ministryofjustice · jacobwoffenden · Aug 19, 2024 · Aug 13, 2024 · Aug 13, 2024 · Aug 13, 2024
@@ -70,7 +70,8 @@ locals {
           }
         }
       }
-      grafana_api_key_rotator_version = "1.0.5"
+      grafana_version                 = "10.4"
+      grafana_api_key_rotator_version = "1.0.10"
     }
     production = {
       tenant_configuration = {
@@ -141,7 +142,8 @@ locals {
           }
         }
       }
-      grafana_api_key_rotator_version = "1.0.5"
+      grafana_version                 = "10.4"
+      grafana_api_key_rotator_version = "1.0.10"
     }
   }
 }
@@ -14,7 +14,7 @@ module "amazon_managed_grafana_remote_cloudwatch_iam_policy" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
-  version = "5.39.1"
+  version = "5.44.0"
 
   name_prefix = "amazon-managed-grafana-remote-cloudwatch"
 

diff --git a/terraform/environments/observability-platform/imports.tf b/terraform/environments/observability-platform/imports.tf
@@ -0,0 +1,74 @@
+/*
+This file is temporary and will be removed once imports are done in production
+Working from this plan https://github.com/ministryofjustice/modernisation-platform-environments/actions/runs/10373629467/job/28799856877?pr=7439
+*/
+
+import {
+  to = grafana_data_source.github
+  id = "bkklZqJSk"
+}
+
+import {
+  to = grafana_data_source.observability_platform_prometheus
+  id = "b0LdomDIk"
+}
+
+import {
+  to = module.tenant_configuration["analytical-platform"].module.amazon_prometheus_query_source["analytical-platform-compute-production"].grafana_data_source.this
+  id = "jCTSdHsSk"
+}
+
+import {
+  to = module.tenant_configuration["analytical-platform"].module.cloudwatch_source["analytical-platform-compute-production"].grafana_data_source.this
+  id = "rKHiQ3LSk"
+}
+
+import {
+  to = module.tenant_configuration["analytical-platform"].module.cloudwatch_source["analytical-platform-ingestion-production"].grafana_data_source.this
+  id = "Vw2Vsz1Iz"
+}
+
+import {
+  to = module.tenant_configuration["analytical-platform"].module.xray_source["analytical-platform-compute-production"].grafana_data_source.this
+  id = "j9Ziw3LIk"
+}
+
+import {
+  to = module.tenant_configuration["analytical-platform"].module.xray_source["analytical-platform-ingestion-production"].grafana_data_source.this
+  id = "Y4c4skJSk"
+}
+
+import {
+  to = module.tenant_configuration["modernisation-platform"].module.cloudwatch_source["core-logging-production"].grafana_data_source.this
+  id = "zAGNE2lSk"
+}
+
+import {
+  to = module.tenant_configuration["modernisation-platform"].module.cloudwatch_source["core-network-services-production"].grafana_data_source.this
+  id = "8ArgVsySk"
+}
+
+import {
+  to = module.tenant_configuration["modernisation-platform"].module.cloudwatch_source["core-security-production"].grafana_data_source.this
+  id = "veWNEh_Sz"
+}
+
+import {
+  to = module.tenant_configuration["modernisation-platform"].module.cloudwatch_source["core-shared-services-production"].grafana_data_source.this
+  id = "HzGHE2lSz"
+}
+
+import {
+  to = module.tenant_configuration["modernisation-platform"].module.cloudwatch_source["core-vpc-production"].grafana_data_source.this
+  id = "RAMNE2_Ik"
+}
+
+import {
+  to = module.tenant_configuration["observability-platform"].module.cloudwatch_source["observability-platform-production"].grafana_data_source.this
+  id = "j5q0EC5Sz"
+}
+
+import {
+  to = module.tenant_configuration["observability-platform"].module.xray_source["observability-platform-production"].grafana_data_source.this
+  id = "jhl0PjcSk"
+}
@@ -6,7 +6,7 @@ module "grafana_api_key_rotator" {
   #checkov:skip=CKV_AWS_258:Function is not invoked by URL
 
   source  = "terraform-aws-modules/lambda/aws"
-  version = "7.7.0"
+  version = "7.7.1"
 
   publish        = true
   create_package = false

@@ -9,7 +9,8 @@ module "managed_grafana" {
 
   name = local.application_name
 
-  license_type = "ENTERPRISE"
+  license_type    = "ENTERPRISE"
+  grafana_version = local.environment_configuration.grafana_version
 
   account_access_type       = "CURRENT_ACCOUNT"
   authentication_providers  = ["AWS_SSO"]
@@ -40,6 +41,12 @@ module "managed_grafana" {
   tags = local.tags
 }
 
+resource "aws_grafana_workspace_service_account" "automation" {
+  name         = "automation"
+  grafana_role = "ADMIN"
+  workspace_id = module.managed_grafana.workspace_id
+}
+
 /* Slack Contact Points */
 module "contact_point_slack" {
   for_each = toset(local.all_slack_channels)

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

@@ -6,7 +6,7 @@ terraform {
     }
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

@@ -6,7 +6,7 @@ terraform {
     }
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

@@ -26,7 +26,7 @@ data "grafana_data_source" "cloudwatch" {
 resource "grafana_data_source_permission" "cloudwatch" {
   for_each = var.aws_accounts
 
-  datasource_id = data.grafana_data_source.cloudwatch[each.key].id
+  datasource_uid = trimprefix(data.grafana_data_source.cloudwatch[each.key].id, "1:")
 
   permissions {
     team_id    = grafana_team.this.id
@@ -47,7 +47,7 @@ resource "grafana_data_source_permission" "xray" {
     for name, account in var.aws_accounts : name => account if account.xray_enabled
   }
 
-  datasource_id = data.grafana_data_source.xray[each.key].id
+  datasource_uid = trimprefix(data.grafana_data_source.xray[each.key].id, "1:")
 
   permissions {
     team_id    = grafana_team.this.id
@@ -68,7 +68,7 @@ resource "grafana_data_source_permission" "amazon_prometheus" {
     for name, account in var.aws_accounts : name => account if account.amazon_prometheus_query_enabled
   }
 
-  datasource_id = data.grafana_data_source.amazon_prometheus[each.key].id
+  datasource_uid = trimprefix(data.grafana_data_source.amazon_prometheus[each.key].id, "1:")
 
   permissions {
     team_id    = grafana_team.this.id

@@ -6,7 +6,7 @@ terraform {
     }
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     grafana = {
       source  = "grafana/grafana"
-      version = "~> 2.0"
+      version = "~> 3.0"
     }
   }
   required_version = "~> 1.0"

@@ -21,7 +21,7 @@ module "iam_policy" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-policy"
-  version = "5.39.1"
+  version = "5.44.0"
 
   name_prefix = "${var.name}-prometheus"
 
@@ -33,7 +33,7 @@ module "iam_role" {
   #checkov:skip=CKV_TF_2:Module registry does not support tags for versions
 
   source  = "terraform-aws-modules/iam/aws//modules/iam-assumable-role"
-  version = "5.39.1"
+  version = "5.44.0"
 
   create_role             = true
   role_name               = "${var.name}-prometheus"

@@ -6,7 +6,7 @@ terraform {
     }
     grafana = {
       source  = "grafana/grafana"
-      version = "2.5.0"
+      version = "~> 3.0"
     }
     http = {
       version = "~> 3.0"