Merge pull request #289 from ministryofjustice/deploy-multi-lt-boxes

Deploy multiple nodes

buildspec.yml

@@ -43,6 +43,7 @@ env:
     TF_VAR_byoip_pool_id: "/staff-device/dns/$ENV/public_ip_pool_id"
     TF_VAR_enable_corsham_test_bastion: "/staff-device/dns-dhcp/$ENV/enable_bastion"
     TF_VAR_enable_load_testing: "/staff-device/dns-dhcp/$ENV/enable_load_testing"
+    TF_VAR_number_of_load_testing_nodes: "/staff-device/dns-dhcp/$ENV/number_of_load_testing_nodes"
     TF_VAR_allowed_ip_ranges: "/staff-device/dns-dhcp/admin/$ENV/allowed_ip_ranges"
     ROLE_ARN: "/codebuild/pttp-ci-infrastructure-core-pipeline/$ENV/assume_role"
     TF_VAR_api_basic_auth_username: "/codebuild/dhcp/admin/api/basic_auth_username"

main.tf

@@ -270,11 +270,12 @@ module "load_testing_label" {
 }
 
 module "load_testing" {
-  source          = "./modules/bastion"
-  prefix          = module.load_testing_label.id
-  vpc_id          = module.servers_vpc.vpc.vpc_id
-  vpc_cidr_block  = module.servers_vpc.vpc.vpc_cidr_block
-  private_subnets = module.servers_vpc.vpc.private_subnets
+  source             = "./modules/bastion"
+  prefix             = module.load_testing_label.id
+  vpc_id             = module.servers_vpc.vpc.vpc_id
+  vpc_cidr_block     = module.servers_vpc.vpc.vpc_cidr_block
+  private_subnets    = module.servers_vpc.vpc.private_subnets
+  number_of_bastions = var.number_of_load_testing_nodes
   //bastion_allowed_ingress_ip = var.bastion_allowed_ingress_ip
   tags = module.load_testing_label.tags
 
@@ -283,7 +284,7 @@ module "load_testing" {
   }
 
   depends_on = [module.servers_vpc]
-
+  // Set in SSM parameter store, true or false to enable or disable this module.
   count = var.enable_load_testing == true ? 1 : 0
 }
 

modules/bastion/bastion.tf

@@ -10,6 +10,7 @@ terraform {
 resource "aws_instance" "bastion" {
   ami           = data.aws_ami.ubuntu.id
   instance_type = "t3a.small"
+  count         = var.number_of_bastions
 
   vpc_security_group_ids = [
     aws_security_group.bastion.id

modules/bastion/variables.tf

@@ -32,3 +32,8 @@ variable "log_retention" {
   description = "The amount of days the logs need to be kept"
   default     = 30
 }
+
+variable "number_of_bastions" {
+  type    = number
+  default = 1
+}

scripts/aws_ssm_get_parameters.sh

@@ -7,6 +7,7 @@ export PARAM=$(aws ssm get-parameters --region eu-west-2 --with-decryption --nam
     "/codebuild/dhcp/$ENV/db/password" \
     "/codebuild/pttp-ci-infrastructure-core-pipeline/$ENV/azure_federation_metadata_url" \
     "/staff-device/dns-dhcp/$ENV/enable_load_testing" \
+    "/staff-device/dns-dhcp/$ENV/number_of_load_testing_nodes" \
     --query Parameters)
 
 export PARAM2=$(aws ssm get-parameters --region eu-west-2 --with-decryption --names \
@@ -56,6 +57,7 @@ params["azure_federation_metadata_url"]="$(echo $PARAM | jq '.[] | select(.Name
 params["dhcp_db_username"]="$(echo $PARAM | jq '.[] | select(.Name | test("db/username")) | .Value' --raw-output)"
 params["dhcp_db_password"]="$(echo $PARAM | jq '.[] | select(.Name | test("db/password")) | .Value' --raw-output)"
 params["enable_load_testing"]="$(echo $PARAM | jq '.[] | select(.Name | test("enable_load_testing")) | .Value' --raw-output)"
+params["number_of_load_testing_nodes"]="$(echo $PARAM | jq '.[] | select(.Name | test("number_of_load_testing_nodes")) | .Value' --raw-output)"
 
 params["admin_db_username"]="$(echo $PARAM2 | jq '.[] | select(.Name | test("admin/db/username")) | .Value' --raw-output)"
 params["admin_db_password"]="$(echo $PARAM2 | jq '.[] | select(.Name | test("admin/db/password")) | .Value' --raw-output)"

variables.tf

@@ -191,3 +191,7 @@ variable "enable_load_testing" {
   type    = bool
   default = false
 }
+
+variable "number_of_load_testing_nodes" {
+  type = number
+}