diff --git a/.devcontainer/devcontainer-lock.json b/.devcontainer/devcontainer-lock.json index 0878214d625..3b599118e9f 100644 --- a/.devcontainer/devcontainer-lock.json +++ b/.devcontainer/devcontainer-lock.json @@ -21,4 +21,4 @@ "integrity": "sha256:6343878231decb72427ea2d59d98d0c4bb6f15931d86800330f7c84df8320f6c" } } -} \ No newline at end of file +} diff --git a/terraform/environments/delius-core/fargate_graceful_retirement.tf b/terraform/environments/delius-core/fargate_graceful_retirement.tf index 41ab31c395f..420c9c483b4 100644 --- a/terraform/environments/delius-core/fargate_graceful_retirement.tf +++ b/terraform/environments/delius-core/fargate_graceful_retirement.tf @@ -3,5 +3,5 @@ module "fargate_graceful_retirement" { source = "../../modules/fargate_graceful_retirement" restart_time = "22:00" restart_day_of_the_week = "WEDNESDAY" - debug_logging = true + debug_logging = true } diff --git a/terraform/environments/delius-mis/locals_environments_all.tf b/terraform/environments/delius-mis/locals_environments_all.tf index 414c91f9c0a..ed82f49e100 100644 --- a/terraform/environments/delius-mis/locals_environments_all.tf +++ b/terraform/environments/delius-mis/locals_environments_all.tf @@ -40,29 +40,29 @@ locals { domain_join_ports = [ { protocol = "tcp", from_port = 25, to_port = 25 }, - { protocol = "tcp", from_port = 53, to_port = 53 }, # DNS + { protocol = "tcp", from_port = 53, to_port = 53 }, # DNS { protocol = "udp", from_port = 53, to_port = 53 }, { protocol = "udp", from_port = 67, to_port = 67 }, - { protocol = "tcp", from_port = 88, to_port = 88 }, # Kerberos + { protocol = "tcp", from_port = 88, to_port = 88 }, # Kerberos { protocol = "udp", from_port = 88, to_port = 88 }, { protocol = "udp", from_port = 123, to_port = 123 }, # NTP - { protocol = "tcp", from_port = 135, to_port = 135 }, # RPC - { protocol = "udp", from_port = 137, to_port = 138 }, # NetBIOS - { protocol = "tcp", from_port = 139, to_port = 139 }, # NetBIOS - { protocol = "tcp", from_port = 389, to_port = 389 }, # LDAP + { protocol = "tcp", from_port = 135, to_port = 135 }, # RPC + { protocol = "udp", from_port = 137, to_port = 138 }, # NetBIOS + { protocol = "tcp", from_port = 139, to_port = 139 }, # NetBIOS + { protocol = "tcp", from_port = 389, to_port = 389 }, # LDAP { protocol = "udp", from_port = 389, to_port = 389 }, - { protocol = "tcp", from_port = 445, to_port = 445 }, # SMB + { protocol = "tcp", from_port = 445, to_port = 445 }, # SMB { protocol = "udp", from_port = 445, to_port = 445 }, - { protocol = "tcp", from_port = 464, to_port = 464 }, # Kerberos password change + { protocol = "tcp", from_port = 464, to_port = 464 }, # Kerberos password change { protocol = "udp", from_port = 464, to_port = 464 }, - { protocol = "tcp", from_port = 636, to_port = 636 }, # LDAPS + { protocol = "tcp", from_port = 636, to_port = 636 }, # LDAPS { protocol = "tcp", from_port = 1025, to_port = 5000 }, { protocol = "udp", from_port = 2535, to_port = 2535 }, { protocol = "tcp", from_port = 3268, to_port = 3269 }, { protocol = "tcp", from_port = 5722, to_port = 5722 }, { protocol = "tcp", from_port = 9389, to_port = 9389 }, { protocol = "tcp", from_port = 49152, to_port = 65535 }, - { protocol = "icmp", from_port = -1, to_port = -1 } # ICMP + { protocol = "icmp", from_port = -1, to_port = -1 } # ICMP ] } diff --git a/terraform/environments/performance-hub/module/ecs/main.tf b/terraform/environments/performance-hub/module/ecs/main.tf index f9008b5a01c..a4d17fb7ec1 100644 --- a/terraform/environments/performance-hub/module/ecs/main.tf +++ b/terraform/environments/performance-hub/module/ecs/main.tf @@ -99,7 +99,7 @@ resource "aws_security_group" "cluster_ec2" { # so that the autoscaling group creates new ones using the new launch template resource "aws_launch_template" "ec2-launch-template" { - name_prefix = "${var.app_name}-ec2-launch-template" + name_prefix = "${var.app_name}-ec2-launch-template" image_id = "resolve:ssm:/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-ECS_Optimized/image_id" instance_type = var.instance_type key_name = var.key_name diff --git a/terraform/environments/ppud/alb_external.tf b/terraform/environments/ppud/alb_external.tf index ba0b6397a69..9d4f05dbc3c 100644 --- a/terraform/environments/ppud/alb_external.tf +++ b/terraform/environments/ppud/alb_external.tf @@ -10,11 +10,11 @@ resource "aws_lb" "PPUD-ALB" { load_balancer_type = "application" security_groups = [aws_security_group.PPUD-ALB.id] subnets = [data.aws_subnet.public_subnets_b.id, data.aws_subnet.public_subnets_c.id] - access_logs { - bucket = aws_s3_bucket.moj-log-files-dev[0].id - prefix = "alb-logs" - enabled = true - } + access_logs { + bucket = aws_s3_bucket.moj-log-files-dev[0].id + prefix = "alb-logs" + enabled = true + } enable_deletion_protection = true drop_invalid_header_fields = true @@ -91,11 +91,11 @@ resource "aws_lb" "WAM-ALB" { load_balancer_type = "application" security_groups = [aws_security_group.WAM-ALB.id] subnets = [data.aws_subnet.public_subnets_a.id, data.aws_subnet.public_subnets_b.id] -# access_logs { -# bucket = aws_s3_bucket.moj-log-files-dev[0].id -# prefix = "alb-logs" -# enabled = true -# } + # access_logs { + # bucket = aws_s3_bucket.moj-log-files-dev[0].id + # prefix = "alb-logs" + # enabled = true + # } enable_deletion_protection = true drop_invalid_header_fields = true diff --git a/terraform/environments/ppud/alb_internal.tf b/terraform/environments/ppud/alb_internal.tf index 255e0001822..782d7296952 100644 --- a/terraform/environments/ppud/alb_internal.tf +++ b/terraform/environments/ppud/alb_internal.tf @@ -11,12 +11,12 @@ resource "aws_lb" "PPUD-internal-ALB" { load_balancer_type = "application" security_groups = [aws_security_group.PPUD-ALB.id] subnets = [data.aws_subnet.private_subnets_b.id, data.aws_subnet.private_subnets_c.id] -# access_logs { -# bucket = aws_s3_bucket.moj-log-files-uat[0].id -# prefix = "alb-logs" -# enabled = true -# } - + # access_logs { + # bucket = aws_s3_bucket.moj-log-files-uat[0].id + # prefix = "alb-logs" + # enabled = true + # } + enable_deletion_protection = true drop_invalid_header_fields = true diff --git a/terraform/environments/ppud/certificate_mgmt.tf b/terraform/environments/ppud/certificate_mgmt.tf index d7a3fae1819..2e2385da097 100644 --- a/terraform/environments/ppud/certificate_mgmt.tf +++ b/terraform/environments/ppud/certificate_mgmt.tf @@ -24,8 +24,8 @@ resource "aws_lambda_function" "terraform_lambda_func_certificate_expiry_dev" { runtime = "python3.8" timeout = 30 reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f" - depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_dev] + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f" + depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_dev] environment { variables = { EXPIRY_DAYS = "45", @@ -102,8 +102,8 @@ resource "aws_lambda_function" "terraform_lambda_func_certificate_expiry_uat" { runtime = "python3.8" timeout = 30 reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6" - depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_uat] + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6" + depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_uat] environment { variables = { EXPIRY_DAYS = "45", @@ -180,8 +180,8 @@ resource "aws_lambda_function" "terraform_lambda_func_certificate_expiry_prod" { runtime = "python3.8" timeout = 30 reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" - depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_prod] + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" + depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_certificate_expiry_to_lambda_role_certificate_expiry_prod] environment { variables = { EXPIRY_DAYS = "45", diff --git a/terraform/environments/ppud/lambda.tf b/terraform/environments/ppud/lambda.tf index a4ef6d33804..29549eafa43 100644 --- a/terraform/environments/ppud/lambda.tf +++ b/terraform/environments/ppud/lambda.tf @@ -30,7 +30,7 @@ resource "aws_lambda_function" "terraform_lambda_func_stop" { runtime = "python3.9" depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_to_lambda_role] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_prod[0].arn } @@ -49,7 +49,7 @@ resource "aws_lambda_function" "terraform_lambda_func_start" { runtime = "python3.9" depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_to_lambda_role] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_prod[0].arn } @@ -200,7 +200,7 @@ resource "aws_lambda_function" "terraform_lambda_disable_cpu_alarm" { runtime = "python3.12" depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_alarm_suppression_to_lambda_role_alarm_suppression] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_prod[0].arn } @@ -221,7 +221,7 @@ resource "aws_lambda_function" "terraform_lambda_enable_cpu_alarm" { runtime = "python3.12" depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_alarm_suppression_to_lambda_role_alarm_suppression] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_prod[0].arn } @@ -254,7 +254,7 @@ resource "aws_lambda_function" "terraform_lambda_func_terminate_cpu_process_dev" timeout = 300 depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_dev] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_dev[0].arn } @@ -296,7 +296,7 @@ resource "aws_lambda_function" "terraform_lambda_func_terminate_cpu_process_uat" timeout = 300 depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_uat] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_uat[0].arn } @@ -338,7 +338,7 @@ resource "aws_lambda_function" "terraform_lambda_func_terminate_cpu_process_prod timeout = 300 depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_prod] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_prod[0].arn } @@ -380,7 +380,7 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_notification_dev" timeout = 300 depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_dev] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:075585660276:code-signing-config:csc-0c7136ccff2de748f" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_dev[0].arn } @@ -422,7 +422,7 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_notification_uat" timeout = 300 depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_uat] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:172753231260:code-signing-config:csc-0db408c5170a8eba6" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_uat[0].arn } @@ -464,7 +464,7 @@ resource "aws_lambda_function" "terraform_lambda_func_send_cpu_notification_prod timeout = 300 depends_on = [aws_iam_role_policy_attachment.attach_lambda_policy_cloudwatch_invoke_lambda_to_lambda_role_cloudwatch_invoke_lambda_prod] reserved_concurrent_executions = 5 -# code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" + # code_signing_config_arn = "arn:aws:lambda:eu-west-2:817985104434:code-signing-config:csc-0bafee04a642a41c1" dead_letter_config { target_arn = aws_sqs_queue.lambda_queue_prod[0].arn } diff --git a/terraform/environments/ppud/s3.tf b/terraform/environments/ppud/s3.tf index a747af19b9c..2b8f7505446 100644 --- a/terraform/environments/ppud/s3.tf +++ b/terraform/environments/ppud/s3.tf @@ -885,7 +885,7 @@ resource "aws_s3_bucket_policy" "moj-log-files-dev" { "arn:aws:s3:::moj-log-files-dev/*" ] "Principal" : { - "AWS": "arn:aws:iam::652711504416:root" # This ID is the elb-account-id for eu-west-2 obtained from https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html + "AWS" : "arn:aws:iam::652711504416:root" # This ID is the elb-account-id for eu-west-2 obtained from https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html } } ] diff --git a/terraform/environments/ppud/sns.tf b/terraform/environments/ppud/sns.tf index 4687a15d890..b8074317957 100644 --- a/terraform/environments/ppud/sns.tf +++ b/terraform/environments/ppud/sns.tf @@ -108,7 +108,7 @@ data "aws_iam_policy_document" "sns_topic_policy_s3_notifications_prod" { "SNS:Publish" ] - condition { + condition { test = "ArnLike" variable = "AWS:SourceArn" values = ["arn:aws:s3:::moj-log-files-prod"] @@ -155,7 +155,7 @@ data "aws_iam_policy_document" "sns_topic_policy_s3_notifications_uat" { "SNS:Publish" ] - condition { + condition { test = "ArnLike" variable = "AWS:SourceArn" values = ["arn:aws:s3:::moj-log-files-uat"] @@ -182,7 +182,7 @@ resource "aws_sns_topic_policy" "s3_bucket_notifications_dev" { } resource "aws_sns_topic_subscription" "s3_bucket_notifications_dev_subscription" { - count = local.is-development == true ? 1 : 0 + count = local.is-development == true ? 1 : 0 topic_arn = aws_sns_topic.s3_bucket_notifications_dev[0].arn protocol = "email" endpoint = "PPUDAlerts@colt.net" @@ -202,7 +202,7 @@ data "aws_iam_policy_document" "sns_topic_policy_s3_notifications_dev" { "SNS:Publish" ] - condition { + condition { test = "ArnLike" variable = "AWS:SourceArn" values = ["arn:aws:s3:::moj-log-files-dev"] diff --git a/terraform/environments/tribunals/main.tf b/terraform/environments/tribunals/main.tf index 5a927dd08b3..4cec5cdfe0d 100644 --- a/terraform/environments/tribunals/main.tf +++ b/terraform/environments/tribunals/main.tf @@ -733,11 +733,11 @@ module "nginx" { } module "nginx_load_balancer" { - count = local.is-production ? 1 : 0 - source = "./modules/nginx_load_balancer" - nginx_lb_sg_id = aws_security_group.nginx_lb_sg[0].id - nginx_instance_ids = module.nginx[0].instance_ids - subnets_shared_public_ids = data.aws_subnets.shared-public.ids - vpc_shared_id = data.aws_vpc.shared.id - external_acm_cert_arn = aws_acm_certificate.external.arn + count = local.is-production ? 1 : 0 + source = "./modules/nginx_load_balancer" + nginx_lb_sg_id = aws_security_group.nginx_lb_sg[0].id + nginx_instance_ids = module.nginx[0].instance_ids + subnets_shared_public_ids = data.aws_subnets.shared-public.ids + vpc_shared_id = data.aws_vpc.shared.id + external_acm_cert_arn = aws_acm_certificate.external.arn } \ No newline at end of file diff --git a/terraform/environments/tribunals/modules/nginx_ec2_pair/main.tf b/terraform/environments/tribunals/modules/nginx_ec2_pair/main.tf index 618e580418c..874a26e9d2c 100644 --- a/terraform/environments/tribunals/modules/nginx_ec2_pair/main.tf +++ b/terraform/environments/tribunals/modules/nginx_ec2_pair/main.tf @@ -23,7 +23,7 @@ variable "environment" { data "aws_ami" "latest_linux" { most_recent = true - owners = ["amazon"] + owners = ["amazon"] filter { name = "name" values = ["amzn2-ami-hvm-*-x86_64-gp2"] @@ -43,7 +43,7 @@ resource "aws_instance" "nginx" { } vpc_security_group_ids = [aws_security_group.allow_ssm.id] iam_instance_profile = aws_iam_instance_profile.nginx_profile.name - user_data = <<-EOF + user_data = <<-EOF #!/bin/bash echo "installing Nginx" @@ -73,9 +73,9 @@ resource "aws_security_group" "allow_ssm" { vpc_id = var.vpc_shared_id ingress { - from_port = 0 - to_port = 0 - protocol = "-1" + from_port = 0 + to_port = 0 + protocol = "-1" security_groups = [ var.nginx_lb_sg_id ] @@ -100,7 +100,7 @@ resource "aws_s3_object" "sites_available" { key = "sites-available/${each.value}" source = "${path.module}/sites-available/${each.value}" # Use md5 to detect changes in the sites-available folder - etag = filemd5("${path.module}/sites-available/${each.value}") + etag = filemd5("${path.module}/sites-available/${each.value}") } resource "aws_s3_object" "nginx_conf" { @@ -108,7 +108,7 @@ resource "aws_s3_object" "nginx_conf" { key = "nginx.conf" source = "${path.module}/nginx-conf/nginx.conf" # Use md5 to detect changes in the nginx.conf file - etag = filemd5("${path.module}/nginx-conf/nginx.conf") + etag = filemd5("${path.module}/nginx-conf/nginx.conf") } resource "aws_iam_role_policy_attachment" "s3_policy_attachment" { diff --git a/terraform/environments/tribunals/modules/nginx_load_balancer/main.tf b/terraform/environments/tribunals/modules/nginx_load_balancer/main.tf index 45c79073d0a..ef6151c9edb 100644 --- a/terraform/environments/tribunals/modules/nginx_load_balancer/main.tf +++ b/terraform/environments/tribunals/modules/nginx_load_balancer/main.tf @@ -44,7 +44,7 @@ variable "external_acm_cert_arn" { } resource "aws_lb_target_group_attachment" "nginx_lb_tg_attachment" { - for_each = var.nginx_instance_ids + for_each = var.nginx_instance_ids target_group_arn = aws_lb_target_group.nginx_lb_tg.arn target_id = each.value diff --git a/terraform/modules/fargate_graceful_retirement/README.md b/terraform/modules/fargate_graceful_retirement/README.md index 2db1e7e6226..054b89bab95 100644 --- a/terraform/modules/fargate_graceful_retirement/README.md +++ b/terraform/modules/fargate_graceful_retirement/README.md @@ -20,7 +20,7 @@ and then uses the wait state to wait until that time before calling another lamb reccomended steps to gracefully replace the tasks. This is functionally equivalent to the manual steps outlined in the AWS documentation here: -https://docs.aws.amazon.com/AmazonECS/latest/developerguide/prepare-task-retirement.html#prepare-task-retirement-change-time + ## Usage diff --git a/terraform/modules/fargate_graceful_retirement/required_providers.tf b/terraform/modules/fargate_graceful_retirement/required_providers.tf index f288605c066..7042a7f26d4 100644 --- a/terraform/modules/fargate_graceful_retirement/required_providers.tf +++ b/terraform/modules/fargate_graceful_retirement/required_providers.tf @@ -1,8 +1,8 @@ terraform { required_providers { aws = { - source = "hashicorp/aws" - version = "~> 5.0" + source = "hashicorp/aws" + version = "~> 5.0" } } required_version = "~> 1.5"