Skip to content
/ prm-docker-deductions-infra-dojo Public

docker image with tools needed to deploy infrastructure in scope of deductions team

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nhsconnect/prm-docker-deductions-infra-dojo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
image
image
 
 
.gitignore
.gitignore
 
 
Dojofile
Dojofile
 
 
README.md
README.md
 
 
pipeline.gocd.yaml
pipeline.gocd.yaml
 
 
tasks
tasks
 
 

Repository files navigation

docker-deductions-infra-dojo

Dojo docker image with tools needed to deploy infrastructure in scope of deductions team.

Tested and released images are published to dockerhub as nhsdev/deductions-infra-dojo

Usage

  1. Setup docker.
  2. Install Dojo binary.
  3. Provide a Dojofile at the root of the project:
DOJO_DOCKER_IMAGE="nhsdev/deductions-infra-dojo:<commit>"
  1. Create and enter the container by running dojo at the root of project.

By default, current directory in docker container is /dojo/work.

Access to AWS

In order to get sufficient access to work with terraform or AWS CLI:

Make sure to unset the AWS variables:

unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN

The following set-up is based on the README of assume-role tool

Setup a profile for each role you would like to assume in ~/.aws/config.

As an example:

[profile default]
region = eu-west-2
output = json

[profile admin]
region = eu-west-2
role_arn = <role-arn>
mfa_serial = <mfa-arn>
source_profile = default

Your source_profile needs to match your profile in ~/.aws/credentials.

[default]
aws_access_key_id = <your-aws-access-key-id>
aws_secret_access_key = <your-aws-secret-access-key>

Assume role with elevated permissions

Install assume-role locally

brew install remind101/formulae/assume-role

Run the following command with the profile configured in your ~/.aws/config: assume-role admin

Run assume-role with dojo

Run the following command with the profile configured in your ~/.aws/config: eval $(dojo "echo <mfa-code> | assume-role admin"

Run the following command to confirm you assumed the correct role: aws sts get-caller-identity

Work with terraform as usual:

terraform init
terraform apply

If your session expires, exit the container to drop the temporary credentials and run dojo again.

Specification

  • base image is alpine, to make this image as small as possible
  • terraform binary on the PATH
  • terraform plugins: aws, null, external, local, template.
  • packer to build MHS images
  • AWS CLI
  • Docker CLI
  • jq to parse JSON from bash scripts
  • dot to generate infrastructure graphs from terraform
  • a minimal ssh and git setup - to clone terraform modules

AWS SSM Parameters Design Principles

When creating the new ssm keys, please follow the agreed convention as per the design specified below:

  • all parts of the keys are lower case
  • the words are separated by dashes (kebab case)
  • env is optional

Design:

Please follow this design to ensure the ssm keys are easy to maintain and navigate through:

Type Design Example
User-specified /repo/<env>?/user-input/ /repo/${var.environment}/user-input/db-username
Auto-generated /repo/<env>?/output/<name-of-git-repo>/ /repo/output/prm-deductions-base-infra/root-zone-id

About

docker image with tools needed to deploy infrastructure in scope of deductions team

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

14 watching

Forks

1 fork
Report repository

Releases 4

2.0.1 Latest
Sep 27, 2024
+ 3 releases

Packages

No packages published

Contributors 8

Languages