capacity   = local.application_data.accounts[local.environment].appscaling_max_capacity
-  ecs_scaling_cpu_threshold = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold
-  ecs_scaling_mem_threshold = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold
-  ecs_target_capacity       = local.ecs_target_capacity
+  subnet_set_name            = local.subnet_set_name
+  vpc_all                    = local.vpc_all
+  app_name                   = local.application_name
+  container_instance_type    = local.application_data.accounts[local.environment].container_instance_type
+  ami_image_id               = local.application_data.accounts[local.environment].ami_image_id
+  instance_type              = local.application_data.accounts[local.environment].instance_type
+  user_data                  = local.user_data
+  key_name                   = local.application_data.accounts[local.environment].key_name
+  task_definition            = local.task_definition
+  ec2_desired_capacity       = local.application_data.accounts[local.environment].ec2_desired_capacity
+  ec2_max_size               = local.application_data.accounts[local.environment].ec2_max_size
+  ec2_min_size               = local.application_data.accounts[local.environment].ec2_min_size
+  task_definition_volume     = local.application_data.accounts[local.environment].task_definition_volume
+  network_mode               = local.application_data.accounts[local.environment].network_mode
+  server_port                = local.application_data.accounts[local.environment].server_port
+  app_count                  = local.application_data.accounts[local.environment].app_count
+  ec2_ingress_rules          = local.ec2_ingress_rules
+  ec2_egress_rules           = local.ec2_egress_rules
+  lb_tg_arn                  = module.alb.target_group_arn
+  tags_common                = local.tags
+  appscaling_min_capacity    = local.application_data.accounts[local.environment].appscaling_min_capacity
+  appscaling_max_capacity    = local.application_data.accounts[local.environment].appscaling_max_capacity
+  ecs_scaling_cpu_threshold  = local.application_data.accounts[local.environment].ecs_scaling_cpu_threshold
+  ecs_scaling_mem_threshold  = local.application_data.accounts[local.environment].ecs_scaling_mem_threshold
+  ecs_target_capacity        = local.ecs_target_capacity
   ec2_instance_warmup_period = local.application_data.accounts[local.environment].ec2_instance_warmup_period
-  log_group_kms_key         = aws_kms_key.cloudwatch_logs_key.arn
-  environment               = local.environment
+  log_group_kms_key          = aws_kms_key.cloudwatch_logs_key.arn
+  environment                = local.environment
 
 }
@@ -501,7 +501,7 @@ resource "aws_appautoscaling_policy" "ecs_target_cpu" {
     predefined_metric_specification {
       predefined_metric_type = "ECSServiceAverageCPUUtilization"
     }
-    target_value = var.ecs_scaling_cpu_threshold
+    target_value       = var.ecs_scaling_cpu_threshold
     scale_in_cooldown  = 300
     scale_out_cooldown = 300
   }
@@ -517,7 +517,7 @@ resource "aws_appautoscaling_policy" "ecs_target_memory" {
     predefined_metric_specification {
       predefined_metric_type = "ECSServiceAverageMemoryUtilization"
     }
-    target_value = var.ecs_scaling_mem_threshold
+    target_value       = var.ecs_scaling_mem_threshold
     scale_in_cooldown  = 300
     scale_out_cooldown = 300
   }
@@ -533,8 +533,8 @@ resource "aws_ecs_capacity_provider" "apex" {
     managed_scaling {
       # maximum_scaling_step_size = 1000
       # minimum_scaling_step_size = 1
-      status          = "ENABLED"
-      target_capacity = var.ecs_target_capacity
+      status                 = "ENABLED"
+      target_capacity        = var.ecs_target_capacity
       instance_warmup_period = var.ec2_instance_warmup_period
     }
     managed_draining = "ENABLED"

@@ -54,7 +54,7 @@ module "bps_instance" {
   availability_zone = "eu-west-2a"
   subnet_id         = var.account_config.private_subnet_ids[count.index]
   tags              = var.tags
-  
+
   cloudwatch_metric_alarms = merge(
     local.cloudwatch_metric_alarms.ec2
   )

@@ -54,7 +54,7 @@ module "bws_instance" {
   availability_zone = "eu-west-2a"
   subnet_id         = var.account_config.private_subnet_ids[count.index]
   tags              = var.tags
-  
+
   cloudwatch_metric_alarms = merge(
     local.cloudwatch_metric_alarms.ec2
   )

@@ -54,7 +54,7 @@ module "dis_instance" {
   availability_zone = "eu-west-2a"
   subnet_id         = var.account_config.private_subnet_ids[count.index]
   tags              = var.tags
-  
+
   cloudwatch_metric_alarms = merge(
     local.cloudwatch_metric_alarms.ec2
   )

@@ -14,13 +14,13 @@ resource "aws_glue_connection" "glue_operational_datastore_connection" {
   }
 
   physical_connection_requirements {
-    availability_zone = data.aws_subnet.private_subnets_a.availability_zone
+    availability_zone      = data.aws_subnet.private_subnets_a.availability_zone
     security_group_id_list = [aws_security_group.glue_operational_datastore_connection_sg[0].id]
-    subnet_id         = data.aws_subnet.private_subnets_a.id
+    subnet_id              = data.aws_subnet.private_subnets_a.id
   }
 }
 
-resource aws_security_group "glue_operational_datastore_connection_sg" {
+resource "aws_security_group" "glue_operational_datastore_connection_sg" {
   count       = (local.environment == "development" ? 1 : 0)
   name        = "${local.project}-operational-datastore-connection_sg"
   description = "Security group to allow glue access to Operational Datastore via JDBC Connection"
@@ -31,18 +31,18 @@ resource aws_security_group "glue_operational_datastore_connection_sg" {
 
   # A self-referencing inbound rule for all TCP ports to enable AWS Glue to communicate between its components
   ingress {
-    from_port = 0
-    to_port   = 65535
-    protocol  = "TCP"
-    self      = true
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "TCP"
+    self        = true
     description = "Security Group can Ingress to itself on all ports - required for Glue to communicate with itself"
   }
 
   # Allow all traffic out
   egress {
-    from_port = 0
-    to_port   = 0
-    protocol  = "-1"
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
     cidr_blocks = ["0.0.0.0/0"]
     description = "Allow all traffic out from this Security Group"
   }

@@ -701,7 +701,7 @@ data "aws_iam_policy_document" "glue_catalog_readonly" {
       "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:database/raw",
       "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:table/raw/*",
       "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:database/structured",
-      "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:table/structured/*"              
+      "arn:aws:glue:${local.current_account_region}:${local.current_account_id}:table/structured/*"
     ]
   }
 }

@@ -69,12 +69,12 @@ resource "aws_secretsmanager_secret" "operational_datastore" {
 }
 
 resource "aws_secretsmanager_secret_version" "operational_datastore" {
-  count     = (local.environment == "development" ? 1 : 0)
-  secret_id = aws_secretsmanager_secret.operational_datastore[0].id
+  count         = (local.environment == "development" ? 1 : 0)
+  secret_id     = aws_secretsmanager_secret.operational_datastore[0].id
   secret_string = jsonencode(local.operational_datastore_secrets_placeholder)
 
   lifecycle {
-    ignore_changes = [secret_string,]
+    ignore_changes = [secret_string, ]
   }
 }
 

@@ -1,7 +1,7 @@
 module "dms_task" {
   source = "./modules/dms"
 
-  for_each = toset(local.is-production? [
+  for_each = toset(local.is-production ? [
     "g4s_cap_dw",
     "g4s_emsys_mvp"
   ] : ["test"])

@@ -1,9 +1,9 @@
 module "ecr_lambda_repo" {
-    source = "./modules/ecr"
-    ecr_name = "lambdas/update_log_table"
+  source   = "./modules/ecr"
+  ecr_name = "lambdas/update_log_table"
 }
 
 module "ecr_lambdas_repo" {
-    source = "./modules/ecr"
-    ecr_name = "lambda-functions-repo"
+  source   = "./modules/ecr"
+  ecr_name = "lambda-functions-repo"
 }
@@ -324,13 +324,13 @@ resource "aws_iam_role_policy_attachment" "send_table_to_ap_get_parquet_files" {
 # ------------------------------------------------
 
 resource "aws_iam_role" "query_output_to_list" {
-    name                = "query_output_to_list"
-    assume_role_policy  = data.aws_iam_policy_document.lambda_assume_role.json
+  name               = "query_output_to_list"
+  assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
 }
 
 resource "aws_iam_role_policy_attachment" "query_output_to_list_lambda_sqs_queue_access_execution" {
-    role = aws_iam_role.query_output_to_list.name
-    policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
+  role       = aws_iam_role.query_output_to_list.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
 }
 
 
@@ -375,13 +375,13 @@ resource "aws_iam_role_policy_attachment" "get_file_keys_for_table_list_target_s
 # ------------------------------------------
 
 resource "aws_iam_role" "update_log_table" {
-  name = "update_log_table"
-  assume_role_policy  = data.aws_iam_policy_document.lambda_assume_role.json
+  name               = "update_log_table"
+  assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
 }
 
 resource "aws_iam_role_policy_attachment" "update_log_table_lambda_sqs_queue_access_execution" {
-    role = aws_iam_role.update_log_table.name
-    policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
+  role       = aws_iam_role.update_log_table.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
 }
 
 data "aws_iam_policy_document" "get_log_s3_files" {
@@ -393,29 +393,29 @@ data "aws_iam_policy_document" "get_log_s3_files" {
       "s3:PutObject",
       "s3:GetBucketLocation",
       "s3:DeleteObject"
-      ]
+    ]
     resources = [
       aws_s3_bucket.dms_dv_parquet_s3_bucket.arn,
       "${aws_s3_bucket.dms_dv_parquet_s3_bucket.arn}/*"
-      ]
+    ]
   }
 }
 
 resource "aws_iam_policy" "get_log_s3_files" {
-  name = "get_log_s3_files"
+  name   = "get_log_s3_files"
   policy = data.aws_iam_policy_document.get_log_s3_files.json
 }
 resource "aws_iam_role_policy_attachment" "update_log_table_get_log_s3_files" {
-    role = aws_iam_role.update_log_table.name
-    policy_arn = aws_iam_policy.get_log_s3_files.arn
+  role       = aws_iam_role.update_log_table.name
+  policy_arn = aws_iam_policy.get_log_s3_files.arn
 }
 
 # ------------------------------------------
 # output_file_structure_as_json_from_zip
 # ------------------------------------------
 
 resource "aws_iam_role" "output_fs_json_lambda" {
-  name = "output_fs_json_lambda"
+  name                = "output_fs_json_lambda"
   assume_role_policy  = data.aws_iam_policy_document.lambda_assume_role.json
   managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]
 }
@@ -434,9 +434,9 @@ data "aws_iam_policy_document" "output_fs_json_lambda_s3_policy_document" {
 }
 
 resource "aws_iam_policy" "output_fs_json_lambda_s3_policy" {
-  name                = "output-fs-json-lambda-s3-policy"
-  description         = "Policy for Lambda to use S3 for ${local.output_fs_json_lambda}"
-  policy              = data.aws_iam_policy_document.output_fs_json_lambda_s3_policy_document.json
+  name        = "output-fs-json-lambda-s3-policy"
+  description = "Policy for Lambda to use S3 for ${local.output_fs_json_lambda}"
+  policy      = data.aws_iam_policy_document.output_fs_json_lambda_s3_policy_document.json
 }
 
 resource "aws_iam_role_policy_attachment" "output_fs_json_lambda_s3_policy_attachment" {