Merge pull request #372 from ministryofjustice/dns-health-checks

added new environment vars for health checks
ministryofjustice · Jan 6, 2025 · 8ff69cc · 8ff69cc
2 parents 63dee31 + d7cb96d
commit 8ff69cc
Show file tree

Hide file tree

Showing 8 changed files with 29 additions and 19 deletions.
diff --git a/secrets_manager.admin.tf → environment.admin.tf b/secrets_manager.admin.tf → environment.admin.tf
diff --git a/secrets_manager.dhcp.tf → environment.dhcp.tf b/secrets_manager.dhcp.tf → environment.dhcp.tf
diff --git a/secrets_manager.dns.tf → environment.dns.tf b/secrets_manager.dns.tf → environment.dns.tf
@@ -12,3 +12,10 @@ resource "aws_secretsmanager_secret_version" "staff_device_dns_sentry_dsn" {
   secret_id     = aws_secretsmanager_secret.staff_device_dns_sentry_dsn_1.id
   secret_string = "REPLACE_ME"
 }
+
+resource "aws_ssm_parameter" "dns_health_check_url" {
+  provider = aws.env
+  name     = "DNS_HEALTH_CHECK_URL"
+  type     = "String"
+  value    = "gov.uk"
+}
diff --git a/locals.tf b/locals.tf
@@ -37,6 +37,11 @@ locals {
   tags_dhcp_minus_name  = { for k, v in module.dhcp_label.tags : k => v if !contains(["Name"], k) }
   tags_dns_minus_name   = { for k, v in module.dns_label.tags : k => v if !contains(["Name"], k) }
 
+
+  ssm_arns = {
+    DNS_HEALTH_CHECK_URL = aws_ssm_parameter.dns_health_check_url.arn
+  }
+
   secret_manager_arns = {
     codebuild_dhcp_env_admin_db                  = aws_secretsmanager_secret.codebuild_dhcp_env_admin_db.arn
     codebuild_dhcp_env_db                        = aws_secretsmanager_secret.codebuild_dhcp_env_db.arn

diff --git a/modules/dns/ecs_task_definition.tf b/modules/dns/ecs_task_definition.tf
@@ -17,6 +17,11 @@ resource "aws_ecs_task_definition" "server_task" {
         "hostPort": 53,
         "containerPort": 53,
         "protocol": "udp"
+      },
+      {
+        "hostPort": 80,
+        "protocol": "tcp",
+        "containerPort": 80
       }
     ],
     "essential": true,
@@ -35,6 +40,10 @@ resource "aws_ecs_task_definition" "server_task" {
       {
         "name": "SENTRY_DSN",
         "valueFrom": "${var.secret_arns["staff_device_dns_sentry_dsn"]}"
+      },
+      {
+        "name": "DNS_HEALTH_CHECK_URL",
+        "valueFrom": "arn:aws:ssm:eu-west-2:068084030754:parameter/DNS_HEALTH_CHECK_URL"
       }
     ],
     "image": "${module.dns_dhcp_common.ecr.repository_url}",
@@ -47,24 +56,6 @@ resource "aws_ecs_task_definition" "server_task" {
       }
     },
     "expanded": true
-  }, {
-    "logConfiguration": {
-      "logDriver": "awslogs",
-      "options": {
-        "awslogs-group": "${module.dns_dhcp_common.cloudwatch.server_nginx_log_group_name}",
-        "awslogs-region": "eu-west-2",
-        "awslogs-stream-prefix": "eu-west-2-docker-logs"
-      }
-    },
-    "portMappings": [
-      {
-        "hostPort": 80,
-        "protocol": "tcp",
-        "containerPort": 80
-      }
-    ],
-    "image": "${module.dns_dhcp_common.ecr.nginx_repository_url}",
-    "name": "NGINX"
   }
 ]
 EOF

diff --git a/modules/dns/load_balancer.tf b/modules/dns/load_balancer.tf
@@ -39,8 +39,10 @@ resource "aws_lb_target_group" "target_group" {
   deregistration_delay = 300
 
   health_check {
+    matcher  = 200
     port     = 80
-    protocol = "TCP"
+    protocol = "HTTP"
+    path     = "/health"
   }
 
   tags = var.tags

diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf
@@ -49,3 +49,7 @@ variable "shared_services_account_id" {
 variable "secret_arns" {
   type = map(any)
 }
+
+variable "ssm_arns" {
+  type = map(any)
+}
diff --git a/service_dns.tf b/service_dns.tf
@@ -14,6 +14,7 @@ module "dns" {
   vpc_id                              = module.servers_vpc.vpc_id
   shared_services_account_id          = local.shared_services_account_id
   secret_arns                         = local.secret_manager_arns
+  ssm_arns                            = local.ssm_arns
 
   depends_on = [
     module.servers_vpc