From 405b225e948844fb4fa4f39290f9b12299f643c0 Mon Sep 17 00:00:00 2001 From: Sam Simpson Date: Wed, 6 Mar 2024 09:56:32 +0000 Subject: [PATCH 1/2] Remove obsolete app projects --- .terraform-version | 1 - terraform/projects/app-apt/README.md | 82 -- .../projects/app-apt/additional_policy.json | 18 - .../projects/app-apt/integration.blue.backend | 4 - terraform/projects/app-apt/main.tf | 247 ------ .../projects/app-apt/production.blue.backend | 4 - terraform/projects/app-apt/remote_state.tf | 111 --- .../projects/app-apt/staging.blue.backend | 4 - .../projects/app-apt/user_data_snippets.tf | 29 - terraform/projects/app-asset-master/README.md | 58 -- .../app-asset-master/integration.blue.backend | 4 - terraform/projects/app-asset-master/main.tf | 45 - .../projects/app-asset-master/outputs.tf | 4 - .../app-asset-master/production.blue.backend | 4 - .../projects/app-asset-master/remote_state.tf | 104 --- .../app-asset-master/staging.blue.backend | 4 - .../projects/app-asset-master/variables.tf | 20 - .../app-backend-redis/.terraform-version | 1 - .../projects/app-backend-redis/README.md | 66 -- .../integration.blue.backend | 4 - terraform/projects/app-backend-redis/main.tf | 118 --- .../app-backend-redis/production.blue.backend | 4 - .../app-backend-redis/remote_state.tf | 111 --- .../app-backend-redis/staging.blue.backend | 4 - terraform/projects/app-ci-agents/README.md | 122 --- .../app-ci-agents/integration.blue.backend | 4 - terraform/projects/app-ci-agents/main.tf | 800 ------------------ .../projects/app-ci-agents/remote_state.tf | 111 --- .../app-ci-agents/user_data_snippets.tf | 29 - .../projects/app-ci-agents/volume_policy.json | 18 - terraform/projects/app-ci-master/README.md | 93 -- .../app-ci-master/additional_policy.json | 18 - .../app-ci-master/integration.blue.backend | 4 - terraform/projects/app-ci-master/main.tf | 378 --------- .../projects/app-ci-master/remote_state.tf | 111 --- .../app-ci-master/user_data_snippets.tf | 29 - .../app-content-data-api-db-admin/README.md | 64 -- .../integration.blue.backend | 4 - .../app-content-data-api-db-admin/main.tf | 102 --- .../production.blue.backend | 4 - .../remote_state.tf | 111 --- .../staging.blue.backend | 4 - .../user_data_snippets.tf | 29 - .../app-content-data-api-postgresql/README.md | 68 -- .../integration.blue.backend | 4 - .../app-content-data-api-postgresql/main.tf | 204 ----- .../production.blue.backend | 4 - .../remote_state.tf | 111 --- .../staging.blue.backend | 4 - terraform/projects/app-db-admin/README.md | 90 -- .../app-db-admin/additional_policy.json | 54 -- .../app-db-admin/elasticache_policy.json | 14 - .../app-db-admin/integration.blue.backend | 4 - terraform/projects/app-db-admin/main.tf | 286 ------- .../app-db-admin/production.blue.backend | 4 - .../projects/app-db-admin/remote_state.tf | 111 --- .../app-db-admin/s3_assets_sync_policy.tpl | 40 - .../app-db-admin/staging.blue.backend | 4 - .../app-db-admin/user_data_snippets.tf | 29 - terraform/projects/app-deploy/README.md | 96 --- .../app-deploy/additional_policy.json | 18 - .../app-deploy/integration.blue.backend | 4 - terraform/projects/app-deploy/main.tf | 360 -------- .../app-deploy/production.blue.backend | 4 - terraform/projects/app-deploy/remote_state.tf | 143 ---- .../projects/app-deploy/staging.blue.backend | 4 - .../projects/app-deploy/user_data_snippets.tf | 29 - .../projects/app-docker-management/README.md | 68 -- .../integration.blue.backend | 4 - .../projects/app-docker-management/main.tf | 149 ---- .../production.blue.backend | 4 - .../app-docker-management/remote_state.tf | 111 --- .../staging.blue.backend | 4 - .../user_data_snippets.tf | 29 - terraform/projects/app-gatling/README.md | 75 -- .../app-gatling/integration.blue.backend | 4 - terraform/projects/app-gatling/main.tf | 193 ----- .../app-gatling/production.blue.backend | 4 - .../projects/app-gatling/remote_state.tf | 111 --- .../projects/app-gatling/staging.blue.backend | 4 - .../app-gatling/user_data_snippets.tf | 29 - terraform/projects/app-graphite/README.md | 91 -- .../app-graphite/additional_policy.json | 18 - .../app-graphite/integration.blue.backend | 4 - terraform/projects/app-graphite/main.tf | 377 --------- .../app-graphite/production.blue.backend | 4 - .../projects/app-graphite/remote_state.tf | 111 --- .../app-graphite/staging.blue.backend | 4 - .../app-graphite/user_data_snippets.tf | 29 - terraform/projects/app-jumpbox/README.md | 69 -- .../app-jumpbox/integration.blue.backend | 4 - terraform/projects/app-jumpbox/main.tf | 166 ---- .../app-jumpbox/production.blue.backend | 4 - .../projects/app-jumpbox/remote_state.tf | 111 --- .../projects/app-jumpbox/staging.blue.backend | 4 - .../app-jumpbox/user_data_snippets.tf | 29 - .../projects/app-licensify-backend/README.md | 68 -- .../integration.blue.backend | 4 - .../projects/app-licensify-backend/main.tf | 145 ---- .../production.blue.backend | 4 - .../app-licensify-backend/remote_state.tf | 111 --- .../staging.blue.backend | 4 - .../user_data_snippets.tf | 29 - .../projects/app-licensify-frontend/README.md | 74 -- .../integration.blue.backend | 4 - .../projects/app-licensify-frontend/main.tf | 177 ---- .../production.blue.backend | 4 - .../app-licensify-frontend/remote_state.tf | 111 --- .../staging.blue.backend | 4 - .../user_data_snippets.tf | 29 - terraform/projects/app-mongo/README.md | 109 --- .../projects/app-mongo/additional_policy.json | 20 - .../app-mongo/integration.blue.backend | 4 - terraform/projects/app-mongo/main.tf | 443 ---------- .../app-mongo/production.blue.backend | 4 - terraform/projects/app-mongo/remote_state.tf | 111 --- .../projects/app-mongo/staging.blue.backend | 4 - .../projects/app-mongo/user_data_snippets.tf | 29 - terraform/projects/app-monitoring/README.md | 86 -- .../app-monitoring/additional_policy.json | 37 - .../app-monitoring/integration.blue.backend | 4 - terraform/projects/app-monitoring/main.tf | 364 -------- .../app-monitoring/production.blue.backend | 4 - .../projects/app-monitoring/remote_state.tf | 111 --- .../app-monitoring/staging.blue.backend | 4 - .../app-monitoring/user_data_snippets.tf | 29 - terraform/projects/app-prometheus/README.md | 73 -- .../app-prometheus/additional_policy.json | 18 - .../app-prometheus/integration.blue.backend | 4 - terraform/projects/app-prometheus/main.tf | 178 ---- .../app-prometheus/production.blue.backend | 4 - .../projects/app-prometheus/remote-state.tf | 111 --- .../app-prometheus/staging.blue.backend | 4 - .../app-prometheus/userdata-snippet.tf | 25 - terraform/projects/app-puppetmaster/README.md | 82 -- .../app-puppetmaster/additional_policy.json | 15 - .../app-puppetmaster/integration.blue.backend | 4 - terraform/projects/app-puppetmaster/main.tf | 280 ------ .../app-puppetmaster/production.blue.backend | 4 - .../projects/app-puppetmaster/remote_state.tf | 111 --- .../app-puppetmaster/staging.blue.backend | 4 - .../app-puppetmaster/user_data_snippets.tf | 29 - .../projects/app-router-backend/README.md | 90 -- .../app-router-backend/additional_policy.json | 16 - .../integration.blue.backend | 4 - terraform/projects/app-router-backend/main.tf | 229 ----- .../projects/app-router-backend/outputs.tf | 14 - .../production.blue.backend | 4 - .../app-router-backend/remote_state.tf | 104 --- .../app-router-backend/staging.blue.backend | 4 - .../app-router-backend/user_data_snippets.tf | 16 - .../projects/app-router-backend/variables.tf | 71 -- .../projects/app-shared-documentdb/README.md | 72 -- .../integration.blue.backend | 4 - .../projects/app-shared-documentdb/main.tf | 166 ---- .../production.blue.backend | 4 - .../app-shared-documentdb/remote_state.tf | 127 --- .../staging.blue.backend | 4 - .../app-transition-db-admin/README.md | 73 -- .../integration.blue.backend | 4 - .../projects/app-transition-db-admin/main.tf | 183 ---- .../production.blue.backend | 4 - .../app-transition-db-admin/remote_state.tf | 111 --- .../staging.blue.backend | 4 - .../user_data_snippets.tf | 29 - terraform/projects/fastly-datagovuk/README.md | 59 -- .../projects/fastly-datagovuk/datagovuk.vcl | 123 --- .../fastly-datagovuk/datagovuk.vcl.tmp | 97 --- .../projects/fastly-datagovuk/datagovuk.vcle | 97 --- terraform/projects/fastly-datagovuk/fastly.sh | 23 - .../integration.govuk.backend | 4 - terraform/projects/fastly-datagovuk/main.tf | 135 --- .../fastly-datagovuk/production.govuk.backend | 4 - .../projects/fastly-datagovuk/remote_state.tf | 111 --- .../fastly-datagovuk/staging.govuk.backend | 4 - .../projects/fastly-datagovuk/variables.tf | 40 - 176 files changed, 11700 deletions(-) delete mode 100644 .terraform-version delete mode 100644 terraform/projects/app-apt/README.md delete mode 100644 terraform/projects/app-apt/additional_policy.json delete mode 100644 terraform/projects/app-apt/integration.blue.backend delete mode 100644 terraform/projects/app-apt/main.tf delete mode 100644 terraform/projects/app-apt/production.blue.backend delete mode 100644 terraform/projects/app-apt/remote_state.tf delete mode 100644 terraform/projects/app-apt/staging.blue.backend delete mode 100644 terraform/projects/app-apt/user_data_snippets.tf delete mode 100644 terraform/projects/app-asset-master/README.md delete mode 100644 terraform/projects/app-asset-master/integration.blue.backend delete mode 100644 terraform/projects/app-asset-master/main.tf delete mode 100644 terraform/projects/app-asset-master/outputs.tf delete mode 100644 terraform/projects/app-asset-master/production.blue.backend delete mode 100644 terraform/projects/app-asset-master/remote_state.tf delete mode 100644 terraform/projects/app-asset-master/staging.blue.backend delete mode 100644 terraform/projects/app-asset-master/variables.tf delete mode 100644 terraform/projects/app-backend-redis/.terraform-version delete mode 100644 terraform/projects/app-backend-redis/README.md delete mode 100644 terraform/projects/app-backend-redis/integration.blue.backend delete mode 100644 terraform/projects/app-backend-redis/main.tf delete mode 100644 terraform/projects/app-backend-redis/production.blue.backend delete mode 100644 terraform/projects/app-backend-redis/remote_state.tf delete mode 100644 terraform/projects/app-backend-redis/staging.blue.backend delete mode 100644 terraform/projects/app-ci-agents/README.md delete mode 100644 terraform/projects/app-ci-agents/integration.blue.backend delete mode 100644 terraform/projects/app-ci-agents/main.tf delete mode 100644 terraform/projects/app-ci-agents/remote_state.tf delete mode 100644 terraform/projects/app-ci-agents/user_data_snippets.tf delete mode 100644 terraform/projects/app-ci-agents/volume_policy.json delete mode 100644 terraform/projects/app-ci-master/README.md delete mode 100644 terraform/projects/app-ci-master/additional_policy.json delete mode 100644 terraform/projects/app-ci-master/integration.blue.backend delete mode 100644 terraform/projects/app-ci-master/main.tf delete mode 100644 terraform/projects/app-ci-master/remote_state.tf delete mode 100644 terraform/projects/app-ci-master/user_data_snippets.tf delete mode 100644 terraform/projects/app-content-data-api-db-admin/README.md delete mode 100644 terraform/projects/app-content-data-api-db-admin/integration.blue.backend delete mode 100644 terraform/projects/app-content-data-api-db-admin/main.tf delete mode 100644 terraform/projects/app-content-data-api-db-admin/production.blue.backend delete mode 100644 terraform/projects/app-content-data-api-db-admin/remote_state.tf delete mode 100644 terraform/projects/app-content-data-api-db-admin/staging.blue.backend delete mode 100644 terraform/projects/app-content-data-api-db-admin/user_data_snippets.tf delete mode 100644 terraform/projects/app-content-data-api-postgresql/README.md delete mode 100644 terraform/projects/app-content-data-api-postgresql/integration.blue.backend delete mode 100644 terraform/projects/app-content-data-api-postgresql/main.tf delete mode 100644 terraform/projects/app-content-data-api-postgresql/production.blue.backend delete mode 100644 terraform/projects/app-content-data-api-postgresql/remote_state.tf delete mode 100644 terraform/projects/app-content-data-api-postgresql/staging.blue.backend delete mode 100644 terraform/projects/app-db-admin/README.md delete mode 100644 terraform/projects/app-db-admin/additional_policy.json delete mode 100644 terraform/projects/app-db-admin/elasticache_policy.json delete mode 100644 terraform/projects/app-db-admin/integration.blue.backend delete mode 100644 terraform/projects/app-db-admin/main.tf delete mode 100644 terraform/projects/app-db-admin/production.blue.backend delete mode 100644 terraform/projects/app-db-admin/remote_state.tf delete mode 100644 terraform/projects/app-db-admin/s3_assets_sync_policy.tpl delete mode 100644 terraform/projects/app-db-admin/staging.blue.backend delete mode 100644 terraform/projects/app-db-admin/user_data_snippets.tf delete mode 100644 terraform/projects/app-deploy/README.md delete mode 100644 terraform/projects/app-deploy/additional_policy.json delete mode 100644 terraform/projects/app-deploy/integration.blue.backend delete mode 100644 terraform/projects/app-deploy/main.tf delete mode 100644 terraform/projects/app-deploy/production.blue.backend delete mode 100644 terraform/projects/app-deploy/remote_state.tf delete mode 100644 terraform/projects/app-deploy/staging.blue.backend delete mode 100644 terraform/projects/app-deploy/user_data_snippets.tf delete mode 100644 terraform/projects/app-docker-management/README.md delete mode 100644 terraform/projects/app-docker-management/integration.blue.backend delete mode 100644 terraform/projects/app-docker-management/main.tf delete mode 100644 terraform/projects/app-docker-management/production.blue.backend delete mode 100644 terraform/projects/app-docker-management/remote_state.tf delete mode 100644 terraform/projects/app-docker-management/staging.blue.backend delete mode 100644 terraform/projects/app-docker-management/user_data_snippets.tf delete mode 100644 terraform/projects/app-gatling/README.md delete mode 100644 terraform/projects/app-gatling/integration.blue.backend delete mode 100644 terraform/projects/app-gatling/main.tf delete mode 100644 terraform/projects/app-gatling/production.blue.backend delete mode 100644 terraform/projects/app-gatling/remote_state.tf delete mode 100644 terraform/projects/app-gatling/staging.blue.backend delete mode 100644 terraform/projects/app-gatling/user_data_snippets.tf delete mode 100644 terraform/projects/app-graphite/README.md delete mode 100644 terraform/projects/app-graphite/additional_policy.json delete mode 100644 terraform/projects/app-graphite/integration.blue.backend delete mode 100644 terraform/projects/app-graphite/main.tf delete mode 100644 terraform/projects/app-graphite/production.blue.backend delete mode 100644 terraform/projects/app-graphite/remote_state.tf delete mode 100644 terraform/projects/app-graphite/staging.blue.backend delete mode 100644 terraform/projects/app-graphite/user_data_snippets.tf delete mode 100644 terraform/projects/app-jumpbox/README.md delete mode 100644 terraform/projects/app-jumpbox/integration.blue.backend delete mode 100644 terraform/projects/app-jumpbox/main.tf delete mode 100644 terraform/projects/app-jumpbox/production.blue.backend delete mode 100644 terraform/projects/app-jumpbox/remote_state.tf delete mode 100644 terraform/projects/app-jumpbox/staging.blue.backend delete mode 100644 terraform/projects/app-jumpbox/user_data_snippets.tf delete mode 100644 terraform/projects/app-licensify-backend/README.md delete mode 100644 terraform/projects/app-licensify-backend/integration.blue.backend delete mode 100644 terraform/projects/app-licensify-backend/main.tf delete mode 100644 terraform/projects/app-licensify-backend/production.blue.backend delete mode 100644 terraform/projects/app-licensify-backend/remote_state.tf delete mode 100644 terraform/projects/app-licensify-backend/staging.blue.backend delete mode 100644 terraform/projects/app-licensify-backend/user_data_snippets.tf delete mode 100644 terraform/projects/app-licensify-frontend/README.md delete mode 100644 terraform/projects/app-licensify-frontend/integration.blue.backend delete mode 100644 terraform/projects/app-licensify-frontend/main.tf delete mode 100644 terraform/projects/app-licensify-frontend/production.blue.backend delete mode 100644 terraform/projects/app-licensify-frontend/remote_state.tf delete mode 100644 terraform/projects/app-licensify-frontend/staging.blue.backend delete mode 100644 terraform/projects/app-licensify-frontend/user_data_snippets.tf delete mode 100644 terraform/projects/app-mongo/README.md delete mode 100644 terraform/projects/app-mongo/additional_policy.json delete mode 100644 terraform/projects/app-mongo/integration.blue.backend delete mode 100644 terraform/projects/app-mongo/main.tf delete mode 100644 terraform/projects/app-mongo/production.blue.backend delete mode 100644 terraform/projects/app-mongo/remote_state.tf delete mode 100644 terraform/projects/app-mongo/staging.blue.backend delete mode 100644 terraform/projects/app-mongo/user_data_snippets.tf delete mode 100644 terraform/projects/app-monitoring/README.md delete mode 100644 terraform/projects/app-monitoring/additional_policy.json delete mode 100644 terraform/projects/app-monitoring/integration.blue.backend delete mode 100644 terraform/projects/app-monitoring/main.tf delete mode 100644 terraform/projects/app-monitoring/production.blue.backend delete mode 100644 terraform/projects/app-monitoring/remote_state.tf delete mode 100644 terraform/projects/app-monitoring/staging.blue.backend delete mode 100644 terraform/projects/app-monitoring/user_data_snippets.tf delete mode 100644 terraform/projects/app-prometheus/README.md delete mode 100644 terraform/projects/app-prometheus/additional_policy.json delete mode 100644 terraform/projects/app-prometheus/integration.blue.backend delete mode 100644 terraform/projects/app-prometheus/main.tf delete mode 100644 terraform/projects/app-prometheus/production.blue.backend delete mode 100644 terraform/projects/app-prometheus/remote-state.tf delete mode 100644 terraform/projects/app-prometheus/staging.blue.backend delete mode 100644 terraform/projects/app-prometheus/userdata-snippet.tf delete mode 100644 terraform/projects/app-puppetmaster/README.md delete mode 100644 terraform/projects/app-puppetmaster/additional_policy.json delete mode 100644 terraform/projects/app-puppetmaster/integration.blue.backend delete mode 100644 terraform/projects/app-puppetmaster/main.tf delete mode 100644 terraform/projects/app-puppetmaster/production.blue.backend delete mode 100644 terraform/projects/app-puppetmaster/remote_state.tf delete mode 100644 terraform/projects/app-puppetmaster/staging.blue.backend delete mode 100644 terraform/projects/app-puppetmaster/user_data_snippets.tf delete mode 100644 terraform/projects/app-router-backend/README.md delete mode 100644 terraform/projects/app-router-backend/additional_policy.json delete mode 100644 terraform/projects/app-router-backend/integration.blue.backend delete mode 100644 terraform/projects/app-router-backend/main.tf delete mode 100644 terraform/projects/app-router-backend/outputs.tf delete mode 100644 terraform/projects/app-router-backend/production.blue.backend delete mode 100644 terraform/projects/app-router-backend/remote_state.tf delete mode 100644 terraform/projects/app-router-backend/staging.blue.backend delete mode 100644 terraform/projects/app-router-backend/user_data_snippets.tf delete mode 100644 terraform/projects/app-router-backend/variables.tf delete mode 100644 terraform/projects/app-shared-documentdb/README.md delete mode 100644 terraform/projects/app-shared-documentdb/integration.blue.backend delete mode 100644 terraform/projects/app-shared-documentdb/main.tf delete mode 100644 terraform/projects/app-shared-documentdb/production.blue.backend delete mode 100644 terraform/projects/app-shared-documentdb/remote_state.tf delete mode 100644 terraform/projects/app-shared-documentdb/staging.blue.backend delete mode 100644 terraform/projects/app-transition-db-admin/README.md delete mode 100644 terraform/projects/app-transition-db-admin/integration.blue.backend delete mode 100644 terraform/projects/app-transition-db-admin/main.tf delete mode 100644 terraform/projects/app-transition-db-admin/production.blue.backend delete mode 100644 terraform/projects/app-transition-db-admin/remote_state.tf delete mode 100644 terraform/projects/app-transition-db-admin/staging.blue.backend delete mode 100644 terraform/projects/app-transition-db-admin/user_data_snippets.tf delete mode 100644 terraform/projects/fastly-datagovuk/README.md delete mode 100644 terraform/projects/fastly-datagovuk/datagovuk.vcl delete mode 100644 terraform/projects/fastly-datagovuk/datagovuk.vcl.tmp delete mode 100644 terraform/projects/fastly-datagovuk/datagovuk.vcle delete mode 100644 terraform/projects/fastly-datagovuk/fastly.sh delete mode 100644 terraform/projects/fastly-datagovuk/integration.govuk.backend delete mode 100644 terraform/projects/fastly-datagovuk/main.tf delete mode 100644 terraform/projects/fastly-datagovuk/production.govuk.backend delete mode 100644 terraform/projects/fastly-datagovuk/remote_state.tf delete mode 100644 terraform/projects/fastly-datagovuk/staging.govuk.backend delete mode 100644 terraform/projects/fastly-datagovuk/variables.tf diff --git a/.terraform-version b/.terraform-version deleted file mode 100644 index f98d9c0d3..000000000 --- a/.terraform-version +++ /dev/null @@ -1 +0,0 @@ -0.12.31 diff --git a/terraform/projects/app-apt/README.md b/terraform/projects/app-apt/README.md deleted file mode 100644 index 61ac01314..000000000 --- a/terraform/projects/app-apt/README.md +++ /dev/null @@ -1,82 +0,0 @@ -## Project: app-apt - -Apt node - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [apt](#module\_apt) | ../../modules/aws/node_group | n/a | -| [apt\_external\_lb](#module\_apt\_external\_lb) | ../../modules/aws/lb | n/a | -| [apt\_internal\_lb](#module\_apt\_internal\_lb) | ../../modules/aws/lb | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_ebs_volume.apt](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_iam_policy.apt_1_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.apt_1_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.apt_external_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.gemstash_external_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.gemstash_internal_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_route53_zone.external](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [apt\_1\_subnet](#input\_apt\_1\_subnet) | Name of the subnet to place the apt instance 1 and EBS volume | `string` | n/a | yes | -| [aws\_environment](#input\_aws\_environment) | AWS environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [ebs\_encrypted](#input\_ebs\_encrypted) | Whether or not the EBS volume is encrypted | `string` | n/a | yes | -| [ebs\_volume\_size](#input\_ebs\_volume\_size) | EBS volume size | `string` | `"40"` | no | -| [elb\_external\_certname](#input\_elb\_external\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [elb\_public\_secondary\_certname](#input\_elb\_public\_secondary\_certname) | The ACM secondary cert domain name to find the ARN of | `string` | `""` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [external\_domain\_name](#input\_external\_domain\_name) | The domain name of the external DNS records, it could be different from the zone name | `string` | n/a | yes | -| [external\_zone\_name](#input\_external\_zone\_name) | The name of the Route53 zone that contains external records | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.medium"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [apt\_external\_service\_dns\_name](#output\_apt\_external\_service\_dns\_name) | DNS name to access the Apt external service | -| [gemstash\_internal\_elb\_dns\_name](#output\_gemstash\_internal\_elb\_dns\_name) | DNS name to access the Gemstash internal service | diff --git a/terraform/projects/app-apt/additional_policy.json b/terraform/projects/app-apt/additional_policy.json deleted file mode 100644 index 97d326628..000000000 --- a/terraform/projects/app-apt/additional_policy.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-apt/integration.blue.backend b/terraform/projects/app-apt/integration.blue.backend deleted file mode 100644 index f7ad7a289..000000000 --- a/terraform/projects/app-apt/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-apt.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-apt/main.tf b/terraform/projects/app-apt/main.tf deleted file mode 100644 index c650b9ee2..000000000 --- a/terraform/projects/app-apt/main.tf +++ /dev/null @@ -1,247 +0,0 @@ -/** -* ## Project: app-apt -* -* Apt node -*/ -variable "aws_environment" { - type = string - description = "AWS environment" -} - -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "ebs_encrypted" { - type = string - description = "Whether or not the EBS volume is encrypted" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "elb_external_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "elb_public_secondary_certname" { - type = string - description = "The ACM secondary cert domain name to find the ARN of" - default = "" -} - -variable "apt_1_subnet" { - type = string - description = "Name of the subnet to place the apt instance 1 and EBS volume" -} - -variable "external_zone_name" { - type = string - description = "The name of the Route53 zone that contains external records" -} - -variable "external_domain_name" { - type = string - description = "The domain name of the external DNS records, it could be different from the zone name" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t2.medium" -} - -variable "ebs_volume_size" { - type = string - description = "EBS volume size" - default = "40" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "external" { - name = var.external_zone_name - private_zone = false -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -locals { - external_lb_map = { - "HTTPS:443" = "HTTP:80" - } - - internal_lb_map = { - "HTTPS:443" = "HTTP:80" - "HTTP:80" = "HTTP:80" - } -} - -module "apt_external_lb" { - source = "../../modules/aws/lb" - name = "${var.stackname}-apt-external" - internal = false - vpc_id = data.terraform_remote_state.infra_vpc.vpc_id - access_logs_bucket_name = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - access_logs_bucket_prefix = "elb/${var.stackname}-apt-external-elb" - listener_certificate_domain_name = var.elb_external_certname - listener_secondary_certificate_domain_name = var.elb_public_secondary_certname - listener_action = local.external_lb_map - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_apt_external_elb_id}"] - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - target_group_health_check_path = "/" - target_group_health_check_matcher = "200-499" - default_tags = "${map("Project", var.stackname, "aws_migration", "apt", "aws_environment", var.aws_environment)}" -} - -resource "aws_route53_record" "apt_external_service_record" { - zone_id = data.aws_route53_zone.external.zone_id - name = "apt.${var.external_domain_name}" - type = "A" - - alias { - name = module.apt_external_lb.lb_dns_name - zone_id = module.apt_external_lb.lb_zone_id - evaluate_target_health = true - } -} - -module "apt_internal_lb" { - source = "../../modules/aws/lb" - name = "${var.stackname}-apt-internal" - internal = true - vpc_id = data.terraform_remote_state.infra_vpc.vpc_id - access_logs_bucket_name = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - access_logs_bucket_prefix = "elb/${var.stackname}-apt-internal-elb" - listener_certificate_domain_name = var.elb_internal_certname - listener_secondary_certificate_domain_name = "" - listener_action = local.internal_lb_map - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_apt_internal_elb_id}"] - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - target_group_health_check_path = "/" - target_group_health_check_matcher = "200-499" - default_tags = "${map("Project", var.stackname, "aws_migration", "apt", "aws_environment", var.aws_environment)}" -} - -resource "aws_route53_record" "gemstash_internal_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "gemstash.${var.internal_domain_name}" - type = "A" - - alias { - name = module.apt_internal_lb.lb_dns_name - zone_id = module.apt_internal_lb.lb_zone_id - evaluate_target_health = true - } -} - -# used to allow carrenza production to use this aws production gemstash -resource "aws_route53_record" "gemstash_external_service_record" { - count = var.aws_environment == "production" ? 1 : 0 - zone_id = data.aws_route53_zone.external.zone_id - name = "gemstash.${var.external_domain_name}" - type = "A" - - alias { - name = module.apt_external_lb.lb_dns_name - zone_id = module.apt_external_lb.lb_zone_id - evaluate_target_health = true - } -} - -module "apt" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-apt" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "apt", "aws_hostname", "apt-1")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.apt_1_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_apt_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_target_group_arns = ["${concat(module.apt_internal_lb.target_group_arns, module.apt_external_lb.target_group_arns)}"] - instance_target_group_arns_length = length(distinct(values(local.external_lb_map))) + length(distinct(values(local.internal_lb_map))) - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "20" -} - -resource "aws_ebs_volume" "apt" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.apt_1_subnet) - encrypted = var.ebs_encrypted - size = var.ebs_volume_size - type = "gp2" - - tags { - Name = "${var.stackname}-apt" - Project = var.stackname - Device = "xvdf" - aws_hostname = "apt-1" - aws_migration = "apt" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_iam_policy" "apt_1_iam_policy" { - name = "${var.stackname}-apt-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "apt_1_iam_role_policy_attachment" { - role = module.apt.instance_iam_role_name - policy_arn = aws_iam_policy.apt_1_iam_policy.arn -} - -# Outputs -# -------------------------------------------------------------- - -output "apt_external_service_dns_name" { - value = aws_route53_record.apt_external_service_record.fqdn - description = "DNS name to access the Apt external service" -} - -output "gemstash_internal_elb_dns_name" { - value = aws_route53_record.gemstash_internal_service_record.fqdn - description = "DNS name to access the Gemstash internal service" -} diff --git a/terraform/projects/app-apt/production.blue.backend b/terraform/projects/app-apt/production.blue.backend deleted file mode 100644 index d8ef7494b..000000000 --- a/terraform/projects/app-apt/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-apt.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-apt/remote_state.tf b/terraform/projects/app-apt/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-apt/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-apt/staging.blue.backend b/terraform/projects/app-apt/staging.blue.backend deleted file mode 100644 index 70e66e656..000000000 --- a/terraform/projects/app-apt/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-apt.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-apt/user_data_snippets.tf b/terraform/projects/app-apt/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-apt/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-asset-master/README.md b/terraform/projects/app-asset-master/README.md deleted file mode 100644 index 6be89ae89..000000000 --- a/terraform/projects/app-asset-master/README.md +++ /dev/null @@ -1,58 +0,0 @@ -## Project: app-asset-master - -Assets EFS (NFS) volume. - -## Requirements - -| Name | Version | -|------|---------| -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_efs_file_system.assets-efs-fs](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/efs_file_system) | resource | -| [aws_efs_mount_target.assets-mount-target](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/efs_mount_target) | resource | -| [aws_route53_record.assets_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `any` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `any` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `any` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `any` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `any` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [efs\_mount\_target\_dns\_names](#output\_efs\_mount\_target\_dns\_names) | DNS name for assets NFS mount target | diff --git a/terraform/projects/app-asset-master/integration.blue.backend b/terraform/projects/app-asset-master/integration.blue.backend deleted file mode 100644 index c26fdaf20..000000000 --- a/terraform/projects/app-asset-master/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-asset-master.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-asset-master/main.tf b/terraform/projects/app-asset-master/main.tf deleted file mode 100644 index fb6ddb235..000000000 --- a/terraform/projects/app-asset-master/main.tf +++ /dev/null @@ -1,45 +0,0 @@ -/** -* ## Project: app-asset-master -* -* Assets EFS (NFS) volume. -*/ - -terraform { - backend "s3" {} -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -resource "aws_efs_file_system" "assets-efs-fs" { - creation_token = "${var.stackname}-assets" - tags = { - "Name" = "${var.stackname}-asset-master" - "Description" = "Asset Manager and Whitehall attachments are stored here temporarily for malware scanning before being transferred to S3." - "Project" = var.stackname - "aws_environment" = var.aws_environment - "aws_migration" = "asset_master" - } -} - -resource "aws_efs_mount_target" "assets-mount-target" { - count = length(data.terraform_remote_state.infra_networking.outputs.private_subnet_ids) - file_system_id = aws_efs_file_system.assets-efs-fs.id - subnet_id = element(data.terraform_remote_state.infra_networking.outputs.private_subnet_ids, count.index) - security_groups = [data.terraform_remote_state.infra_security_groups.outputs.sg_asset-master-efs_id] -} - -resource "aws_route53_record" "assets_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "assets.${var.internal_domain_name}" - type = "CNAME" - records = [aws_efs_mount_target.assets-mount-target.0.dns_name] - ttl = 300 -} diff --git a/terraform/projects/app-asset-master/outputs.tf b/terraform/projects/app-asset-master/outputs.tf deleted file mode 100644 index 4c158d5a4..000000000 --- a/terraform/projects/app-asset-master/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "efs_mount_target_dns_names" { - value = aws_efs_mount_target.assets-mount-target.0.dns_name - description = "DNS name for assets NFS mount target" -} diff --git a/terraform/projects/app-asset-master/production.blue.backend b/terraform/projects/app-asset-master/production.blue.backend deleted file mode 100644 index 517c8fe9e..000000000 --- a/terraform/projects/app-asset-master/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-asset-master.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-asset-master/remote_state.tf b/terraform/projects/app-asset-master/remote_state.tf deleted file mode 100644 index 00aa2f09a..000000000 --- a/terraform/projects/app-asset-master/remote_state.tf +++ /dev/null @@ -1,104 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-asset-master/staging.blue.backend b/terraform/projects/app-asset-master/staging.blue.backend deleted file mode 100644 index 673cb2a6f..000000000 --- a/terraform/projects/app-asset-master/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-asset-master.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-asset-master/variables.tf b/terraform/projects/app-asset-master/variables.tf deleted file mode 100644 index d5ef10b55..000000000 --- a/terraform/projects/app-asset-master/variables.tf +++ /dev/null @@ -1,20 +0,0 @@ -variable "aws_region" { - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - description = "Stackname" -} - -variable "aws_environment" { - description = "AWS Environment" -} - -variable "internal_zone_name" { - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - description = "The domain name of the internal DNS records, it could be different from the zone name" -} diff --git a/terraform/projects/app-backend-redis/.terraform-version b/terraform/projects/app-backend-redis/.terraform-version deleted file mode 100644 index ebf55b3d7..000000000 --- a/terraform/projects/app-backend-redis/.terraform-version +++ /dev/null @@ -1 +0,0 @@ -0.13.6 diff --git a/terraform/projects/app-backend-redis/README.md b/terraform/projects/app-backend-redis/README.md deleted file mode 100644 index 517faf63a..000000000 --- a/terraform/projects/app-backend-redis/README.md +++ /dev/null @@ -1,66 +0,0 @@ -## Project: app-backend-redis - -Backend VDC Redis Elasticache cluster - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.13.6 | -| [aws](#requirement\_aws) | = 3.38.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | = 3.38.0 | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elasticache-backend-redis](#module\_alarms-elasticache-backend-redis) | ../../modules/aws/alarms/elasticache | n/a | -| [backend\_redis\_cluster](#module\_backend\_redis\_cluster) | ../../modules/aws/elasticache_redis_cluster | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_record.service_record](https://registry.terraform.io/providers/hashicorp/aws/3.38.0/docs/resources/route53_record) | resource | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/3.38.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [enable\_clustering](#input\_enable\_clustering) | Enable clustering | `bool` | `false` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for Elasticache nodes | `string` | `"cache.r4.large"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [node\_number](#input\_node\_number) | Override the number of nodes per cluster specified by the module. | `string` | `"2"` | no | -| [redis\_engine\_version](#input\_redis\_engine\_version) | The Elasticache Redis engine version. | `string` | `"3.2.10"` | no | -| [redis\_parameter\_group\_name](#input\_redis\_parameter\_group\_name) | The Elasticache Redis parameter group name. | `string` | `"default.redis3.2"` | no | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [backend\_redis\_configuration\_endpoint\_address](#output\_backend\_redis\_configuration\_endpoint\_address) | Backend VDC redis configuration endpoint address | -| [service\_dns\_name](#output\_service\_dns\_name) | DNS name to access the node service | diff --git a/terraform/projects/app-backend-redis/integration.blue.backend b/terraform/projects/app-backend-redis/integration.blue.backend deleted file mode 100644 index 7514bb9b4..000000000 --- a/terraform/projects/app-backend-redis/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-backend-redis.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-backend-redis/main.tf b/terraform/projects/app-backend-redis/main.tf deleted file mode 100644 index 8b2c387e9..000000000 --- a/terraform/projects/app-backend-redis/main.tf +++ /dev/null @@ -1,118 +0,0 @@ -/** -* ## Project: app-backend-redis -* -* Backend VDC Redis Elasticache cluster -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "enable_clustering" { - type = bool - description = "Enable clustering" - default = false -} - -variable "instance_type" { - type = string - description = "Instance type used for Elasticache nodes" - default = "cache.r4.large" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "node_number" { - type = string - description = "Override the number of nodes per cluster specified by the module." - default = "2" -} - -variable "redis_engine_version" { - type = string - description = "The Elasticache Redis engine version." - default = "3.2.10" -} - -variable "redis_parameter_group_name" { - type = string - description = "The Elasticache Redis parameter group name." - default = "default.redis3.2" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.13.6" -} - -provider "aws" { - region = var.aws_region - version = "= 3.38.0" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -resource "aws_route53_record" "service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "backend-redis.${var.internal_domain_name}" - type = "CNAME" - ttl = 300 - records = ["${module.backend_redis_cluster.configuration_endpoint_address}"] -} - -module "backend_redis_cluster" { - source = "../../modules/aws/elasticache_redis_cluster" - enable_clustering = var.enable_clustering - name = "${var.stackname}-backend-redis" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "backend-redis")}" - subnet_ids = data.terraform_remote_state.infra_networking.outputs.private_subnet_elasticache_ids - security_group_ids = [data.terraform_remote_state.infra_security_groups.outputs.sg_backend-redis_id] - elasticache_node_type = var.instance_type - elasticache_node_number = var.node_number - redis_engine_version = var.redis_engine_version - redis_parameter_group_name = var.redis_parameter_group_name -} - -module "alarms-elasticache-backend-redis" { - source = "../../modules/aws/alarms/elasticache" - name_prefix = "${var.stackname}-backend-redis" - alarm_actions = [data.terraform_remote_state.infra_monitoring.outputs.sns_topic_cloudwatch_alarms_arn] - cache_cluster_id = module.backend_redis_cluster.replication_group_id -} - -# Outputs -# -------------------------------------------------------------- - -output "backend_redis_configuration_endpoint_address" { - value = module.backend_redis_cluster.configuration_endpoint_address - description = "Backend VDC redis configuration endpoint address" -} - -output "service_dns_name" { - value = aws_route53_record.service_record.fqdn - description = "DNS name to access the node service" -} diff --git a/terraform/projects/app-backend-redis/production.blue.backend b/terraform/projects/app-backend-redis/production.blue.backend deleted file mode 100644 index a3026cc2e..000000000 --- a/terraform/projects/app-backend-redis/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-backend-redis.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-backend-redis/remote_state.tf b/terraform/projects/app-backend-redis/remote_state.tf deleted file mode 100644 index 9663ef63f..000000000 --- a/terraform/projects/app-backend-redis/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = "${var.aws_region}" - } -} diff --git a/terraform/projects/app-backend-redis/staging.blue.backend b/terraform/projects/app-backend-redis/staging.blue.backend deleted file mode 100644 index 244424208..000000000 --- a/terraform/projects/app-backend-redis/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-backend-redis.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-ci-agents/README.md b/terraform/projects/app-ci-agents/README.md deleted file mode 100644 index 17f14b10f..000000000 --- a/terraform/projects/app-ci-agents/README.md +++ /dev/null @@ -1,122 +0,0 @@ -## Project: app-ci-agents - -CI agents - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elb-ci-agent-1-internal](#module\_alarms-elb-ci-agent-1-internal) | ../../modules/aws/alarms/elb | n/a | -| [alarms-elb-ci-agent-2-internal](#module\_alarms-elb-ci-agent-2-internal) | ../../modules/aws/alarms/elb | n/a | -| [alarms-elb-ci-agent-3-internal](#module\_alarms-elb-ci-agent-3-internal) | ../../modules/aws/alarms/elb | n/a | -| [alarms-elb-ci-agent-4-internal](#module\_alarms-elb-ci-agent-4-internal) | ../../modules/aws/alarms/elb | n/a | -| [alarms-elb-ci-agent-5-internal](#module\_alarms-elb-ci-agent-5-internal) | ../../modules/aws/alarms/elb | n/a | -| [ci-agent-1](#module\_ci-agent-1) | ../../modules/aws/node_group | n/a | -| [ci-agent-2](#module\_ci-agent-2) | ../../modules/aws/node_group | n/a | -| [ci-agent-3](#module\_ci-agent-3) | ../../modules/aws/node_group | n/a | -| [ci-agent-4](#module\_ci-agent-4) | ../../modules/aws/node_group | n/a | -| [ci-agent-5](#module\_ci-agent-5) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_ebs_volume.ci-agent-1-data](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-1-docker](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-2-data](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-2-docker](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-3-data](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-3-docker](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-4-data](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-4-docker](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-5-data](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.ci-agent-5-docker](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_elb.ci-agent-1_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.ci-agent-2_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.ci-agent-3_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.ci-agent-4_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.ci-agent-5_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_iam_policy.ci-agent-2_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_policy.ci-agent_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.ci-agent-1_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.ci-agent-2_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.ci-agent-3_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.ci-agent-4_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.ci-agent-5_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.ci-agent-1_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.ci-agent-2_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.ci-agent-3_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.ci-agent-4_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.ci-agent-5_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [ci\_agent\_1\_subnet](#input\_ci\_agent\_1\_subnet) | subnet to deploy EC2 and EBS of CI agent 1 | `string` | `"govuk_private_a"` | no | -| [ci\_agent\_2\_subnet](#input\_ci\_agent\_2\_subnet) | subnet to deploy EC2 and EBS of CI agent 2 | `string` | `"govuk_private_b"` | no | -| [ci\_agent\_3\_subnet](#input\_ci\_agent\_3\_subnet) | subnet to deploy EC2 and EBS of CI agent 3 | `string` | `"govuk_private_c"` | no | -| [ci\_agent\_4\_subnet](#input\_ci\_agent\_4\_subnet) | subnet to deploy EC2 and EBS of CI agent 4 | `string` | `"govuk_private_a"` | no | -| [ci\_agent\_5\_subnet](#input\_ci\_agent\_5\_subnet) | subnet to deploy EC2 and EBS of CI agent 5 | `string` | `"govuk_private_b"` | no | -| [data\_block\_device\_volume\_size](#input\_data\_block\_device\_volume\_size) | Size of the data volume in GB | `string` | `"130"` | no | -| [docker\_block\_device\_volume\_size](#input\_docker\_block\_device\_volume\_size) | Size of the Docker volume in GB | `string` | `"130"` | no | -| [ebs\_encrypted](#input\_ebs\_encrypted) | whether or not the EBS volume is encrypted | `string` | `"true"` | no | -| [ebs\_volume\_type](#input\_ebs\_volume\_type) | Volume type to use for data and Docker EBS volumes; see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html | `string` | `"gp3"` | no | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"m5.2xlarge"` | no | -| [internal\_app\_service\_records](#input\_internal\_app\_service\_records) | List of application service names that get traffic via this loadbalancer | `list(string)` | `[]` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [root\_block\_device\_volume\_size](#input\_root\_block\_device\_volume\_size) | size of the root volume in GB | `string` | `"50"` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [ci-agent-1\_elb\_dns\_name](#output\_ci-agent-1\_elb\_dns\_name) | DNS name to access the CI agent 1 service | -| [ci-agent-1\_service\_dns\_name](#output\_ci-agent-1\_service\_dns\_name) | DNS name to access the CI agent 1 service | -| [ci-agent-2\_elb\_dns\_name](#output\_ci-agent-2\_elb\_dns\_name) | DNS name to access the CI agent 2 service | -| [ci-agent-2\_service\_dns\_name](#output\_ci-agent-2\_service\_dns\_name) | DNS name to access the CI agent 2 service | -| [ci-agent-3\_elb\_dns\_name](#output\_ci-agent-3\_elb\_dns\_name) | DNS name to access the CI agent 3 service | -| [ci-agent-3\_service\_dns\_name](#output\_ci-agent-3\_service\_dns\_name) | DNS name to access the CI agent 3 service | -| [ci-agent-4\_elb\_dns\_name](#output\_ci-agent-4\_elb\_dns\_name) | DNS name to access the CI agent 4 service | -| [ci-agent-4\_service\_dns\_name](#output\_ci-agent-4\_service\_dns\_name) | DNS name to access the CI agent 4 service | -| [ci-agent-5\_elb\_dns\_name](#output\_ci-agent-5\_elb\_dns\_name) | DNS name to access the CI agent 5 service | -| [ci-agent-5\_service\_dns\_name](#output\_ci-agent-5\_service\_dns\_name) | DNS name to access the CI agent 5 service | diff --git a/terraform/projects/app-ci-agents/integration.blue.backend b/terraform/projects/app-ci-agents/integration.blue.backend deleted file mode 100644 index efd42bdc3..000000000 --- a/terraform/projects/app-ci-agents/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-ci-agents.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-ci-agents/main.tf b/terraform/projects/app-ci-agents/main.tf deleted file mode 100644 index e34cc1f4b..000000000 --- a/terraform/projects/app-ci-agents/main.tf +++ /dev/null @@ -1,800 +0,0 @@ -/** -* ## Project: app-ci-agents -* -* CI agents -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "internal_app_service_records" { - type = list(string) - description = "List of application service names that get traffic via this loadbalancer" - default = [] -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "m5.2xlarge" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "root_block_device_volume_size" { - type = string - description = "size of the root volume in GB" - default = "50" -} - -variable "data_block_device_volume_size" { - type = string - description = "Size of the data volume in GB" - default = "130" -} - -variable "docker_block_device_volume_size" { - type = string - description = "Size of the Docker volume in GB" - default = "130" -} - -variable "ebs_volume_type" { - type = string - description = "Volume type to use for data and Docker EBS volumes; see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html" - default = "gp3" -} - -variable "ebs_encrypted" { - type = string - description = "whether or not the EBS volume is encrypted" - default = "true" -} - -variable "ci_agent_1_subnet" { - type = string - description = "subnet to deploy EC2 and EBS of CI agent 1" - default = "govuk_private_a" -} - -variable "ci_agent_2_subnet" { - type = string - description = "subnet to deploy EC2 and EBS of CI agent 2" - default = "govuk_private_b" -} - -variable "ci_agent_3_subnet" { - type = string - description = "subnet to deploy EC2 and EBS of CI agent 3" - default = "govuk_private_c" -} - -variable "ci_agent_4_subnet" { - type = string - description = "subnet to deploy EC2 and EBS of CI agent 4" - default = "govuk_private_a" -} - -variable "ci_agent_5_subnet" { - type = string - description = "subnet to deploy EC2 and EBS of CI agent 5" - default = "govuk_private_b" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_acm_certificate" "elb_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -resource "aws_iam_policy" "ci-agent_iam_policy" { - name = "${var.stackname}-ci-agent-volume" - path = "/" - policy = file("${path.module}/volume_policy.json") -} - -/////////////////////ci-agent-1///////////////////////////////////////////////// - -resource "aws_elb" "ci-agent-1_elb" { - name = "${var.stackname}-ci-agent-1" - subnets = ["${matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_1_subnet))}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-1_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-ci-agent-1-internal-elb" - interval = 60 - } - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-ci-agent-1", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci-agent")}" -} - -resource "aws_route53_record" "ci-agent-1_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "ci-agent-1.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.ci-agent-1_elb.dns_name - zone_id = aws_elb.ci-agent-1_elb.zone_id - evaluate_target_health = true - } -} - -module "ci-agent-1" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-ci-agent-1" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci_agent", "aws_hostname", "ci-agent-1")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_1_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-1_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "1" - instance_elb_ids = ["${aws_elb.ci-agent-1_elb.id}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = "1" - asg_min_size = "1" - asg_desired_capacity = "1" - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = var.root_block_device_volume_size -} - -resource "aws_ebs_volume" "ci-agent-1-data" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_1_subnet) - encrypted = var.ebs_encrypted - size = var.data_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-1-data" - Project = var.stackname - Device = "xvdf" - aws_hostname = "ci-agent-1" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_ebs_volume" "ci-agent-1-docker" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_1_subnet) - encrypted = var.ebs_encrypted - size = var.docker_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-1-docker" - Project = var.stackname - Device = "xvdg" - aws_hostname = "ci-agent-1" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_iam_role_policy_attachment" "ci-agent-1_iam_role_policy_attachment" { - role = module.ci-agent-1.instance_iam_role_name - policy_arn = aws_iam_policy.ci-agent_iam_policy.arn -} - -module "alarms-elb-ci-agent-1-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-ci-agent-1-internal" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = aws_elb.ci-agent-1_elb.name - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "50" - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = "50" - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -/////////////////////ci-agent-2///////////////////////////////////////////////// - -resource "aws_elb" "ci-agent-2_elb" { - name = "${var.stackname}-ci-agent-2" - subnets = ["${matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_2_subnet))}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-2_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-ci-agent-2-internal-elb" - interval = 60 - } - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = map("Name", "${var.stackname}-ci-agent-2", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci-agent", "Environment", var.aws_environment, "Product", "GOVUK", "Owner", "govuk-replatforming-team@digital.cabinet-office.gov.uk") -} - -resource "aws_route53_record" "ci-agent-2_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "ci-agent-2.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.ci-agent-2_elb.dns_name - zone_id = aws_elb.ci-agent-2_elb.zone_id - evaluate_target_health = true - } -} - -module "ci-agent-2" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-ci-agent-2" - default_tags = map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci_agent", "aws_hostname", "ci-agent-2", "Environment", var.aws_environment, "Product", "GOVUK", "Owner", "govuk-replatforming-team@digital.cabinet-office.gov.uk") - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_2_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-2_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "1" - instance_elb_ids = ["${aws_elb.ci-agent-2_elb.id}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = "1" - asg_min_size = "1" - asg_desired_capacity = "1" - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = var.root_block_device_volume_size -} - -resource "aws_ebs_volume" "ci-agent-2-data" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_2_subnet) - encrypted = var.ebs_encrypted - size = var.data_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-2-data" - Project = var.stackname - Device = "xvdf" - aws_hostname = "ci-agent-2" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_ebs_volume" "ci-agent-2-docker" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_2_subnet) - encrypted = var.ebs_encrypted - size = var.docker_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-2-docker" - Project = var.stackname - Device = "xvdg" - aws_hostname = "ci-agent-2" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_iam_policy" "ci-agent-2_iam_policy" { - name = "${var.stackname}-ci-agent-2-volume" - path = "/" - policy = file("${path.module}/volume_policy.json") -} - -resource "aws_iam_role_policy_attachment" "ci-agent-2_iam_role_policy_attachment" { - role = module.ci-agent-2.instance_iam_role_name - policy_arn = aws_iam_policy.ci-agent_iam_policy.arn -} - -module "alarms-elb-ci-agent-2-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-ci-agent-2-internal" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = aws_elb.ci-agent-2_elb.name - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "50" - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = "50" - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -/////////////////////ci-agent-3///////////////////////////////////////////////// - -resource "aws_elb" "ci-agent-3_elb" { - name = "${var.stackname}-ci-agent-3" - subnets = ["${matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_3_subnet))}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-3_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-ci-agent-3-internal-elb" - interval = 60 - } - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-ci-agent-3", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci-agent")}" -} - -resource "aws_route53_record" "ci-agent-3_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "ci-agent-3.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.ci-agent-3_elb.dns_name - zone_id = aws_elb.ci-agent-3_elb.zone_id - evaluate_target_health = true - } -} - -module "ci-agent-3" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-ci-agent-3" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci_agent", "aws_hostname", "ci-agent-3")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_3_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-3_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "1" - instance_elb_ids = ["${aws_elb.ci-agent-3_elb.id}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = "1" - asg_min_size = "1" - asg_desired_capacity = "1" - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = var.root_block_device_volume_size -} - -resource "aws_ebs_volume" "ci-agent-3-data" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_3_subnet) - encrypted = var.ebs_encrypted - size = var.data_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-3-data" - Project = var.stackname - Device = "xvdf" - aws_hostname = "ci-agent-3" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_ebs_volume" "ci-agent-3-docker" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_3_subnet) - encrypted = var.ebs_encrypted - size = var.docker_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-3-docker" - Project = var.stackname - Device = "xvdg" - aws_hostname = "ci-agent-3" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_iam_role_policy_attachment" "ci-agent-3_iam_role_policy_attachment" { - role = module.ci-agent-3.instance_iam_role_name - policy_arn = aws_iam_policy.ci-agent_iam_policy.arn -} - -module "alarms-elb-ci-agent-3-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-ci-agent-3-internal" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = aws_elb.ci-agent-3_elb.name - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "50" - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = "50" - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -/////////////////////ci-agent-4///////////////////////////////////////////////// - -resource "aws_elb" "ci-agent-4_elb" { - name = "${var.stackname}-ci-agent-4" - subnets = ["${matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_4_subnet))}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-4_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-ci-agent-4-internal-elb" - interval = 60 - } - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = map("Name", "${var.stackname}-ci-agent-4", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci-agent", "Environment", var.aws_environment, "Product", "GOVUK", "Owner", "govuk-replatforming-team@digital.cabinet-office.gov.uk") -} - -resource "aws_route53_record" "ci-agent-4_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "ci-agent-4.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.ci-agent-4_elb.dns_name - zone_id = aws_elb.ci-agent-4_elb.zone_id - evaluate_target_health = true - } -} - -module "ci-agent-4" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-ci-agent-4" - default_tags = map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci_agent", "aws_hostname", "ci-agent-4", "Environment", var.aws_environment, "Product", "GOVUK", "Owner", "govuk-replatforming-team@digital.cabinet-office.gov.uk") - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_4_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-4_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "1" - instance_elb_ids = ["${aws_elb.ci-agent-4_elb.id}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = "1" - asg_min_size = "1" - asg_desired_capacity = "1" - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = var.root_block_device_volume_size -} - -resource "aws_ebs_volume" "ci-agent-4-data" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_4_subnet) - encrypted = var.ebs_encrypted - size = var.data_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-4-data" - Project = var.stackname - Device = "xvdf" - aws_hostname = "ci-agent-4" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_ebs_volume" "ci-agent-4-docker" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_4_subnet) - encrypted = var.ebs_encrypted - size = var.docker_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-4-docker" - Project = var.stackname - Device = "xvdg" - aws_hostname = "ci-agent-4" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_iam_role_policy_attachment" "ci-agent-4_iam_role_policy_attachment" { - role = module.ci-agent-4.instance_iam_role_name - policy_arn = aws_iam_policy.ci-agent_iam_policy.arn -} - -module "alarms-elb-ci-agent-4-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-ci-agent-4-internal" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = aws_elb.ci-agent-4_elb.name - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "50" - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = "50" - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -/////////////////////ci-agent-5///////////////////////////////////////////////// - -resource "aws_elb" "ci-agent-5_elb" { - name = "${var.stackname}-ci-agent-5" - subnets = ["${matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_5_subnet))}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-5_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-ci-agent-5-internal-elb" - interval = 60 - } - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = map("Name", "${var.stackname}-ci-agent-5", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci-agent", "Environment", var.aws_environment, "Product", "GOVUK", "Owner", "govuk-replatforming-team@digital.cabinet-office.gov.uk") -} - -resource "aws_route53_record" "ci-agent-5_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "ci-agent-5.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.ci-agent-5_elb.dns_name - zone_id = aws_elb.ci-agent-5_elb.zone_id - evaluate_target_health = true - } -} - -module "ci-agent-5" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-ci-agent-5" - default_tags = map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci_agent", "aws_hostname", "ci-agent-5", "Environment", var.aws_environment, "Product", "GOVUK", "Owner", "govuk-replatforming-team@digital.cabinet-office.gov.uk") - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.ci_agent_5_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_ci-agent-5_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "1" - instance_elb_ids = ["${aws_elb.ci-agent-5_elb.id}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = "1" - asg_min_size = "1" - asg_desired_capacity = "1" - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = var.root_block_device_volume_size -} - -resource "aws_ebs_volume" "ci-agent-5-data" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_5_subnet) - encrypted = var.ebs_encrypted - size = var.data_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-5-data" - Project = var.stackname - Device = "xvdf" - aws_hostname = "ci-agent-5" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_ebs_volume" "ci-agent-5-docker" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.ci_agent_5_subnet) - encrypted = var.ebs_encrypted - size = var.docker_block_device_volume_size - type = var.ebs_volume_type - - tags { - Name = "${var.stackname}-ci-agent-5-docker" - Project = var.stackname - Device = "xvdg" - aws_hostname = "ci-agent-5" - aws_migration = "ci_agent" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_iam_role_policy_attachment" "ci-agent-5_iam_role_policy_attachment" { - role = module.ci-agent-5.instance_iam_role_name - policy_arn = aws_iam_policy.ci-agent_iam_policy.arn -} - -module "alarms-elb-ci-agent-5-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-ci-agent-5-internal" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = aws_elb.ci-agent-5_elb.name - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "50" - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = "50" - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -# Outputs -# -------------------------------------------------------------- - -output "ci-agent-1_elb_dns_name" { - value = aws_elb.ci-agent-1_elb.dns_name - description = "DNS name to access the CI agent 1 service" -} - -output "ci-agent-1_service_dns_name" { - value = aws_route53_record.ci-agent-1_service_record.name - description = "DNS name to access the CI agent 1 service" -} - -output "ci-agent-2_elb_dns_name" { - value = aws_elb.ci-agent-2_elb.dns_name - description = "DNS name to access the CI agent 2 service" -} - -output "ci-agent-2_service_dns_name" { - value = aws_route53_record.ci-agent-2_service_record.name - description = "DNS name to access the CI agent 2 service" -} - -output "ci-agent-3_elb_dns_name" { - value = aws_elb.ci-agent-3_elb.dns_name - description = "DNS name to access the CI agent 3 service" -} - -output "ci-agent-3_service_dns_name" { - value = aws_route53_record.ci-agent-3_service_record.name - description = "DNS name to access the CI agent 3 service" -} - -output "ci-agent-4_elb_dns_name" { - value = aws_elb.ci-agent-4_elb.dns_name - description = "DNS name to access the CI agent 4 service" -} - -output "ci-agent-4_service_dns_name" { - value = aws_route53_record.ci-agent-4_service_record.name - description = "DNS name to access the CI agent 4 service" -} - -output "ci-agent-5_elb_dns_name" { - value = aws_elb.ci-agent-5_elb.dns_name - description = "DNS name to access the CI agent 5 service" -} - -output "ci-agent-5_service_dns_name" { - value = aws_route53_record.ci-agent-5_service_record.name - description = "DNS name to access the CI agent 5 service" -} diff --git a/terraform/projects/app-ci-agents/remote_state.tf b/terraform/projects/app-ci-agents/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-ci-agents/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-ci-agents/user_data_snippets.tf b/terraform/projects/app-ci-agents/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-ci-agents/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-ci-agents/volume_policy.json b/terraform/projects/app-ci-agents/volume_policy.json deleted file mode 100644 index 97d326628..000000000 --- a/terraform/projects/app-ci-agents/volume_policy.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-ci-master/README.md b/terraform/projects/app-ci-master/README.md deleted file mode 100644 index 706e6f97e..000000000 --- a/terraform/projects/app-ci-master/README.md +++ /dev/null @@ -1,93 +0,0 @@ -## Project: app-ci-master - -CI Master Node - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elb-ci-master-external](#module\_alarms-elb-ci-master-external) | ../../modules/aws/alarms/elb | n/a | -| [ci-master](#module\_ci-master) | ../../modules/aws/node_group | n/a | -| [ci\_master\_public\_lb](#module\_ci\_master\_public\_lb) | ../../modules/aws/lb | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_autoscaling_attachment.ci_master_asg_attachment_alb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/autoscaling_attachment) | resource | -| [aws_ebs_volume.ci-master](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_elb.ci-master_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.ci-master_internal_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_iam_policy.ci-master_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.ci-master_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.ci_master_internal_service_names](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.ci_master_public_service_names](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.service_record_internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_shield_protection.ci_master_public_lb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/shield_protection) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_external_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_acm_certificate.elb_internal_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_autoscaling_groups.ci_master](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/autoscaling_groups) | data source | -| [aws_route53_zone.external](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [create\_external\_elb](#input\_create\_external\_elb) | Create the external ELB | `bool` | `true` | no | -| [deploy\_subnet](#input\_deploy\_subnet) | Name of the subnet to place the ci and EBS volume | `string` | n/a | yes | -| [ebs\_encrypted](#input\_ebs\_encrypted) | Whether or not the EBS volume is encrypted | `string` | n/a | yes | -| [elb\_external\_certname](#input\_elb\_external\_certname) | The ACM cert domain name to find the ARN of, will be attached to external classic ELB | `string` | n/a | yes | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name to find the ARN of, will be attached to internal classic ELB | `string` | n/a | yes | -| [elb\_public\_certname](#input\_elb\_public\_certname) | The ACM cert domain name to find the ARN of, will be attached to external ALB | `string` | n/a | yes | -| [elb\_public\_secondary\_certname](#input\_elb\_public\_secondary\_certname) | The ACM secondary cert domain name to find the ARN of, will be attached to external ALB | `string` | `""` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [external\_domain\_name](#input\_external\_domain\_name) | The domain name of the external DNS records, it could be different from the zone name | `string` | n/a | yes | -| [external\_zone\_name](#input\_external\_zone\_name) | The name of the Route53 zone that contains external records | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.medium"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_service\_names](#input\_internal\_service\_names) | list of internal names for ci-master, used for DNS domain | `list(string)` | 
[
  "ci"
]
| no | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [public\_service\_names](#input\_public\_service\_names) | list of public names for ci-master, used for DNS domain | `list(string)` | 
[
  "ci"
]
| no | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_artefact\_bucket\_key\_stack](#input\_remote\_state\_infra\_artefact\_bucket\_key\_stack) | Override infra\_artefact\_bucket remote state path | `string` | `""` | no | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [ci-master\_elb\_dns\_name](#output\_ci-master\_elb\_dns\_name) | DNS name to access the ci-master service | diff --git a/terraform/projects/app-ci-master/additional_policy.json b/terraform/projects/app-ci-master/additional_policy.json deleted file mode 100644 index 97d326628..000000000 --- a/terraform/projects/app-ci-master/additional_policy.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-ci-master/integration.blue.backend b/terraform/projects/app-ci-master/integration.blue.backend deleted file mode 100644 index 2f29d4af4..000000000 --- a/terraform/projects/app-ci-master/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-ci.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-ci-master/main.tf b/terraform/projects/app-ci-master/main.tf deleted file mode 100644 index 6c578d3e8..000000000 --- a/terraform/projects/app-ci-master/main.tf +++ /dev/null @@ -1,378 +0,0 @@ -/** -* ## Project: app-ci-master -* -* CI Master Node -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "ebs_encrypted" { - type = string - description = "Whether or not the EBS volume is encrypted" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "elb_external_certname" { - type = string - description = "The ACM cert domain name to find the ARN of, will be attached to external classic ELB" -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name to find the ARN of, will be attached to internal classic ELB" -} - -variable "elb_public_certname" { - type = string - description = "The ACM cert domain name to find the ARN of, will be attached to external ALB" -} - -variable "elb_public_secondary_certname" { - type = string - description = "The ACM secondary cert domain name to find the ARN of, will be attached to external ALB" - default = "" -} - -variable "deploy_subnet" { - type = string - description = "Name of the subnet to place the ci and EBS volume" -} - -variable "remote_state_infra_artefact_bucket_key_stack" { - type = string - description = "Override infra_artefact_bucket remote state path" - default = "" -} - -variable "external_zone_name" { - type = string - description = "The name of the Route53 zone that contains external records" -} - -variable "external_domain_name" { - type = string - description = "The domain name of the external DNS records, it could be different from the zone name" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "create_external_elb" { - description = "Create the external ELB" - default = true -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t2.medium" -} - -variable "public_service_names" { - type = list(string) - description = "list of public names for ci-master, used for DNS domain" - default = ["ci"] -} - -variable "internal_service_names" { - type = list(string) - description = "list of internal names for ci-master, used for DNS domain" - default = ["ci"] -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "external" { - name = var.external_zone_name - private_zone = false -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -data "aws_acm_certificate" "elb_external_cert" { - domain = var.elb_external_certname - statuses = ["ISSUED"] -} - -resource "aws_elb" "ci-master_elb" { - count = var.create_external_elb - - name = "${var.stackname}-ci-master" - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_ci-master_elb_id}"] - internal = "false" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-ci-master-external-elb" - interval = 60 - } - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 443 - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_external_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:80" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-ci-master", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci_master")}" -} - -data "aws_acm_certificate" "elb_internal_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -resource "aws_elb" "ci-master_internal_elb" { - name = "${var.stackname}-ci-master-internal" - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_ci-master_internal_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-ci-master-internal-elb" - interval = 60 - } - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 443 - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_internal_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:80" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-ci-master-internal", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci_master")}" -} - -resource "aws_route53_record" "service_record" { - count = var.create_external_elb - - zone_id = data.aws_route53_zone.external.zone_id - name = "ci.${var.external_domain_name}" - type = "A" - - alias { - name = aws_elb.ci-master_elb.dns_name - zone_id = aws_elb.ci-master_elb.zone_id - evaluate_target_health = true - } -} - -resource "aws_route53_record" "service_record_internal" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "ci.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.ci-master_internal_elb.dns_name - zone_id = aws_elb.ci-master_internal_elb.zone_id - evaluate_target_health = true - } -} - -locals { - instance_elb_ids_length = var.create_external_elb ? 2 : 1 - instance_elb_ids = compact(list(join("", aws_elb.ci-master_elb.*.id), aws_elb.ci-master_internal_elb.id)) -} - -module "ci-master" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-ci-master" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "ci_master", "aws_hostname", "ci-master-1")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.deploy_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_ci-master_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = local.instance_elb_ids_length - instance_elb_ids = ["${local.instance_elb_ids}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn -} - -resource "aws_ebs_volume" "ci-master" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.deploy_subnet) - encrypted = var.ebs_encrypted - size = 40 - type = "gp3" - - tags { - Name = "${var.stackname}-ci" - Project = var.stackname - Device = "xvdf" - aws_hostname = "ci-master-1" - aws_migration = "ci_master" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_iam_policy" "ci-master_iam_policy" { - name = "${var.stackname}-ci-master-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "ci-master_iam_role_policy_attachment" { - role = module.ci-master.instance_iam_role_name - policy_arn = aws_iam_policy.ci-master_iam_policy.arn -} - -locals { - elb_httpcode_backend_5xx_threshold = var.create_external_elb ? 50 : 0 - elb_httpcode_elb_5xx_threshold = var.create_external_elb ? 50 : 0 -} - -module "alarms-elb-ci-master-external" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-ci-master-external" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = join("", aws_elb.ci-master_elb.*.name) - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = local.elb_httpcode_backend_5xx_threshold - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = local.elb_httpcode_elb_5xx_threshold - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -//Public ALB and configs: we do not put it in infra-public-services as this project should -//ideally only be deployed in integration -module "ci_master_public_lb" { - source = "../../modules/aws/lb" - name = "govuk-ci-master-public" - internal = false - vpc_id = data.terraform_remote_state.infra_vpc.vpc_id - access_logs_bucket_name = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - access_logs_bucket_prefix = "elb/govuk-ci-master-public-elb" - listener_certificate_domain_name = var.elb_public_certname - listener_secondary_certificate_domain_name = var.elb_public_secondary_certname - listener_action = map("HTTPS:443", "HTTP:80") - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_ci-master_elb_id}"] - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - default_tags = "${map("Project", "govuk", "aws_migration", "ci_master", "aws_environment", var.aws_environment)}" -} - -resource "aws_shield_protection" "ci_master_public_lb" { - name = "${var.stackname}-ci-master-public_shield" - resource_arn = module.ci_master_public_lb.lb_id -} - -resource "aws_route53_record" "ci_master_public_service_names" { - count = length(var.public_service_names) - zone_id = data.terraform_remote_state.infra_root_dns_zones.external_root_zone_id - name = "${element(var.public_service_names, count.index)}.${data.terraform_remote_state.infra_root_dns_zones.external_root_domain_name}" - type = "A" - - alias { - name = module.ci_master_public_lb.lb_dns_name - zone_id = module.ci_master_public_lb.lb_zone_id - evaluate_target_health = true - } -} - -data "aws_autoscaling_groups" "ci_master" { - filter { - name = "key" - values = ["Name"] - } - - filter { - name = "value" - values = ["${var.stackname}-ci-master"] - } -} - -resource "aws_autoscaling_attachment" "ci_master_asg_attachment_alb" { - count = length(data.aws_autoscaling_groups.ci_master.names) > 0 ? 1 : 0 - autoscaling_group_name = element(data.aws_autoscaling_groups.ci_master.names, 0) - alb_target_group_arn = element(module.ci_master_public_lb.target_group_arns, 0) -} - -resource "aws_route53_record" "ci_master_internal_service_names" { - count = length(var.internal_service_names) - zone_id = data.terraform_remote_state.infra_root_dns_zones.internal_root_zone_id - name = "${element(var.internal_service_names, count.index)}.${data.terraform_remote_state.infra_root_dns_zones.internal_root_domain_name}" - type = "CNAME" - records = ["${element(var.internal_service_names, count.index)}.blue.${data.terraform_remote_state.infra_root_dns_zones.internal_root_domain_name}"] - ttl = "300" -} - -# Outputs -# -------------------------------------------------------------- - -output "ci-master_elb_dns_name" { - value = join("", aws_elb.ci-master_elb.*.dns_name) - description = "DNS name to access the ci-master service" -} diff --git a/terraform/projects/app-ci-master/remote_state.tf b/terraform/projects/app-ci-master/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-ci-master/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-ci-master/user_data_snippets.tf b/terraform/projects/app-ci-master/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-ci-master/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-content-data-api-db-admin/README.md b/terraform/projects/app-content-data-api-db-admin/README.md deleted file mode 100644 index 70ee3de42..000000000 --- a/terraform/projects/app-content-data-api-db-admin/README.md +++ /dev/null @@ -1,64 +0,0 @@ -## Project: app-content-data-api-db-admin - -DB admin boxes for the Content Data API RDS instance - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-autoscaling-content-data-api-db-admin](#module\_alarms-autoscaling-content-data-api-db-admin) | ../../modules/aws/alarms/autoscaling | n/a | -| [alarms-ec2-content-data-api-db-admin](#module\_alarms-ec2-content-data-api-db-admin) | ../../modules/aws/alarms/ec2 | n/a | -| [content-data-api-db-admin](#module\_content-data-api-db-admin) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_role_policy_attachment.read_from_production_database_backups_from_production_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.write_to_database_backups_bucket_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [terraform_remote_state.infra_database_backups_bucket](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.medium"` | no | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_database\_backups\_bucket\_key\_stack](#input\_remote\_state\_infra\_database\_backups\_bucket\_key\_stack) | Override stackname path to infra\_database\_backups\_bucket remote state | `string` | `""` | no | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -No outputs. diff --git a/terraform/projects/app-content-data-api-db-admin/integration.blue.backend b/terraform/projects/app-content-data-api-db-admin/integration.blue.backend deleted file mode 100644 index 919d0c50f..000000000 --- a/terraform/projects/app-content-data-api-db-admin/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-content-data-api-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-content-data-api-db-admin/main.tf b/terraform/projects/app-content-data-api-db-admin/main.tf deleted file mode 100644 index 8b1d8ba3e..000000000 --- a/terraform/projects/app-content-data-api-db-admin/main.tf +++ /dev/null @@ -1,102 +0,0 @@ -/** -* ## Project: app-content-data-api-db-admin -* -* DB admin boxes for the Content Data API RDS instance -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "remote_state_infra_database_backups_bucket_key_stack" { - type = string - description = "Override stackname path to infra_database_backups_bucket remote state" - default = "" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t2.medium" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -module "content-data-api-db-admin" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-content-data-api-db-admin" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "content_data_api_db_admin", "aws_hostname", "content-data-api-db-admin-1")}" - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_content-data-api-db-admin_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "0" - instance_elb_ids = [] - asg_max_size = "1" - asg_min_size = "1" - asg_desired_capacity = "1" - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "64" -} - -module "alarms-autoscaling-content-data-api-db-admin" { - source = "../../modules/aws/alarms/autoscaling" - name_prefix = "${var.stackname}-content-data-api-db-admin" - autoscaling_group_name = module.content-data-api-db-admin.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - groupinserviceinstances_threshold = "1" -} - -module "alarms-ec2-content-data-api-db-admin" { - source = "../../modules/aws/alarms/ec2" - name_prefix = "${var.stackname}-content-data-api-db-admin" - autoscaling_group_name = module.content-data-api-db-admin.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - cpuutilization_threshold = "85" -} - -data "terraform_remote_state" "infra_database_backups_bucket" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_database_backups_bucket_key_stack, var.stackname)}/infra-database-backups-bucket.tfstate" - region = var.aws_region - } -} - -# All environments should be able to write to the backups bucket for -# the respective environment. -resource "aws_iam_role_policy_attachment" "write_to_database_backups_bucket_iam_role_policy_attachment" { - role = module.content-data-api-db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.content_data_api_dbadmin_write_database_backups_bucket_policy_arn -} - -# All environments should be able to read from the production database -# backups bucket, to enable restoring the backups, and the overnight -# data syncs. -resource "aws_iam_role_policy_attachment" "read_from_production_database_backups_from_production_iam_role_policy_attachment" { - role = module.content-data-api-db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.production_content_data_api_dbadmin_read_database_backups_bucket_policy_arn -} diff --git a/terraform/projects/app-content-data-api-db-admin/production.blue.backend b/terraform/projects/app-content-data-api-db-admin/production.blue.backend deleted file mode 100644 index 9fcfc10d8..000000000 --- a/terraform/projects/app-content-data-api-db-admin/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-content-data-api-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-content-data-api-db-admin/remote_state.tf b/terraform/projects/app-content-data-api-db-admin/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-content-data-api-db-admin/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-content-data-api-db-admin/staging.blue.backend b/terraform/projects/app-content-data-api-db-admin/staging.blue.backend deleted file mode 100644 index a3c3e5102..000000000 --- a/terraform/projects/app-content-data-api-db-admin/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-content-data-api-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-content-data-api-db-admin/user_data_snippets.tf b/terraform/projects/app-content-data-api-db-admin/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-content-data-api-db-admin/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-content-data-api-postgresql/README.md b/terraform/projects/app-content-data-api-postgresql/README.md deleted file mode 100644 index 4a7c9ee0f..000000000 --- a/terraform/projects/app-content-data-api-postgresql/README.md +++ /dev/null @@ -1,68 +0,0 @@ -## Project: projects/app-content-data-api-postgresql - -RDS PostgreSQL instance for the Content Data API - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-rds-content-data-api-postgresql-primary](#module\_alarms-rds-content-data-api-postgresql-primary) | ../../modules/aws/alarms/rds | n/a | -| [content-data-api-postgresql-primary\_rds\_instance](#module\_content-data-api-postgresql-primary\_rds\_instance) | ../../modules/aws/rds_instance | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_db_parameter_group.content_data_api](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/db_parameter_group) | resource | -| [aws_route53_record.service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [cloudwatch\_log\_retention](#input\_cloudwatch\_log\_retention) | Number of days to retain Cloudwatch logs for | `string` | n/a | yes | -| [instance\_type](#input\_instance\_type) | Instance type used for RDS resources | `string` | `"db.m5.large"` | no | -| [multi\_az](#input\_multi\_az) | Enable multi-az. | `string` | `true` | no | -| [password](#input\_password) | DB password | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [skip\_final\_snapshot](#input\_skip\_final\_snapshot) | Set to true to NOT create a final snapshot when the cluster is deleted. | `string` | n/a | yes | -| [snapshot\_identifier](#input\_snapshot\_identifier) | Specifies whether or not to create the database from this snapshot | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [username](#input\_username) | PostgreSQL username | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [content-data-api-postgresql-primary\_address](#output\_content-data-api-postgresql-primary\_address) | postgresql instance address | -| [content-data-api-postgresql-primary\_endpoint](#output\_content-data-api-postgresql-primary\_endpoint) | postgresql instance endpoint | -| [content-data-api-postgresql-primary\_id](#output\_content-data-api-postgresql-primary\_id) | postgresql instance ID | -| [content-data-api-postgresql-primary\_resource\_id](#output\_content-data-api-postgresql-primary\_resource\_id) | postgresql instance resource ID | diff --git a/terraform/projects/app-content-data-api-postgresql/integration.blue.backend b/terraform/projects/app-content-data-api-postgresql/integration.blue.backend deleted file mode 100644 index a9fe3fce2..000000000 --- a/terraform/projects/app-content-data-api-postgresql/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-content-data-api-database.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-content-data-api-postgresql/main.tf b/terraform/projects/app-content-data-api-postgresql/main.tf deleted file mode 100644 index 939ef8d38..000000000 --- a/terraform/projects/app-content-data-api-postgresql/main.tf +++ /dev/null @@ -1,204 +0,0 @@ -/** -* ## Project: projects/app-content-data-api-postgresql -* -* RDS PostgreSQL instance for the Content Data API -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "cloudwatch_log_retention" { - type = string - description = "Number of days to retain Cloudwatch logs for" -} - -variable "username" { - type = string - description = "PostgreSQL username" -} - -variable "password" { - type = string - description = "DB password" -} - -variable "multi_az" { - type = string - description = "Enable multi-az." - default = true -} - -variable "skip_final_snapshot" { - type = string - description = "Set to true to NOT create a final snapshot when the cluster is deleted." -} - -variable "snapshot_identifier" { - type = string - description = "Specifies whether or not to create the database from this snapshot" - default = "" -} - -variable "instance_type" { - type = string - description = "Instance type used for RDS resources" - default = "db.m5.large" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -resource "aws_db_parameter_group" "content_data_api" { - name_prefix = "govuk-content-data-api" - family = "postgres13" - - # DBInstanceClassMemory is in bytes, divide by 1024 * 16 to convert - # to kilobytes, and specify that a a 16th of the overall system - # memory should be available as work_mem for each session. - # - # As this is per session, the actual overall peak memory usage can - # be many times this value, if there are many active sessions. - parameter { - name = "work_mem" - value = "GREATEST({DBInstanceClassMemory/${1024 * 16}},65536)" - } - - # Just use a single worker, as some tables are very large, and it's - # probably better just to vacuum one table at a time - parameter { - name = "autovacuum_max_workers" - value = 1 - apply_method = "pending-reboot" - } - - # DBInstanceClassMemory is in bytes, divide by 1024 * 3 to convert - # to kilobytes, and specify that a third of the overall memory - # should be available as work_mem - parameter { - name = "maintenance_work_mem" - value = "GREATEST({DBInstanceClassMemory/${1024 * 3}},65536)" - } - - # Log information about autovacuuming activity, so this can be - # better understood - parameter { - name = "rds.force_autovacuum_logging_level" - value = "log" - } - - # Only log information about autovacuuming activity if it takes - # longer than 10000ms. - parameter { - name = "log_autovacuum_min_duration" - value = 10000 - } - - # Enable queries slower than 10000ms to be logged - parameter { - name = "log_min_duration_statement" - value = "10000" - } - - # Log all types of logs - parameter { - name = "log_statement" - value = "all" - } - - parameter { - name = "deadlock_timeout" - value = 2500 - } - - parameter { - name = "log_lock_waits" - value = true - } - - tags { - aws_stackname = var.stackname - } -} - -module "content-data-api-postgresql-primary_rds_instance" { - source = "../../modules/aws/rds_instance" - name = "${var.stackname}-content-data-api-postgresql-primary" - parameter_group_name = aws_db_parameter_group.content_data_api.name - engine_name = "postgres" - engine_version = "13.3" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "content_data_api_postgresql_primary")}" - subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_rds_ids - username = var.username - password = var.password - allocated_storage = "1024" - max_allocated_storage = "1300" - instance_class = var.instance_type - instance_name = "${var.stackname}-content-data-api-postgresql-primary" - multi_az = var.multi_az - security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_content-data-api-postgresql-primary_id}"] - event_sns_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_rds_events_arn - skip_final_snapshot = var.skip_final_snapshot - snapshot_identifier = var.snapshot_identifier - monitoring_interval = "60" - monitoring_role_arn = data.terraform_remote_state.infra_monitoring.rds_enhanced_monitoring_role_arn -} - -resource "aws_route53_record" "service_record" { - zone_id = data.terraform_remote_state.infra_stack_dns_zones.internal_zone_id - name = "content-data-api-postgresql-primary.${data.terraform_remote_state.infra_stack_dns_zones.internal_domain_name}" - type = "CNAME" - ttl = 300 - records = ["${module.content-data-api-postgresql-primary_rds_instance.rds_instance_address}"] -} - -module "alarms-rds-content-data-api-postgresql-primary" { - source = "../../modules/aws/alarms/rds" - name_prefix = "${var.stackname}-content-data-api-postgresql-primary" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - db_instance_id = module.content-data-api-postgresql-primary_rds_instance.rds_instance_id - freestoragespace_threshold = "536870912000" -} - -# Outputs -# -------------------------------------------------------------- - -output "content-data-api-postgresql-primary_id" { - value = module.content-data-api-postgresql-primary_rds_instance.rds_instance_id - description = "postgresql instance ID" -} - -output "content-data-api-postgresql-primary_resource_id" { - value = module.content-data-api-postgresql-primary_rds_instance.rds_instance_resource_id - description = "postgresql instance resource ID" -} - -output "content-data-api-postgresql-primary_endpoint" { - value = module.content-data-api-postgresql-primary_rds_instance.rds_instance_endpoint - description = "postgresql instance endpoint" -} - -output "content-data-api-postgresql-primary_address" { - value = module.content-data-api-postgresql-primary_rds_instance.rds_instance_address - description = "postgresql instance address" -} diff --git a/terraform/projects/app-content-data-api-postgresql/production.blue.backend b/terraform/projects/app-content-data-api-postgresql/production.blue.backend deleted file mode 100644 index 5fad78824..000000000 --- a/terraform/projects/app-content-data-api-postgresql/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-content-data-api-database.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-content-data-api-postgresql/remote_state.tf b/terraform/projects/app-content-data-api-postgresql/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-content-data-api-postgresql/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-content-data-api-postgresql/staging.blue.backend b/terraform/projects/app-content-data-api-postgresql/staging.blue.backend deleted file mode 100644 index 60d481940..000000000 --- a/terraform/projects/app-content-data-api-postgresql/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-content-data-api-postgresql.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-db-admin/README.md b/terraform/projects/app-db-admin/README.md deleted file mode 100644 index 379d4968e..000000000 --- a/terraform/projects/app-db-admin/README.md +++ /dev/null @@ -1,90 +0,0 @@ -## Project: app-db-admin - -Database administrator servers. - -These nodes connect to RDS instances and administer them. - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [template](#provider\_template) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-autoscaling-db-admin](#module\_alarms-autoscaling-db-admin) | ../../modules/aws/alarms/autoscaling | n/a | -| [alarms-ec2-db-admin](#module\_alarms-ec2-db-admin) | ../../modules/aws/alarms/ec2 | n/a | -| [db-admin](#module\_db-admin) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_elb.db-admin_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_iam_policy.assets_env_sync_s3_writer](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_policy.db-admin_elasticache_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_policy.db-admin_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.assets_env_sync_s3_writer](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.db-admin_elasticache_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.db-admin_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_from_integration_database_backups_from_integration_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_from_production_content_publisher_active_storage_from_staging_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_from_production_database_backups_from_production_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_from_staging_content_publisher_active_storage_from_integration_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_from_staging_database_backups_from_integration_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_write_from_integration_content_publisher_active_storage_from_integration_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_write_from_staging_content_publisher_active_storage_from_staging_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.write_db-admin_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.db_admin_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [template_file.assets_env_sync_s3_writer_policy_template](https://registry.terraform.io/providers/hashicorp/template/latest/docs/data-sources/file) | data source | -| [terraform_remote_state.infra_content_publisher_active_storage_buckets](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_database_backups_bucket](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.medium"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_content\_publisher\_key\_stack](#input\_remote\_state\_infra\_content\_publisher\_key\_stack) | Override stackname path to infra\_content\_publisher remote state | `string` | `""` | no | -| [remote\_state\_infra\_database\_backups\_bucket\_key\_stack](#input\_remote\_state\_infra\_database\_backups\_bucket\_key\_stack) | Override stackname path to infra\_database\_backups\_bucket remote state | `string` | `""` | no | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [db-admin\_elb\_dns\_name](#output\_db-admin\_elb\_dns\_name) | DNS name to access the db-admin service | diff --git a/terraform/projects/app-db-admin/additional_policy.json b/terraform/projects/app-db-admin/additional_policy.json deleted file mode 100644 index b720187c5..000000000 --- a/terraform/projects/app-db-admin/additional_policy.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "rds:ModifyDBInstance", - "rds:DeleteDBInstance" - ], - "Resource": "*", - "Condition": { - "StringEquals": { - "rds:db-tag/scrubber": ["scrubber"] - } - } - }, - { - "Effect": "Allow", - "Action": [ - "rds:RestoreDBInstanceFromDBSnapshot", - "rds:DescribeDBClusterSnapshotAttributes", - "rds:DescribeDBClusterParameters", - "rds:DescribeDBEngineVersions", - "rds:DescribeDBSnapshots", - "rds:CopyDBSnapshot", - "rds:CopyDBClusterSnapshot", - "rds:DescribePendingMaintenanceActions", - "rds:DescribeDBLogFiles", - "rds:DescribeDBParameterGroups", - "rds:DescribeDBSnapshotAttributes", - "rds:DescribeReservedDBInstancesOfferings", - "rds:ListTagsForResource", - "rds:CreateDBSnapshot", - "rds:CreateDBClusterSnapshot", - "rds:DescribeDBParameters", - "rds:ModifyDBClusterSnapshotAttribute", - "rds:ModifyDBSnapshot", - "rds:ModifyDBSnapshotAttribute", - "rds:DeleteDBSnapshot", - "rds:DescribeDBClusters", - "rds:DescribeDBClusterParameterGroups", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBInstances", - "rds:DescribeEngineDefaultClusterParameters", - "rds:DescribeOrderableDBInstanceOptions", - "rds:DescribeEngineDefaultParameters", - "rds:DescribeCertificates", - "rds:DescribeEventCategories", - "rds:DescribeAccountAttributes" - ], - "Resource": "*" - } - ] -} diff --git a/terraform/projects/app-db-admin/elasticache_policy.json b/terraform/projects/app-db-admin/elasticache_policy.json deleted file mode 100644 index 01e5c3a28..000000000 --- a/terraform/projects/app-db-admin/elasticache_policy.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "AllowElasticacheReboot", - "Effect": "Allow", - "Action": [ - "elasticache:DescribeCacheClusters", - "elasticache:RebootCacheCluster" - ], - "Resource": "*" - } - ] -} diff --git a/terraform/projects/app-db-admin/integration.blue.backend b/terraform/projects/app-db-admin/integration.blue.backend deleted file mode 100644 index 4a683e5d0..000000000 --- a/terraform/projects/app-db-admin/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-db-admin/main.tf b/terraform/projects/app-db-admin/main.tf deleted file mode 100644 index 7b932aa8a..000000000 --- a/terraform/projects/app-db-admin/main.tf +++ /dev/null @@ -1,286 +0,0 @@ -/** -* ## Project: app-db-admin -* -* Database administrator servers. -* -* These nodes connect to RDS instances and administer them. -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "remote_state_infra_content_publisher_key_stack" { - type = string - description = "Override stackname path to infra_content_publisher remote state" - default = "" -} - -variable "remote_state_infra_database_backups_bucket_key_stack" { - type = string - description = "Override stackname path to infra_database_backups_bucket remote state" - default = "" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t2.medium" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -resource "aws_elb" "db-admin_elb" { - name = "${var.stackname}-db-admin" - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_db-admin_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-db-admin-internal-elb" - interval = 60 - } - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - listener { - instance_port = 6432 - instance_protocol = "tcp" - lb_port = 6432 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-db-admin", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "db_admin")}" -} - -module "db-admin" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-db-admin" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "db_admin", "aws_hostname", "db-admin-1")}" - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_db-admin_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "1" - instance_elb_ids = ["${aws_elb.db-admin_elb.id}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = "1" - asg_min_size = "1" - asg_desired_capacity = "1" - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "512" -} - -resource "aws_route53_record" "db_admin_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "db-admin.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.db-admin_elb.dns_name - zone_id = aws_elb.db-admin_elb.zone_id - evaluate_target_health = true - } -} - -module "alarms-autoscaling-db-admin" { - source = "../../modules/aws/alarms/autoscaling" - name_prefix = "${var.stackname}-db-admin" - autoscaling_group_name = module.db-admin.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - groupinserviceinstances_threshold = "1" -} - -module "alarms-ec2-db-admin" { - source = "../../modules/aws/alarms/ec2" - name_prefix = "${var.stackname}-db-admin" - autoscaling_group_name = module.db-admin.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - cpuutilization_threshold = "85" -} - -data "terraform_remote_state" "infra_database_backups_bucket" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_database_backups_bucket_key_stack, var.stackname)}/infra-database-backups-bucket.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_content_publisher_active_storage_buckets" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_content_publisher_key_stack, var.stackname)}/infra-content-publisher.tfstate" - region = var.aws_region - } -} - -# All environments should be able to write to the backups bucket for -# their respective environment. -resource "aws_iam_role_policy_attachment" "write_db-admin_database_backups_iam_role_policy_attachment" { - count = 1 - role = module.db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.dbadmin_write_database_backups_bucket_policy_arn -} - -# All environments, except production for safety reasons, should be able to read from the production database -# backups bucket, to enable restoring the backups, and the overnight -# data syncs. -resource "aws_iam_role_policy_attachment" "read_from_production_database_backups_from_production_iam_role_policy_attachment" { - count = var.aws_environment != "production" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.production_dbadmin_read_database_backups_bucket_policy_arn -} - -# integration environment should be able to read integration and staging database backups -resource "aws_iam_role_policy_attachment" "read_from_integration_database_backups_from_integration_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.integration_dbadmin_read_database_backups_bucket_policy_arn -} - -# staging environment should be able to read staging database backups -resource "aws_iam_role_policy_attachment" "read_from_staging_database_backups_from_integration_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.staging_dbadmin_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_policy" "db-admin_iam_policy" { - name = "${var.stackname}-db-admin-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "db-admin_iam_role_policy_attachment" { - role = module.db-admin.instance_iam_role_name - policy_arn = aws_iam_policy.db-admin_iam_policy.arn -} - -resource "aws_iam_policy" "db-admin_elasticache_iam_policy" { - count = var.aws_environment == "integration" ? 1 : 0 - name = "${var.stackname}-db-admin-elasticache" - path = "/" - policy = file("${path.module}/elasticache_policy.json") -} - -resource "aws_iam_role_policy_attachment" "db-admin_elasticache_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = aws_iam_policy.db-admin_elasticache_iam_policy.arn -} - -resource "aws_iam_policy" "assets_env_sync_s3_writer" { - count = var.aws_environment == "production" ? 1 : 0 - name = "govuk-${var.aws_environment}-asset-manager-env-sync-s3-writer-policy" - description = "Read prod assets buckets, read/write integration/staging assets buckets. Should exist in Prod only." - policy = data.template_file.assets_env_sync_s3_writer_policy_template.rendered -} - -resource "aws_iam_role_policy_attachment" "assets_env_sync_s3_writer" { - count = var.aws_environment == "production" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = aws_iam_policy.assets_env_sync_s3_writer.arn -} - -data "template_file" "assets_env_sync_s3_writer_policy_template" { - template = file("s3_assets_sync_policy.tpl") -} - -resource "aws_iam_role_policy_attachment" "read_from_staging_content_publisher_active_storage_from_integration_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_content_publisher_active_storage_buckets.staging_content_publisher_active_storage_bucket_reader_policy_arn -} - -resource "aws_iam_role_policy_attachment" "read_write_from_integration_content_publisher_active_storage_from_integration_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_content_publisher_active_storage_buckets.integration_content_publisher_active_storage_bucket_reader_writer_policy_arn -} - -resource "aws_iam_role_policy_attachment" "read_write_from_staging_content_publisher_active_storage_from_staging_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_content_publisher_active_storage_buckets.staging_content_publisher_active_storage_bucket_reader_writer_policy_arn -} - -resource "aws_iam_role_policy_attachment" "read_from_production_content_publisher_active_storage_from_staging_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 1 : 0 - role = module.db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_content_publisher_active_storage_buckets.production_content_publisher_active_storage_bucket_reader_policy_arn -} - -# Outputs -# -------------------------------------------------------------- - -output "db-admin_elb_dns_name" { - value = aws_elb.db-admin_elb.dns_name - description = "DNS name to access the db-admin service" -} diff --git a/terraform/projects/app-db-admin/production.blue.backend b/terraform/projects/app-db-admin/production.blue.backend deleted file mode 100644 index 33d752f69..000000000 --- a/terraform/projects/app-db-admin/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-db-admin/remote_state.tf b/terraform/projects/app-db-admin/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-db-admin/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-db-admin/s3_assets_sync_policy.tpl b/terraform/projects/app-db-admin/s3_assets_sync_policy.tpl deleted file mode 100644 index f8499c006..000000000 --- a/terraform/projects/app-db-admin/s3_assets_sync_policy.tpl +++ /dev/null @@ -1,40 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "", - "Effect": "Allow", - "Action": "s3:ListBucket", - "Resource": "arn:aws:s3:::govuk-assets-production" - }, - { - "Sid": "", - "Effect": "Allow", - "Action": "s3:GetObject", - "Resource": "arn:aws:s3:::govuk-assets-production/*" - }, - { - "Sid": "", - "Effect": "Allow", - "Action": "s3:ListBucket", - "Resource": [ - "arn:aws:s3:::govuk-assets-staging", - "arn:aws:s3:::govuk-assets-integration" - ] - }, - { - "Sid": "", - "Effect": "Allow", - "Action": [ - "s3:PutObjectAcl", - "s3:PutObject", - "s3:GetObject", - "s3:DeleteObject" - ], - "Resource": [ - "arn:aws:s3:::govuk-assets-staging/*", - "arn:aws:s3:::govuk-assets-integration/*" - ] - } - ] -} diff --git a/terraform/projects/app-db-admin/staging.blue.backend b/terraform/projects/app-db-admin/staging.blue.backend deleted file mode 100644 index 3bab34a3b..000000000 --- a/terraform/projects/app-db-admin/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-db-admin/user_data_snippets.tf b/terraform/projects/app-db-admin/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-db-admin/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-deploy/README.md b/terraform/projects/app-deploy/README.md deleted file mode 100644 index 8f33c3d2f..000000000 --- a/terraform/projects/app-deploy/README.md +++ /dev/null @@ -1,96 +0,0 @@ -## Project: app-deploy - -Deploy node - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elb-deploy-external](#module\_alarms-elb-deploy-external) | ../../modules/aws/alarms/elb | n/a | -| [deploy](#module\_deploy) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_ebs_volume.deploy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_elb.deploy_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.deploy_internal_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_iam_policy.allow_assume_tools_codecommit_poweruser_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_policy.deploy_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.allow_assume_role_concourse_code_commit](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.allow_reads_from_artefact_bucket](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.allow_writes_from_artefact_bucket](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.deploy_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.learn_to_rank_jenkins](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.related_links_jenkins](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.service_record_internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_external_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_acm_certificate.elb_internal_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_iam_policy_document.allow_assume_tools_codecommit_poweruser_policy_document](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/iam_policy_document) | data source | -| [aws_route53_zone.external](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.app_related_links](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.app_search](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.artefact_bucket](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [create\_external\_elb](#input\_create\_external\_elb) | Create the external ELB | `bool` | `true` | no | -| [deploy\_subnet](#input\_deploy\_subnet) | Name of the subnet to place the apt instance 1 and EBS volume | `string` | n/a | yes | -| [ebs\_encrypted](#input\_ebs\_encrypted) | Whether or not the EBS volume is encrypted | `string` | n/a | yes | -| [elb\_external\_certname](#input\_elb\_external\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [external\_domain\_name](#input\_external\_domain\_name) | The domain name of the external DNS records, it could be different from the zone name | `string` | n/a | yes | -| [external\_zone\_name](#input\_external\_zone\_name) | The name of the Route53 zone that contains external records | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.medium"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_app\_related\_links\_key\_stack](#input\_remote\_state\_app\_related\_links\_key\_stack) | Override app\_related\_links remote state path | `string` | `""` | no | -| [remote\_state\_app\_search\_key\_stack](#input\_remote\_state\_app\_search\_key\_stack) | Override app\_search remote state path | `string` | `""` | no | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_artefact\_bucket\_key\_stack](#input\_remote\_state\_infra\_artefact\_bucket\_key\_stack) | Override infra\_artefact\_bucket remote state path | `string` | `""` | no | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [tools\_govuk\_codecommit\_poweruser\_role\_arn](#input\_tools\_govuk\_codecommit\_poweruser\_role\_arn) | ARN of the role that Mirrorer Jenkins to assume the Tools govuk\_codecommit\_poweruser role | `string` | `""` | no | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [deploy\_elb\_dns\_name](#output\_deploy\_elb\_dns\_name) | DNS name to access the deploy service | diff --git a/terraform/projects/app-deploy/additional_policy.json b/terraform/projects/app-deploy/additional_policy.json deleted file mode 100644 index 97d326628..000000000 --- a/terraform/projects/app-deploy/additional_policy.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-deploy/integration.blue.backend b/terraform/projects/app-deploy/integration.blue.backend deleted file mode 100644 index 97443f2e3..000000000 --- a/terraform/projects/app-deploy/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-deploy.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-deploy/main.tf b/terraform/projects/app-deploy/main.tf deleted file mode 100644 index a0d40edd7..000000000 --- a/terraform/projects/app-deploy/main.tf +++ /dev/null @@ -1,360 +0,0 @@ -/** -* ## Project: app-deploy -* -* Deploy node -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "tools_govuk_codecommit_poweruser_role_arn" { - type = string - description = "ARN of the role that Mirrorer Jenkins to assume the Tools govuk_codecommit_poweruser role" - default = "" -} - -variable "ebs_encrypted" { - type = string - description = "Whether or not the EBS volume is encrypted" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "elb_external_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "deploy_subnet" { - type = string - description = "Name of the subnet to place the apt instance 1 and EBS volume" -} - -variable "remote_state_infra_artefact_bucket_key_stack" { - type = string - description = "Override infra_artefact_bucket remote state path" - default = "" -} - -variable "external_zone_name" { - type = string - description = "The name of the Route53 zone that contains external records" -} - -variable "external_domain_name" { - type = string - description = "The domain name of the external DNS records, it could be different from the zone name" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "create_external_elb" { - description = "Create the external ELB" - default = true -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t2.medium" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -# This is one of two places that should need to use this particular remote state -# so keep it in main -data "terraform_remote_state" "artefact_bucket" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_artefact_bucket_key_stack, var.stackname)}/infra-artefact-bucket.tfstate" - region = var.aws_region - } -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "external" { - name = var.external_zone_name - private_zone = false -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -data "aws_acm_certificate" "elb_external_cert" { - domain = var.elb_external_certname - statuses = ["ISSUED"] -} - -resource "aws_elb" "deploy_elb" { - count = var.create_external_elb - - name = "${var.stackname}-deploy" - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_deploy_elb_id}"] - internal = "false" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-deploy-external-elb" - interval = 60 - } - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 443 - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_external_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:80" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-deploy", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "jenkins")}" -} - -data "aws_acm_certificate" "elb_internal_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -resource "aws_elb" "deploy_internal_elb" { - name = "${var.stackname}-deploy-internal" - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_deploy_internal_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-deploy-internal-elb" - interval = 60 - } - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 443 - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_internal_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:80" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-deploy-internal", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "jenkins")}" -} - -resource "aws_route53_record" "service_record" { - count = var.create_external_elb - - zone_id = data.aws_route53_zone.external.zone_id - name = "deploy.${var.external_domain_name}" - type = "A" - - alias { - name = aws_elb.deploy_elb.dns_name - zone_id = aws_elb.deploy_elb.zone_id - evaluate_target_health = true - } -} - -resource "aws_route53_record" "service_record_internal" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "deploy.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.deploy_internal_elb.dns_name - zone_id = aws_elb.deploy_internal_elb.zone_id - evaluate_target_health = true - } -} - -locals { - instance_elb_ids_length = var.create_external_elb ? 2 : 1 - instance_elb_ids = compact(list(join("", aws_elb.deploy_elb.*.id), aws_elb.deploy_internal_elb.id)) -} - -module "deploy" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-deploy" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "jenkins", "aws_hostname", "jenkins-1")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.deploy_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_deploy_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = local.instance_elb_ids_length - instance_elb_ids = ["${local.instance_elb_ids}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn -} - -resource "aws_ebs_volume" "deploy" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.deploy_subnet) - encrypted = var.ebs_encrypted - size = 40 - type = "gp2" - - tags { - Name = "${var.stackname}-deploy" - Project = var.stackname - Device = "xvdf" - aws_hostname = "jenkins-1" - aws_migration = "jenkins" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_iam_policy" "deploy_iam_policy" { - name = "${var.stackname}-deploy-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -# Allow the Jenkins server in Production to assume the govuk-codecommit-poweruser role -# in the Tools account to mirror GitHub repos in AWS CodeCommit -resource "aws_iam_policy" "allow_assume_tools_codecommit_poweruser_policy" { - count = var.aws_environment == "production" ? 1 : 0 - name = "govuk-${var.aws_environment}-tools-codecommit-poweruser-policy" - description = "Allows assuming the role of 'govuk-codecommit-poweruser' in the Tools environment" - - policy = data.aws_iam_policy_document.allow_assume_tools_codecommit_poweruser_policy_document.json -} - -data "aws_iam_policy_document" "allow_assume_tools_codecommit_poweruser_policy_document" { - count = var.aws_environment == "production" ? 1 : 0 - - statement { - actions = [ - "sts:AssumeRole", - ] - - resources = [ - "${var.tools_govuk_codecommit_poweruser_role_arn}", - ] - } -} - -resource "aws_iam_role_policy_attachment" "deploy_iam_role_policy_attachment" { - role = module.deploy.instance_iam_role_name - policy_arn = aws_iam_policy.deploy_iam_policy.arn -} - -resource "aws_iam_role_policy_attachment" "allow_writes_from_artefact_bucket" { - role = module.deploy.instance_iam_role_name - policy_arn = data.terraform_remote_state.artefact_bucket.write_artefact_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "allow_reads_from_artefact_bucket" { - role = module.deploy.instance_iam_role_name - policy_arn = data.terraform_remote_state.artefact_bucket.read_artefact_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "allow_assume_role_concourse_code_commit" { - count = var.aws_environment == "production" ? 1 : 0 - role = module.deploy.instance_iam_role_name - policy_arn = aws_iam_policy.allow_assume_tools_codecommit_poweruser_policy.arn -} - -resource "aws_iam_role_policy_attachment" "related_links_jenkins" { - role = module.deploy.instance_iam_role_name - policy_arn = data.terraform_remote_state.app_related_links.policy_related_links_jenkins_policy_arn -} - -resource "aws_iam_role_policy_attachment" "learn_to_rank_jenkins" { - role = module.deploy.instance_iam_role_name - policy_arn = data.terraform_remote_state.app_search.scale_learntorank_asg_policy_arn -} - -locals { - elb_httpcode_backend_5xx_threshold = var.create_external_elb ? 50 : 0 - elb_httpcode_elb_5xx_threshold = var.create_external_elb ? 50 : 0 -} - -module "alarms-elb-deploy-external" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-deploy-external" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = join("", aws_elb.deploy_elb.*.name) - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = local.elb_httpcode_backend_5xx_threshold - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = local.elb_httpcode_elb_5xx_threshold - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -# Outputs -# -------------------------------------------------------------- - -output "deploy_elb_dns_name" { - value = join("", aws_elb.deploy_elb.*.dns_name) - description = "DNS name to access the deploy service" -} diff --git a/terraform/projects/app-deploy/production.blue.backend b/terraform/projects/app-deploy/production.blue.backend deleted file mode 100644 index d181de737..000000000 --- a/terraform/projects/app-deploy/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-deploy.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-deploy/remote_state.tf b/terraform/projects/app-deploy/remote_state.tf deleted file mode 100644 index b3ebeb463..000000000 --- a/terraform/projects/app-deploy/remote_state.tf +++ /dev/null @@ -1,143 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_app_related_links_key_stack" { - type = string - description = "Override app_related_links remote state path" - default = "" -} - -variable "remote_state_app_search_key_stack" { - type = string - description = "Override app_search remote state path" - default = "" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "app_search" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_app_search_key_stack, var.stackname)}/app-search.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "app_related_links" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/app-related-links.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-deploy/staging.blue.backend b/terraform/projects/app-deploy/staging.blue.backend deleted file mode 100644 index 716fa4903..000000000 --- a/terraform/projects/app-deploy/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-deploy.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-deploy/user_data_snippets.tf b/terraform/projects/app-deploy/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-deploy/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-docker-management/README.md b/terraform/projects/app-docker-management/README.md deleted file mode 100644 index 0adef7774..000000000 --- a/terraform/projects/app-docker-management/README.md +++ /dev/null @@ -1,68 +0,0 @@ -## Project: app-docker\_management - -Docker management node, used to run run adhoc containers. - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elb-docker-management-internal](#module\_alarms-elb-docker-management-internal) | ../../modules/aws/alarms/elb | n/a | -| [docker\_management](#module\_docker\_management) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_elb.docker_management_etcd_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_route53_record.docker_management_etcd_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.medium"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [docker\_management\_etcd\_elb\_dns\_name](#output\_docker\_management\_etcd\_elb\_dns\_name) | DNS name to access the docker\_management service | -| [etcd\_service\_dns\_name](#output\_etcd\_service\_dns\_name) | DNS name to access the node service | diff --git a/terraform/projects/app-docker-management/integration.blue.backend b/terraform/projects/app-docker-management/integration.blue.backend deleted file mode 100644 index 4fe414e65..000000000 --- a/terraform/projects/app-docker-management/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-docker-management.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-docker-management/main.tf b/terraform/projects/app-docker-management/main.tf deleted file mode 100644 index e12821327..000000000 --- a/terraform/projects/app-docker-management/main.tf +++ /dev/null @@ -1,149 +0,0 @@ -/** -* ## Project: app-docker_management -* -* Docker management node, used to run run adhoc containers. -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t2.medium" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -resource "aws_elb" "docker_management_etcd_elb" { - name = "${var.stackname}-docker-management-etcd" - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_docker_management_etcd_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-docker-management-etcd-internal-elb" - interval = 60 - } - - listener { - instance_port = 2379 - instance_protocol = "tcp" - lb_port = 2379 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:2379" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-docker_management_etcd", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "docker_management_etcd")}" -} - -resource "aws_route53_record" "docker_management_etcd_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "etcd.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.docker_management_etcd_elb.dns_name - zone_id = aws_elb.docker_management_etcd_elb.zone_id - evaluate_target_health = true - } -} - -# TODO: Add external record when we have the external zones working - -module "docker_management" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-docker_management" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "docker_management", "aws_hostname", "docker-management-1")}" - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_docker_management_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "1" - instance_elb_ids = ["${aws_elb.docker_management_etcd_elb.id}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn -} - -module "alarms-elb-docker-management-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-docker-management-internal" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = aws_elb.docker_management_etcd_elb.name - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "50" - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = "50" - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -# Outputs -# -------------------------------------------------------------- - -output "docker_management_etcd_elb_dns_name" { - value = aws_elb.docker_management_etcd_elb.dns_name - description = "DNS name to access the docker_management service" -} - -output "etcd_service_dns_name" { - value = aws_route53_record.docker_management_etcd_service_record.fqdn - description = "DNS name to access the node service" -} diff --git a/terraform/projects/app-docker-management/production.blue.backend b/terraform/projects/app-docker-management/production.blue.backend deleted file mode 100644 index acf59746e..000000000 --- a/terraform/projects/app-docker-management/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-docker-management.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-docker-management/remote_state.tf b/terraform/projects/app-docker-management/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-docker-management/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-docker-management/staging.blue.backend b/terraform/projects/app-docker-management/staging.blue.backend deleted file mode 100644 index 0ca542274..000000000 --- a/terraform/projects/app-docker-management/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-docker-management.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-docker-management/user_data_snippets.tf b/terraform/projects/app-docker-management/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-docker-management/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-gatling/README.md b/terraform/projects/app-gatling/README.md deleted file mode 100644 index 94e54590a..000000000 --- a/terraform/projects/app-gatling/README.md +++ /dev/null @@ -1,75 +0,0 @@ -## Project: app-gatling - -Gatling node - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [gatling](#module\_gatling) | ../../modules/aws/node_group | n/a | -| [gatling\_external\_lb](#module\_gatling\_external\_lb) | ../../modules/aws/lb | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_record.gatling_external_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_s3_bucket.results](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/s3_bucket) | resource | -| [aws_s3_bucket_policy.results](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/s3_bucket_policy) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_iam_policy_document.results_bucket_access](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/iam_policy_document) | data source | -| [aws_route53_zone.external](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [asg\_desired\_capacity](#input\_asg\_desired\_capacity) | The autoscaling groups desired capacity | `string` | `"0"` | no | -| [asg\_max\_size](#input\_asg\_max\_size) | The autoscaling groups max\_size | `string` | `"0"` | no | -| [asg\_min\_size](#input\_asg\_min\_size) | The autoscaling groups min\_size | `string` | `"0"` | no | -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [ebs\_encrypted](#input\_ebs\_encrypted) | Whether or not the EBS volume is encrypted | `string` | n/a | yes | -| [elb\_external\_certname](#input\_elb\_external\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [external\_domain\_name](#input\_external\_domain\_name) | The domain name of the external DNS records, it could be different from the zone name | `string` | n/a | yes | -| [external\_zone\_name](#input\_external\_zone\_name) | The name of the Route53 zone that contains external records | `string` | n/a | yes | -| [gds\_egress\_ips](#input\_gds\_egress\_ips) | An array of CIDR blocks that will be allowed offsite access. | `list(string)` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"m5.2xlarge"` | no | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [instance\_iam\_role\_name](#output\_instance\_iam\_role\_name) | name of the instance iam role | diff --git a/terraform/projects/app-gatling/integration.blue.backend b/terraform/projects/app-gatling/integration.blue.backend deleted file mode 100644 index 4f802946f..000000000 --- a/terraform/projects/app-gatling/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-gatling.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-gatling/main.tf b/terraform/projects/app-gatling/main.tf deleted file mode 100644 index d502cc221..000000000 --- a/terraform/projects/app-gatling/main.tf +++ /dev/null @@ -1,193 +0,0 @@ -/** -* ## Project: app-gatling -* -* Gatling node -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "asg_desired_capacity" { - type = string - description = "The autoscaling groups desired capacity" - default = "0" -} - -variable "asg_max_size" { - type = string - description = "The autoscaling groups max_size" - default = "0" -} - -variable "asg_min_size" { - type = string - description = "The autoscaling groups min_size" - default = "0" -} - -variable "ebs_encrypted" { - type = string - description = "Whether or not the EBS volume is encrypted" -} - -variable "elb_external_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "external_zone_name" { - type = string - description = "The name of the Route53 zone that contains external records" -} - -variable "external_domain_name" { - type = string - description = "The domain name of the external DNS records, it could be different from the zone name" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "m5.2xlarge" -} - -variable "gds_egress_ips" { - type = list(string) - description = "An array of CIDR blocks that will be allowed offsite access." -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "external" { - name = var.external_zone_name - private_zone = false -} - -locals { - external_lb_map = { - "HTTPS:443" = "HTTP:80" - } -} - -module "gatling_external_lb" { - source = "../../modules/aws/lb" - name = "${var.stackname}-gatling-external" - internal = false - vpc_id = data.terraform_remote_state.infra_vpc.vpc_id - access_logs_bucket_name = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - access_logs_bucket_prefix = "elb/${var.stackname}-gatling-external-elb" - listener_certificate_domain_name = var.elb_external_certname - listener_secondary_certificate_domain_name = "" - listener_action = local.external_lb_map - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_gatling_external_elb_id}"] - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - target_group_health_check_path = "/" - target_group_health_check_matcher = "200-499" - default_tags = "${map("Project", var.stackname, "aws_migration", "gatling", "aws_environment", var.aws_environment)}" -} - -resource "aws_route53_record" "gatling_external_service_record" { - zone_id = data.aws_route53_zone.external.zone_id - name = "gatling.${var.external_domain_name}" - type = "A" - - alias { - name = module.gatling_external_lb.lb_dns_name - zone_id = module.gatling_external_lb.lb_zone_id - evaluate_target_health = true - } -} - -module "gatling" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-gatling" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "gatling", "aws_hostname", "gatling-1")}" - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_gatling_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "0" - instance_elb_ids = [] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = var.asg_max_size - asg_min_size = var.asg_min_size - asg_desired_capacity = var.asg_desired_capacity - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - instance_target_group_arns = module.gatling_external_lb.target_group_arns - instance_target_group_arns_length = length(distinct(values(local.external_lb_map))) - root_block_device_volume_size = "30" -} - -# S3 Bucket to store results -resource "aws_s3_bucket" "results" { - bucket = "gatling-results-${var.aws_environment}" - - website { - index_document = "index.html" - } -} - -resource "aws_s3_bucket_policy" "results" { - bucket = aws_s3_bucket.results.id - policy = data.aws_iam_policy_document.results_bucket_access.json -} - -data "aws_iam_policy_document" "results_bucket_access" { - statement { - sid = "ReadResultsFromOffice" - actions = ["s3:GetObject", "s3:ListBucket"] - - resources = [ - "arn:aws:s3:::${aws_s3_bucket.results.id}", - "arn:aws:s3:::${aws_s3_bucket.results.id}/*", - ] - - condition { - test = "IpAddress" - variable = "aws:SourceIp" - values = ["${var.gds_egress_ips}"] - } - - principals { - type = "AWS" - identifiers = ["*"] - } - } -} - -# Outputs -# -------------------------------------------------------------- - -output "instance_iam_role_name" { - value = module.gatling.instance_iam_role_name - description = "name of the instance iam role" -} diff --git a/terraform/projects/app-gatling/production.blue.backend b/terraform/projects/app-gatling/production.blue.backend deleted file mode 100644 index 6cf914ffd..000000000 --- a/terraform/projects/app-gatling/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-gatling.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-gatling/remote_state.tf b/terraform/projects/app-gatling/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-gatling/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-gatling/staging.blue.backend b/terraform/projects/app-gatling/staging.blue.backend deleted file mode 100644 index bc07c93c8..000000000 --- a/terraform/projects/app-gatling/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-gatling.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-gatling/user_data_snippets.tf b/terraform/projects/app-gatling/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-gatling/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-graphite/README.md b/terraform/projects/app-graphite/README.md deleted file mode 100644 index a8773ade6..000000000 --- a/terraform/projects/app-graphite/README.md +++ /dev/null @@ -1,91 +0,0 @@ -## Project: app-graphite - -Graphite node - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elb-graphite-external](#module\_alarms-elb-graphite-external) | ../../modules/aws/alarms/elb | n/a | -| [alarms-elb-graphite-internal](#module\_alarms-elb-graphite-internal) | ../../modules/aws/alarms/elb | n/a | -| [graphite-1](#module\_graphite-1) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_ebs_volume.graphite-1](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_elb.graphite_external_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.graphite_internal_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_iam_policy.graphite_1_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.access_graphite_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.graphite_1_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.graphite_1_iam_role_policy_cloudwatch_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.grafana_external_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.grafana_internal_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.graphite_external_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.graphite_internal_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_external_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_acm_certificate.elb_internal_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_route53_zone.external](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_graphite_backups_bucket](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [create\_external\_elb](#input\_create\_external\_elb) | Create the external ELB | `bool` | `true` | no | -| [ebs\_encrypted](#input\_ebs\_encrypted) | Whether or not the EBS volume is encrypted | `string` | n/a | yes | -| [ebs\_volume\_size](#input\_ebs\_volume\_size) | EBS Volume size in GB | `string` | `"250"` | no | -| [elb\_external\_certname](#input\_elb\_external\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [external\_domain\_name](#input\_external\_domain\_name) | The domain name of the external DNS records, it could be different from the zone name | `string` | n/a | yes | -| [external\_zone\_name](#input\_external\_zone\_name) | The name of the Route53 zone that contains external records | `string` | n/a | yes | -| [graphite\_1\_subnet](#input\_graphite\_1\_subnet) | Name of the subnet to place the Graphite instance 1 and EBS volume | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"m5.xlarge"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_graphite\_backups\_bucket\_key\_stack](#input\_remote\_state\_infra\_graphite\_backups\_bucket\_key\_stack) | Override stackname path to infra\_graphite\_backups\_bucket remote state | `string` | `"govuk"` | no | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [graphite\_external\_elb\_dns\_name](#output\_graphite\_external\_elb\_dns\_name) | DNS name to access the Graphite external service | -| [graphite\_internal\_service\_dns\_name](#output\_graphite\_internal\_service\_dns\_name) | DNS name to access the Graphite internal service | diff --git a/terraform/projects/app-graphite/additional_policy.json b/terraform/projects/app-graphite/additional_policy.json deleted file mode 100644 index 97d326628..000000000 --- a/terraform/projects/app-graphite/additional_policy.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-graphite/integration.blue.backend b/terraform/projects/app-graphite/integration.blue.backend deleted file mode 100644 index 9b2e92954..000000000 --- a/terraform/projects/app-graphite/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-graphite.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-graphite/main.tf b/terraform/projects/app-graphite/main.tf deleted file mode 100644 index 7e92f0238..000000000 --- a/terraform/projects/app-graphite/main.tf +++ /dev/null @@ -1,377 +0,0 @@ -/** -* ## Project: app-graphite -* -* Graphite node -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "ebs_encrypted" { - type = string - description = "Whether or not the EBS volume is encrypted" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "graphite_1_subnet" { - type = string - description = "Name of the subnet to place the Graphite instance 1 and EBS volume" -} - -variable "elb_external_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "remote_state_infra_graphite_backups_bucket_key_stack" { - type = string - description = "Override stackname path to infra_graphite_backups_bucket remote state" - default = "govuk" -} - -variable "external_zone_name" { - type = string - description = "The name of the Route53 zone that contains external records" -} - -variable "external_domain_name" { - type = string - description = "The domain name of the external DNS records, it could be different from the zone name" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "create_external_elb" { - description = "Create the external ELB" - default = true -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "m5.xlarge" -} - -variable "ebs_volume_size" { - type = string - description = "EBS Volume size in GB" - default = "250" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "external" { - name = var.external_zone_name - private_zone = false -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -data "aws_acm_certificate" "elb_external_cert" { - domain = var.elb_external_certname - statuses = ["ISSUED"] -} - -data "aws_acm_certificate" "elb_internal_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -resource "aws_elb" "graphite_external_elb" { - count = var.create_external_elb - - name = "${var.stackname}-graphite-external" - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_graphite_external_elb_id}"] - internal = "false" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-graphite-external-elb" - interval = 60 - } - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 443 - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_external_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:80" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-graphite-external", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "graphite")}" -} - -resource "aws_route53_record" "graphite_external_service_record" { - count = var.create_external_elb - - zone_id = data.aws_route53_zone.external.zone_id - name = "graphite.${var.external_domain_name}" - type = "A" - - alias { - name = aws_elb.graphite_external_elb.dns_name - zone_id = aws_elb.graphite_external_elb.zone_id - evaluate_target_health = true - } -} - -resource "aws_route53_record" "grafana_external_service_record" { - count = var.create_external_elb - - zone_id = data.aws_route53_zone.external.zone_id - name = "grafana.${var.external_domain_name}" - type = "A" - - alias { - name = aws_elb.graphite_external_elb.dns_name - zone_id = aws_elb.graphite_external_elb.zone_id - evaluate_target_health = true - } -} - -resource "aws_elb" "graphite_internal_elb" { - name = "${var.stackname}-graphite-internal" - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_graphite_internal_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-graphite-internal-elb" - interval = 60 - } - - listener { - instance_port = 2003 - instance_protocol = "tcp" - lb_port = 2003 - lb_protocol = "tcp" - } - - listener { - instance_port = 2004 - instance_protocol = "tcp" - lb_port = 2004 - lb_protocol = "tcp" - } - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 443 - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_internal_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:2003" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-graphite-internal", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "graphite")}" -} - -resource "aws_route53_record" "graphite_internal_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "graphite.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.graphite_internal_elb.dns_name - zone_id = aws_elb.graphite_internal_elb.zone_id - evaluate_target_health = true - } -} - -resource "aws_route53_record" "grafana_internal_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "grafana.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.graphite_internal_elb.dns_name - zone_id = aws_elb.graphite_internal_elb.zone_id - evaluate_target_health = true - } -} - -locals { - instance_elb_ids_length = var.create_external_elb ? 2 : 1 - instance_elb_ids = compact(list(aws_elb.graphite_internal_elb.id, join("", aws_elb.graphite_external_elb.*.id))) -} - -module "graphite-1" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-graphite-1" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "graphite", "aws_hostname", "graphite-1")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.graphite_1_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_graphite_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = local.instance_elb_ids_length - instance_elb_ids = ["${local.instance_elb_ids}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn -} - -resource "aws_ebs_volume" "graphite-1" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.graphite_1_subnet) - encrypted = var.ebs_encrypted - size = var.ebs_volume_size - type = "io1" - iops = 1000 - - tags { - Name = "${var.stackname}-graphite-1" - Project = var.stackname - Device = "xvdf" - aws_stackname = var.stackname - aws_environment = var.aws_environment - aws_migration = "graphite" - aws_hostname = "graphite-1" - } -} - -resource "aws_iam_policy" "graphite_1_iam_policy" { - name = "${var.stackname}-graphite-1-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "graphite_1_iam_role_policy_attachment" { - role = module.graphite-1.instance_iam_role_name - policy_arn = aws_iam_policy.graphite_1_iam_policy.arn -} - -resource "aws_iam_role_policy_attachment" "graphite_1_iam_role_policy_cloudwatch_attachment" { - role = module.graphite-1.instance_iam_role_name - policy_arn = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess" -} - -resource "aws_iam_role_policy_attachment" "access_graphite_backups_iam_role_policy_attachment" { - role = module.graphite-1.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_graphite_backups_bucket.access_graphite_backups_bucket_policy_arn -} - -data "terraform_remote_state" "infra_graphite_backups_bucket" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_graphite_backups_bucket_key_stack, var.stackname)}/infra-graphite-backups-bucket.tfstate" - region = var.aws_region - } -} - -module "alarms-elb-graphite-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-graphite-internal" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = aws_elb.graphite_internal_elb.name - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "100" - httpcode_elb_4xx_threshold = "100" - httpcode_elb_5xx_threshold = "100" - surgequeuelength_threshold = "200" - healthyhostcount_threshold = "1" -} - -locals { - elb_httpcode_backend_5xx_threshold = var.create_external_elb ? 100 : 0 - elb_httpcode_elb_5xx_threshold = var.create_external_elb ? 100 : 0 -} - -module "alarms-elb-graphite-external" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-graphite-external" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = join("", aws_elb.graphite_external_elb.*.name) - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = local.elb_httpcode_backend_5xx_threshold - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = local.elb_httpcode_elb_5xx_threshold - surgequeuelength_threshold = "0" - healthyhostcount_threshold = "0" -} - -# Outputs -# -------------------------------------------------------------- - -output "graphite_internal_service_dns_name" { - value = aws_route53_record.graphite_internal_service_record.fqdn - description = "DNS name to access the Graphite internal service" -} - -output "graphite_external_elb_dns_name" { - value = join("", aws_route53_record.graphite_external_service_record.*.fqdn) - description = "DNS name to access the Graphite external service" -} diff --git a/terraform/projects/app-graphite/production.blue.backend b/terraform/projects/app-graphite/production.blue.backend deleted file mode 100644 index eaf5f3f70..000000000 --- a/terraform/projects/app-graphite/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-graphite.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-graphite/remote_state.tf b/terraform/projects/app-graphite/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-graphite/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-graphite/staging.blue.backend b/terraform/projects/app-graphite/staging.blue.backend deleted file mode 100644 index 2704d2f47..000000000 --- a/terraform/projects/app-graphite/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-graphite.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-graphite/user_data_snippets.tf b/terraform/projects/app-graphite/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-graphite/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-jumpbox/README.md b/terraform/projects/app-jumpbox/README.md deleted file mode 100644 index f5f542f56..000000000 --- a/terraform/projects/app-jumpbox/README.md +++ /dev/null @@ -1,69 +0,0 @@ -## Project: app-jumpbox - -Jumpbox node - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elb-jumpbox-internal](#module\_alarms-elb-jumpbox-internal) | ../../modules/aws/alarms/elb | n/a | -| [jumpbox](#module\_jumpbox) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_elb.jumpbox_external_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_route53_record.service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_route53_zone.external](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [create\_external\_elb](#input\_create\_external\_elb) | Create the external ELB | `bool` | `true` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [external\_domain\_name](#input\_external\_domain\_name) | The domain name of the external DNS records, it could be different from the zone name | `string` | n/a | yes | -| [external\_zone\_name](#input\_external\_zone\_name) | The name of the Route53 zone that contains external records | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.micro"` | no | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [jumpbox\_elb\_address](#output\_jumpbox\_elb\_address) | AWS' internal DNS name for the jumpbox ELB | -| [service\_dns\_name](#output\_service\_dns\_name) | DNS name to access the node service | diff --git a/terraform/projects/app-jumpbox/integration.blue.backend b/terraform/projects/app-jumpbox/integration.blue.backend deleted file mode 100644 index 2edf12bb4..000000000 --- a/terraform/projects/app-jumpbox/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-jumpbox.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-jumpbox/main.tf b/terraform/projects/app-jumpbox/main.tf deleted file mode 100644 index 196155488..000000000 --- a/terraform/projects/app-jumpbox/main.tf +++ /dev/null @@ -1,166 +0,0 @@ -/** -* ## Project: app-jumpbox -* -* Jumpbox node -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "external_zone_name" { - type = string - description = "The name of the Route53 zone that contains external records" -} - -variable "external_domain_name" { - type = string - description = "The domain name of the external DNS records, it could be different from the zone name" -} - -variable "create_external_elb" { - description = "Create the external ELB" - default = true -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t2.micro" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "external" { - name = var.external_zone_name - private_zone = false -} - -resource "aws_elb" "jumpbox_external_elb" { - count = var.create_external_elb - - name = "${var.stackname}-jumpbox" - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_offsite_ssh_id}"] - internal = "false" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-jumpbox-external-elb" - interval = 60 - } - - listener { - instance_port = "22" - instance_protocol = "tcp" - lb_port = "22" - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-jumpbox", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "jumpbox")}" -} - -resource "aws_route53_record" "service_record" { - count = var.create_external_elb - - zone_id = data.aws_route53_zone.external.zone_id - name = "jumpbox.${var.external_domain_name}" - type = "A" - - alias { - name = aws_elb.jumpbox_external_elb.dns_name - zone_id = aws_elb.jumpbox_external_elb.zone_id - evaluate_target_health = true - } -} - -locals { - instance_elb_ids_length = var.create_external_elb ? 1 : 0 - instance_elb_ids = compact(list(join("", aws_elb.jumpbox_external_elb.*.id))) -} - -module "jumpbox" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-jumpbox" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "jumpbox", "aws_hostname", "jumpbox-1")}" - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_jumpbox_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids = ["${local.instance_elb_ids}"] - instance_elb_ids_length = local.instance_elb_ids_length - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "64" -} - -locals { - surgequeuelength_threshold = var.create_external_elb ? 200 : 0 - healthyhostcount_threshold = var.create_external_elb ? 1 : 0 -} - -module "alarms-elb-jumpbox-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-jumpbox-external" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = join("", aws_elb.jumpbox_external_elb.*.name) - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "0" - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = "0" - surgequeuelength_threshold = local.surgequeuelength_threshold - healthyhostcount_threshold = local.healthyhostcount_threshold -} - -# Outputs -# -------------------------------------------------------------- - -output "jumpbox_elb_address" { - value = join("", aws_elb.jumpbox_external_elb.*.dns_name) - description = "AWS' internal DNS name for the jumpbox ELB" -} - -output "service_dns_name" { - value = join("", aws_route53_record.service_record.*.name) - description = "DNS name to access the node service" -} diff --git a/terraform/projects/app-jumpbox/production.blue.backend b/terraform/projects/app-jumpbox/production.blue.backend deleted file mode 100644 index 0eb081190..000000000 --- a/terraform/projects/app-jumpbox/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-jumpbox.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-jumpbox/remote_state.tf b/terraform/projects/app-jumpbox/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-jumpbox/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-jumpbox/staging.blue.backend b/terraform/projects/app-jumpbox/staging.blue.backend deleted file mode 100644 index 9e26108dc..000000000 --- a/terraform/projects/app-jumpbox/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-jumpbox.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-jumpbox/user_data_snippets.tf b/terraform/projects/app-jumpbox/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-jumpbox/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-licensify-backend/README.md b/terraform/projects/app-licensify-backend/README.md deleted file mode 100644 index f5449fbdf..000000000 --- a/terraform/projects/app-licensify-backend/README.md +++ /dev/null @@ -1,68 +0,0 @@ -## Project: app-licensify-backend - -Licensify Backend nodes - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [internal\_lb](#module\_internal\_lb) | ../../modules/aws/lb | n/a | -| [licensify-backend](#module\_licensify-backend) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_record.internal_service_names](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_internal_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [app\_service\_records](#input\_app\_service\_records) | List of application service names that get traffic via the internal LB | `list(string)` | `[]` | no | -| [asg\_size](#input\_asg\_size) | The autoscaling group's desired/max/min capacity. licensify-feed can only have one master instance and mastership is manually configured. | `string` | `"1"` | no | -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The domain name of the ACM cert to use for the internal LB | `string` | n/a | yes | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"m5.large"` | no | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [licensify-backend\_internal\_elb\_dns\_name](#output\_licensify-backend\_internal\_elb\_dns\_name) | Internal DNS name for the licensify-backend internal LB | diff --git a/terraform/projects/app-licensify-backend/integration.blue.backend b/terraform/projects/app-licensify-backend/integration.blue.backend deleted file mode 100644 index feae3e7d6..000000000 --- a/terraform/projects/app-licensify-backend/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-licensify-backend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-licensify-backend/main.tf b/terraform/projects/app-licensify-backend/main.tf deleted file mode 100644 index 3b85ccdef..000000000 --- a/terraform/projects/app-licensify-backend/main.tf +++ /dev/null @@ -1,145 +0,0 @@ -/** -* ## Project: app-licensify-backend -* -* Licensify Backend nodes -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "elb_internal_certname" { - type = string - description = "The domain name of the ACM cert to use for the internal LB" -} - -variable "app_service_records" { - type = list(string) - description = "List of application service names that get traffic via the internal LB" - default = [] -} - -variable "asg_size" { - type = string - description = "The autoscaling group's desired/max/min capacity. licensify-feed can only have one master instance and mastership is manually configured." - default = "1" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "m5.large" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "internal" { - name = data.terraform_remote_state.infra_root_dns_zones.internal_root_domain_name - private_zone = true -} - -data "aws_acm_certificate" "elb_internal_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -module "internal_lb" { - source = "../../modules/aws/lb" - name = "licensify-backend-internal" - internal = true - vpc_id = data.terraform_remote_state.infra_vpc.vpc_id - access_logs_bucket_name = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - access_logs_bucket_prefix = "elb/licensify-backend-internal-elb" - listener_certificate_domain_name = var.elb_internal_certname - target_group_health_check_path = "/healthcheck" - - listener_action = { - "HTTPS:443" = "HTTP:80" - } - - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_licensify-backend_internal_elb_id}"] - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - - default_tags = { - Project = "${var.stackname}" - aws_migration = "licensing_backend" - aws_environment = "${var.aws_environment}" - } -} - -# For each service name (there is only licensify-admin for now), create DNS A -# records pointing at the internal LB. -resource "aws_route53_record" "internal_service_names" { - count = length(var.app_service_records) - zone_id = data.aws_route53_zone.internal.zone_id - name = "${element(var.app_service_records, count.index)}.${data.terraform_remote_state.infra_root_dns_zones.internal_root_domain_name}" - type = "A" - - alias { - name = module.internal_lb.lb_dns_name - zone_id = module.internal_lb.lb_zone_id - evaluate_target_health = true - } -} - -module "licensify-backend" { - source = "../../modules/aws/node_group" - name = "licensify-backend" - - default_tags = { - Project = "${var.stackname}" - aws_stackname = "${var.stackname}" - aws_environment = "${var.aws_environment}" - aws_migration = "licensing_backend" - aws_hostname = "licensify-backend-1" - } - - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_licensify-backend_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_target_group_arns_length = "1" - instance_target_group_arns = ["${module.internal_lb.target_group_arns[0]}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = var.asg_size - asg_min_size = var.asg_size - asg_desired_capacity = var.asg_size - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "50" -} - -# Outputs -# -------------------------------------------------------------- - -output "licensify-backend_internal_elb_dns_name" { - value = module.internal_lb.lb_dns_name - description = "Internal DNS name for the licensify-backend internal LB" -} diff --git a/terraform/projects/app-licensify-backend/production.blue.backend b/terraform/projects/app-licensify-backend/production.blue.backend deleted file mode 100644 index e0e3c5d4a..000000000 --- a/terraform/projects/app-licensify-backend/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-licensify-backend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-licensify-backend/remote_state.tf b/terraform/projects/app-licensify-backend/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-licensify-backend/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-licensify-backend/staging.blue.backend b/terraform/projects/app-licensify-backend/staging.blue.backend deleted file mode 100644 index 0f64840bf..000000000 --- a/terraform/projects/app-licensify-backend/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-licensify-backend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-licensify-backend/user_data_snippets.tf b/terraform/projects/app-licensify-backend/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-licensify-backend/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-licensify-frontend/README.md b/terraform/projects/app-licensify-frontend/README.md deleted file mode 100644 index ff562e27e..000000000 --- a/terraform/projects/app-licensify-frontend/README.md +++ /dev/null @@ -1,74 +0,0 @@ -## Project: app-licensify-frontend - -Licensify Frontend nodes - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [internal\_lb](#module\_internal\_lb) | ../../modules/aws/lb | n/a | -| [licensify-frontend](#module\_licensify-frontend) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_route53_record.app_service_records](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_route53_zone.external](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [app\_service\_records](#input\_app\_service\_records) | List of application service names that get traffic via this loadbalancer | `list(string)` | `[]` | no | -| [asg\_size](#input\_asg\_size) | The autoscaling groups desired/max/min capacity | `string` | `"2"` | no | -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [external\_domain\_name](#input\_external\_domain\_name) | The domain name of the external DNS records, it could be different from the zone name | `string` | n/a | yes | -| [external\_zone\_name](#input\_external\_zone\_name) | The name of the Route53 zone that contains external records | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"m5.large"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [service\_dns\_name](#output\_service\_dns\_name) | DNS name to access the node service | diff --git a/terraform/projects/app-licensify-frontend/integration.blue.backend b/terraform/projects/app-licensify-frontend/integration.blue.backend deleted file mode 100644 index 74babbd07..000000000 --- a/terraform/projects/app-licensify-frontend/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-licensify-frontend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-licensify-frontend/main.tf b/terraform/projects/app-licensify-frontend/main.tf deleted file mode 100644 index 541c914fb..000000000 --- a/terraform/projects/app-licensify-frontend/main.tf +++ /dev/null @@ -1,177 +0,0 @@ -/** -* ## Project: app-licensify-frontend -* -* Licensify Frontend nodes -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "asg_size" { - type = string - description = "The autoscaling groups desired/max/min capacity" - default = "2" -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "m5.large" -} - -variable "app_service_records" { - type = list(string) - description = "List of application service names that get traffic via this loadbalancer" - default = [] -} - -variable "external_domain_name" { - type = string - description = "The domain name of the external DNS records, it could be different from the zone name" -} - -variable "external_zone_name" { - type = string - description = "The name of the Route53 zone that contains external records" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -data "aws_route53_zone" "external" { - name = var.external_zone_name - private_zone = false -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_acm_certificate" "elb_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -module "internal_lb" { - source = "../../modules/aws/lb" - name = "${var.stackname}-licensify-frontend-internal" - internal = true - vpc_id = data.terraform_remote_state.infra_vpc.vpc_id - access_logs_bucket_name = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - access_logs_bucket_prefix = "elb/licensify-frontend-internal-lb" - listener_certificate_domain_name = var.elb_internal_certname - target_group_health_check_path = "/api/licences" - - listener_action = { - "HTTPS:443" = "HTTP:80" - } - - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_licensify-frontend_internal_lb_id}"] - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - - default_tags = { - Project = "${var.stackname}" - aws_migration = "licensing_frontend" - aws_stackname = "${var.stackname}" - aws_environment = "${var.aws_environment}" - } -} - -resource "aws_route53_record" "service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "licensify.${var.internal_domain_name}" - type = "A" - - alias { - name = module.internal_lb.lb_dns_name - zone_id = module.internal_lb.lb_zone_id - evaluate_target_health = true - } -} - -resource "aws_route53_record" "app_service_records" { - count = length(var.app_service_records) - zone_id = data.aws_route53_zone.external.zone_id - name = "${element(var.app_service_records, count.index)}.${var.external_domain_name}" - type = "CNAME" - records = ["licensify.${var.external_domain_name}"] - ttl = "300" -} - -module "licensify-frontend" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-licensify-frontend" - - default_tags = { - Project = "${var.stackname}" - aws_stackname = "${var.stackname}" - aws_environment = "${var.aws_environment}" - aws_migration = "licensing_frontend" - aws_hostname = "licensify-frontend-1" - } - - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_licensify-frontend_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_target_group_arns_length = "1" - instance_target_group_arns = ["${module.internal_lb.target_group_arns[0]}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_max_size = var.asg_size - asg_min_size = var.asg_size - asg_desired_capacity = var.asg_size - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "50" -} - -# Outputs -# -------------------------------------------------------------- - -output "service_dns_name" { - value = aws_route53_record.service_record.name - description = "DNS name to access the node service" -} diff --git a/terraform/projects/app-licensify-frontend/production.blue.backend b/terraform/projects/app-licensify-frontend/production.blue.backend deleted file mode 100644 index 6fdefe2ab..000000000 --- a/terraform/projects/app-licensify-frontend/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-licensify-frontend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-licensify-frontend/remote_state.tf b/terraform/projects/app-licensify-frontend/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-licensify-frontend/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-licensify-frontend/staging.blue.backend b/terraform/projects/app-licensify-frontend/staging.blue.backend deleted file mode 100644 index 12ad0c28c..000000000 --- a/terraform/projects/app-licensify-frontend/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-licensify-frontend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-licensify-frontend/user_data_snippets.tf b/terraform/projects/app-licensify-frontend/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-licensify-frontend/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-mongo/README.md b/terraform/projects/app-mongo/README.md deleted file mode 100644 index 661d403f4..000000000 --- a/terraform/projects/app-mongo/README.md +++ /dev/null @@ -1,109 +0,0 @@ -## Project: app-mongo - -Mongo hosts - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-autoscaling-mongo-1](#module\_alarms-autoscaling-mongo-1) | ../../modules/aws/alarms/autoscaling | n/a | -| [alarms-autoscaling-mongo-2](#module\_alarms-autoscaling-mongo-2) | ../../modules/aws/alarms/autoscaling | n/a | -| [alarms-autoscaling-mongo-3](#module\_alarms-autoscaling-mongo-3) | ../../modules/aws/alarms/autoscaling | n/a | -| [alarms-ec2-mongo-1](#module\_alarms-ec2-mongo-1) | ../../modules/aws/alarms/ec2 | n/a | -| [alarms-ec2-mongo-2](#module\_alarms-ec2-mongo-2) | ../../modules/aws/alarms/ec2 | n/a | -| [alarms-ec2-mongo-3](#module\_alarms-ec2-mongo-3) | ../../modules/aws/alarms/ec2 | n/a | -| [mongo-1](#module\_mongo-1) | ../../modules/aws/node_group | n/a | -| [mongo-2](#module\_mongo-2) | ../../modules/aws/node_group | n/a | -| [mongo-3](#module\_mongo-3) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_ebs_volume.mongo-1](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.mongo-2](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_ebs_volume.mongo-3](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_iam_policy.mongo-iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.integration_read_mongoapi_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.integration_read_mongodb_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.integration_read_production_mongoapi_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.integration_read_production_mongodb_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.mongo-1_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.mongo-2_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.mongo-3_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.staging_read_mongoapi_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.staging_read_mongodb_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.staging_read_production_mongoapi_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.staging_read_production_mongodb_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.write_mongo_api_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.write_mongodb_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_network_interface.mongo-1_eni](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/network_interface) | resource | -| [aws_network_interface.mongo-2_eni](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/network_interface) | resource | -| [aws_network_interface.mongo-3_eni](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/network_interface) | resource | -| [aws_route53_record.mongo_1_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.mongo_2_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.mongo_3_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_database_backups_bucket](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [ebs\_encrypted](#input\_ebs\_encrypted) | Whether or not the EBS volume is encrypted | `string` | n/a | yes | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"m5.large"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [mongo\_1\_ip](#input\_mongo\_1\_ip) | IP address of the private IP to assign to the instance | `string` | n/a | yes | -| [mongo\_1\_reserved\_ips\_subnet](#input\_mongo\_1\_reserved\_ips\_subnet) | Name of the subnet to place the reserved IP of the instance | `string` | n/a | yes | -| [mongo\_1\_subnet](#input\_mongo\_1\_subnet) | Name of the subnet to place the Mongo instance 1 and EBS volume | `string` | n/a | yes | -| [mongo\_2\_ip](#input\_mongo\_2\_ip) | IP address of the private IP to assign to the instance | `string` | n/a | yes | -| [mongo\_2\_reserved\_ips\_subnet](#input\_mongo\_2\_reserved\_ips\_subnet) | Name of the subnet to place the reserved IP of the instance | `string` | n/a | yes | -| [mongo\_2\_subnet](#input\_mongo\_2\_subnet) | Name of the subnet to place the Mongo 2 and EBS volume | `string` | n/a | yes | -| [mongo\_3\_ip](#input\_mongo\_3\_ip) | IP address of the private IP to assign to the instance | `string` | n/a | yes | -| [mongo\_3\_reserved\_ips\_subnet](#input\_mongo\_3\_reserved\_ips\_subnet) | Name of the subnet to place the reserved IP of the instance | `string` | n/a | yes | -| [mongo\_3\_subnet](#input\_mongo\_3\_subnet) | Name of the subnet to place the Mongo 3 and EBS volume | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_database\_backups\_bucket\_key\_stack](#input\_remote\_state\_infra\_database\_backups\_bucket\_key\_stack) | Override stackname path to infra\_database\_backups\_bucket remote state | `string` | `""` | no | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [mongo\_1\_service\_dns\_name](#output\_mongo\_1\_service\_dns\_name) | DNS name to access the Mongo 1 internal service | -| [mongo\_2\_service\_dns\_name](#output\_mongo\_2\_service\_dns\_name) | DNS name to access the Mongo 2 internal service | -| [mongo\_3\_service\_dns\_name](#output\_mongo\_3\_service\_dns\_name) | DNS name to access the Mongo 3 internal service | diff --git a/terraform/projects/app-mongo/additional_policy.json b/terraform/projects/app-mongo/additional_policy.json deleted file mode 100644 index 02c12a6b2..000000000 --- a/terraform/projects/app-mongo/additional_policy.json +++ /dev/null @@ -1,20 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:AttachNetworkInterface", - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-mongo/integration.blue.backend b/terraform/projects/app-mongo/integration.blue.backend deleted file mode 100644 index 6799d8d1c..000000000 --- a/terraform/projects/app-mongo/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-mongo.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-mongo/main.tf b/terraform/projects/app-mongo/main.tf deleted file mode 100644 index e309936fe..000000000 --- a/terraform/projects/app-mongo/main.tf +++ /dev/null @@ -1,443 +0,0 @@ -/** -* ## Project: app-mongo -* -* Mongo hosts -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "ebs_encrypted" { - type = string - description = "Whether or not the EBS volume is encrypted" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "mongo_1_subnet" { - type = string - description = "Name of the subnet to place the Mongo instance 1 and EBS volume" -} - -variable "mongo_2_subnet" { - type = string - description = "Name of the subnet to place the Mongo 2 and EBS volume" -} - -variable "mongo_3_subnet" { - type = string - description = "Name of the subnet to place the Mongo 3 and EBS volume" -} - -variable "mongo_1_reserved_ips_subnet" { - type = string - description = "Name of the subnet to place the reserved IP of the instance" -} - -variable "mongo_2_reserved_ips_subnet" { - type = string - description = "Name of the subnet to place the reserved IP of the instance" -} - -variable "mongo_3_reserved_ips_subnet" { - type = string - description = "Name of the subnet to place the reserved IP of the instance" -} - -variable "mongo_1_ip" { - type = string - description = "IP address of the private IP to assign to the instance" -} - -variable "mongo_2_ip" { - type = string - description = "IP address of the private IP to assign to the instance" -} - -variable "mongo_3_ip" { - type = string - description = "IP address of the private IP to assign to the instance" -} - -variable "remote_state_infra_database_backups_bucket_key_stack" { - type = string - description = "Override stackname path to infra_database_backups_bucket remote state" - default = "" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "m5.large" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -# Instance 1 -resource "aws_network_interface" "mongo-1_eni" { - subnet_id = lookup(data.terraform_remote_state.infra_networking.private_subnet_reserved_ips_names_ids_map, var.mongo_1_reserved_ips_subnet) - private_ips = ["${var.mongo_1_ip}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_mongo_id}"] - - tags { - Name = "${var.stackname}-mongo-1" - Project = var.stackname - aws_hostname = "mongo-1" - aws_migration = "mongo" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_route53_record" "mongo_1_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "mongo-1.${var.internal_domain_name}" - type = "A" - records = ["${var.mongo_1_ip}"] - ttl = 300 -} - -module "mongo-1" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-mongo-1" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "mongo", "aws_hostname", "mongo-1")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.mongo_1_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_mongo_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "0" - instance_elb_ids = [] - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "50" -} - -resource "aws_ebs_volume" "mongo-1" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.mongo_1_subnet) - encrypted = var.ebs_encrypted - type = "gp2" - size = 300 - - tags { - Name = "${var.stackname}-mongo-1" - Project = var.stackname - ManagedBy = "terraform" - aws_stackname = var.stackname - aws_environment = var.aws_environment - aws_migration = "mongo" - aws_hostname = "mongo-1" - Device = "xvdf" - } -} - -# Instance 2 -resource "aws_network_interface" "mongo-2_eni" { - subnet_id = lookup(data.terraform_remote_state.infra_networking.private_subnet_reserved_ips_names_ids_map, var.mongo_2_reserved_ips_subnet) - private_ips = ["${var.mongo_2_ip}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_mongo_id}"] - - tags { - Name = "${var.stackname}-mongo-2" - Project = var.stackname - aws_hostname = "mongo-2" - aws_migration = "mongo" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_route53_record" "mongo_2_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "mongo-2.${var.internal_domain_name}" - type = "A" - records = ["${var.mongo_2_ip}"] - ttl = 300 -} - -module "mongo-2" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-mongo-2" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "mongo", "aws_hostname", "mongo-2")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.mongo_2_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_mongo_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "0" - instance_elb_ids = [] - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "50" -} - -resource "aws_ebs_volume" "mongo-2" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.mongo_2_subnet) - encrypted = var.ebs_encrypted - type = "gp2" - size = 300 - - tags { - Name = "${var.stackname}-mongo-2" - Project = var.stackname - ManagedBy = "terraform" - aws_stackname = var.stackname - aws_environment = var.aws_environment - aws_migration = "mongo" - aws_hostname = "mongo-2" - Device = "xvdf" - } -} - -# Instance 3 -resource "aws_network_interface" "mongo-3_eni" { - subnet_id = lookup(data.terraform_remote_state.infra_networking.private_subnet_reserved_ips_names_ids_map, var.mongo_3_reserved_ips_subnet) - private_ips = ["${var.mongo_3_ip}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_mongo_id}"] - - tags { - Name = "${var.stackname}-mongo-3" - Project = var.stackname - aws_hostname = "mongo-3" - aws_migration = "mongo" - aws_stackname = var.stackname - aws_environment = var.aws_environment - } -} - -resource "aws_route53_record" "mongo_3_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "mongo-3.${var.internal_domain_name}" - type = "A" - records = ["${var.mongo_3_ip}"] - ttl = 300 -} - -module "mongo-3" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-mongo-3" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "mongo", "aws_hostname", "mongo-3")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.mongo_3_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_mongo_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "0" - instance_elb_ids = [] - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "50" -} - -resource "aws_ebs_volume" "mongo-3" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.mongo_3_subnet) - encrypted = var.ebs_encrypted - type = "gp2" - size = 300 - - tags { - Name = "${var.stackname}-mongo-3" - Project = var.stackname - ManagedBy = "terraform" - aws_stackname = var.stackname - aws_environment = var.aws_environment - aws_migration = "mongo" - aws_hostname = "mongo-3" - Device = "xvdf" - } -} - -resource "aws_iam_policy" "mongo-iam_policy" { - name = "${var.stackname}-mongo-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "mongo-1_iam_role_policy_attachment" { - role = module.mongo-1.instance_iam_role_name - policy_arn = aws_iam_policy.mongo-iam_policy.arn -} - -resource "aws_iam_role_policy_attachment" "mongo-2_iam_role_policy_attachment" { - role = module.mongo-2.instance_iam_role_name - policy_arn = aws_iam_policy.mongo-iam_policy.arn -} - -resource "aws_iam_role_policy_attachment" "mongo-3_iam_role_policy_attachment" { - role = module.mongo-3.instance_iam_role_name - policy_arn = aws_iam_policy.mongo-iam_policy.arn -} - -module "alarms-autoscaling-mongo-1" { - source = "../../modules/aws/alarms/autoscaling" - name_prefix = "${var.stackname}-mongo-1" - autoscaling_group_name = module.mongo-1.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - groupinserviceinstances_threshold = "1" -} - -module "alarms-ec2-mongo-1" { - source = "../../modules/aws/alarms/ec2" - name_prefix = "${var.stackname}-mongo-1" - autoscaling_group_name = module.mongo-1.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - cpuutilization_threshold = "85" -} - -module "alarms-autoscaling-mongo-2" { - source = "../../modules/aws/alarms/autoscaling" - name_prefix = "${var.stackname}-mongo-2" - autoscaling_group_name = module.mongo-2.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - groupinserviceinstances_threshold = "1" -} - -module "alarms-ec2-mongo-2" { - source = "../../modules/aws/alarms/ec2" - name_prefix = "${var.stackname}-mongo-2" - autoscaling_group_name = module.mongo-2.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - cpuutilization_threshold = "85" -} - -module "alarms-autoscaling-mongo-3" { - source = "../../modules/aws/alarms/autoscaling" - name_prefix = "${var.stackname}-mongo-3" - autoscaling_group_name = module.mongo-3.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - groupinserviceinstances_threshold = "1" -} - -module "alarms-ec2-mongo-3" { - source = "../../modules/aws/alarms/ec2" - name_prefix = "${var.stackname}-mongo-3" - autoscaling_group_name = module.mongo-3.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - cpuutilization_threshold = "85" -} - -data "terraform_remote_state" "infra_database_backups_bucket" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_database_backups_bucket_key_stack, var.stackname)}/infra-database-backups-bucket.tfstate" - region = var.aws_region - } -} - -resource "aws_iam_role_policy_attachment" "write_mongo_api_database_backups_iam_role_policy_attachment" { - count = 3 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.mongo_api_write_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "write_mongodb_database_backups_iam_role_policy_attachment" { - count = 3 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.mongodb_write_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "integration_read_mongoapi_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 3 : 0 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.integration_mongo_api_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "integration_read_mongodb_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 3 : 0 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.integration_mongodb_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "staging_read_mongoapi_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 3 : 0 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.staging_mongo_api_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "staging_read_mongodb_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 3 : 0 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.staging_mongodb_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "integration_read_production_mongoapi_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 3 : 0 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.production_mongo_api_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "integration_read_production_mongodb_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 3 : 0 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.production_mongodb_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "staging_read_production_mongoapi_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 3 : 0 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.production_mongo_api_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "staging_read_production_mongodb_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 3 : 0 - role = element(list(module.mongo-1.instance_iam_role_name, module.mongo-2.instance_iam_role_name, module.mongo-3.instance_iam_role_name), count.index) - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.production_mongodb_read_database_backups_bucket_policy_arn -} - -# Outputs -# -------------------------------------------------------------- - -output "mongo_1_service_dns_name" { - value = aws_route53_record.mongo_1_service_record.fqdn - description = "DNS name to access the Mongo 1 internal service" -} - -output "mongo_2_service_dns_name" { - value = aws_route53_record.mongo_2_service_record.fqdn - description = "DNS name to access the Mongo 2 internal service" -} - -output "mongo_3_service_dns_name" { - value = aws_route53_record.mongo_3_service_record.fqdn - description = "DNS name to access the Mongo 3 internal service" -} diff --git a/terraform/projects/app-mongo/production.blue.backend b/terraform/projects/app-mongo/production.blue.backend deleted file mode 100644 index e01616f39..000000000 --- a/terraform/projects/app-mongo/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-mongo.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-mongo/remote_state.tf b/terraform/projects/app-mongo/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-mongo/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-mongo/staging.blue.backend b/terraform/projects/app-mongo/staging.blue.backend deleted file mode 100644 index 689cf506f..000000000 --- a/terraform/projects/app-mongo/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-mongo.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-mongo/user_data_snippets.tf b/terraform/projects/app-mongo/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-mongo/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-monitoring/README.md b/terraform/projects/app-monitoring/README.md deleted file mode 100644 index 76acaf87d..000000000 --- a/terraform/projects/app-monitoring/README.md +++ /dev/null @@ -1,86 +0,0 @@ -## Project: app-monitoring - -Monitoring node - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elb-monitoring-external](#module\_alarms-elb-monitoring-external) | ../../modules/aws/alarms/elb | n/a | -| [alarms-elb-monitoring-internal](#module\_alarms-elb-monitoring-internal) | ../../modules/aws/alarms/elb | n/a | -| [monitoring](#module\_monitoring) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_ebs_volume.monitoring](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_elb.monitoring_external_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.monitoring_internal_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_iam_policy.list_fastly_logs](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_policy.monitoring-iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.monitoring_can_list_fastly_logs](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.monitoring_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.external_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.fastly_external_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.internal_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_external_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_acm_certificate.elb_internal_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_route53_zone.external](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [ebs\_encrypted](#input\_ebs\_encrypted) | Whether or not the EBS volume is encrypted | `string` | n/a | yes | -| [elb\_external\_certname](#input\_elb\_external\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [external\_domain\_name](#input\_external\_domain\_name) | The domain name of the external DNS records, it could be different from the zone name | `string` | n/a | yes | -| [external\_zone\_name](#input\_external\_zone\_name) | The name of the Route53 zone that contains external records | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"m5.xlarge"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [monitoring\_subnet](#input\_monitoring\_subnet) | Name of the subnet to place the monitoring instance and the EBS volume | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [monitoring\_external\_elb\_dns\_name](#output\_monitoring\_external\_elb\_dns\_name) | External DNS name to access the monitoring service | -| [monitoring\_internal\_elb\_dns\_name](#output\_monitoring\_internal\_elb\_dns\_name) | Internal DNS name to access the monitoring service | diff --git a/terraform/projects/app-monitoring/additional_policy.json b/terraform/projects/app-monitoring/additional_policy.json deleted file mode 100644 index f257e4249..000000000 --- a/terraform/projects/app-monitoring/additional_policy.json +++ /dev/null @@ -1,37 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1524841802000", - "Effect": "Allow", - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:AttachNetworkInterface", - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes", - "ec2:DescribeAvailabilityZones", - "rds:Describe*", - "rds:ListTagsForResource", - "elasticache:Describe*", - "elasticloadbalancing:Describe*", - "cloudwatch:DescribeAlarmHistory", - "cloudwatch:GetDashboard", - "cloudwatch:GetMetricData", - "cloudwatch:DescribeAlarmsForMetric", - "cloudwatch:ListDashboards", - "cloudwatch:DescribeAlarms", - "cloudwatch:GetMetricStatistics", - "cloudwatch:ListMetrics", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "iam:ListUsers", - "iam:ListAccessKeys" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-monitoring/integration.blue.backend b/terraform/projects/app-monitoring/integration.blue.backend deleted file mode 100644 index 9ed3607a4..000000000 --- a/terraform/projects/app-monitoring/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-monitoring.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-monitoring/main.tf b/terraform/projects/app-monitoring/main.tf deleted file mode 100644 index a1a40f951..000000000 --- a/terraform/projects/app-monitoring/main.tf +++ /dev/null @@ -1,364 +0,0 @@ -/** -* ## Project: app-monitoring -* -* Monitoring node -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "ebs_encrypted" { - type = string - description = "Whether or not the EBS volume is encrypted" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "elb_external_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "monitoring_subnet" { - type = string - description = "Name of the subnet to place the monitoring instance and the EBS volume" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "external_zone_name" { - type = string - description = "The name of the Route53 zone that contains external records" -} - -variable "external_domain_name" { - type = string - description = "The domain name of the external DNS records, it could be different from the zone name" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "m5.xlarge" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -data "aws_route53_zone" "external" { - name = var.external_zone_name - private_zone = false -} - -data "aws_acm_certificate" "elb_external_cert" { - domain = var.elb_external_certname - statuses = ["ISSUED"] -} - -data "aws_acm_certificate" "elb_internal_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -# This ELB is the entry point for the fastly rsyslog backup and hence, -# the monitoring.* domain name should be directed to a suitable load-balancer -# if this load-balancer is removed/changed -resource "aws_elb" "monitoring_external_elb" { - name = "${var.stackname}-monitoring-external" - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_monitoring_external_elb_id}"] - internal = "false" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-monitoring-external-elb" - interval = 60 - } - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 443 - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_external_cert.arn - } - - listener { - instance_port = 6514 - instance_protocol = "tcp" - lb_port = 6514 - lb_protocol = "ssl" - - ssl_certificate_id = data.aws_acm_certificate.elb_external_cert.arn - } - - listener { - instance_port = 6515 - instance_protocol = "tcp" - lb_port = 6515 - lb_protocol = "ssl" - - ssl_certificate_id = data.aws_acm_certificate.elb_external_cert.arn - } - - listener { - instance_port = 6516 - instance_protocol = "tcp" - lb_port = 6516 - lb_protocol = "ssl" - - ssl_certificate_id = data.aws_acm_certificate.elb_external_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:80" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-monitoring", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "monitoring")}" -} - -resource "aws_elb" "monitoring_internal_elb" { - name = "${var.stackname}-monitoring" - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_monitoring_internal_elb_id}"] - internal = "true" - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - listener { - instance_port = 5667 - instance_protocol = "tcp" - lb_port = 5667 - lb_protocol = "tcp" - } - - listener { - instance_port = 80 - instance_protocol = "http" - lb_port = 443 - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_internal_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:5667" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-monitoring", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "monitoring")}" -} - -module "monitoring" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-monitoring" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "monitoring", "aws_hostname", "monitoring-1")}" - instance_subnet_ids = matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.monitoring_subnet)) - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_monitoring_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "2" - instance_elb_ids = ["${aws_elb.monitoring_external_elb.id}", "${aws_elb.monitoring_internal_elb.id}"] - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "40" -} - -resource "aws_ebs_volume" "monitoring" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.monitoring_subnet) - encrypted = var.ebs_encrypted - type = "gp2" - size = 40 - - tags { - Name = "${var.stackname}-monitoring" - Project = var.stackname - ManagedBy = "terraform" - aws_stackname = var.stackname - aws_environment = var.aws_environment - aws_migration = "monitoring" - aws_hostname = "monitoring-1" - Device = "xvdf" - } -} - -resource "aws_iam_policy" "monitoring-iam_policy" { - name = "${var.stackname}-monitoring-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "monitoring_iam_role_policy_attachment" { - role = module.monitoring.instance_iam_role_name - policy_arn = aws_iam_policy.monitoring-iam_policy.arn -} - -resource "aws_iam_policy" "list_fastly_logs" { - name = "fastly-logs-${var.aws_environment}-logs-lister-policy" - description = "Allows listing (but not reading) the fastly-logs buckets. For use by monitoring." - - policy = < [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [prometheus-1](#module\_prometheus-1) | ../../modules/aws/node_group | n/a | -| [prometheus\_internal\_alb](#module\_prometheus\_internal\_alb) | ../../modules/aws/lb | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_autoscaling_attachment.internal_lb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/autoscaling_attachment) | resource | -| [aws_ebs_volume.prometheus-1](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/ebs_volume) | resource | -| [aws_iam_policy.prometheus_1_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.prometheus_1_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.prometheus_1_iam_role_policy_cloudwatch_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_lb_listener_rule.internal_lb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/lb_listener_rule) | resource | -| [aws_route53_record.service_record_internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_internal_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [ebs\_volume\_size](#input\_ebs\_volume\_size) | EBS volume size | `string` | `"64"` | no | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name (e.g. *.production.govuk-internal.digital) to find the ARN of | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t3.medium"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [prometheus\_1\_subnet](#input\_prometheus\_1\_subnet) | Name of the subnet to place the Prometheus instance and EBS volume | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -No outputs. diff --git a/terraform/projects/app-prometheus/additional_policy.json b/terraform/projects/app-prometheus/additional_policy.json deleted file mode 100644 index 97d326628..000000000 --- a/terraform/projects/app-prometheus/additional_policy.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:AttachVolume", - "ec2:DetachVolume", - "ec2:DescribeVolumeStatus", - "ec2:DescribeVolumes" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-prometheus/integration.blue.backend b/terraform/projects/app-prometheus/integration.blue.backend deleted file mode 100644 index a9d1017e9..000000000 --- a/terraform/projects/app-prometheus/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-prometheus.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-prometheus/main.tf b/terraform/projects/app-prometheus/main.tf deleted file mode 100644 index e41ef880f..000000000 --- a/terraform/projects/app-prometheus/main.tf +++ /dev/null @@ -1,178 +0,0 @@ -/* -* ## Project: app-prometheus -* -* Prometheus node -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - - # default = "ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-*" - default = "ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*" -} - -variable "prometheus_1_subnet" { - type = string - description = "Name of the subnet to place the Prometheus instance and EBS volume" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t3.medium" -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name (e.g. *.production.govuk-internal.digital) to find the ARN of" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "ebs_volume_size" { - type = string - description = "EBS volume size" - default = "64" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -module "prometheus-1" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-prometheus-1" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", - var.aws_environment, "aws_migration", "prometheus", "aws_hostname", "prometheus-1")}" - - instance_subnet_ids = (matchkeys(values(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), - keys(data.terraform_remote_state.infra_networking.private_subnet_names_ids_map), list(var.prometheus_1_subnet))) - - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_prometheus_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn -} - -resource "aws_ebs_volume" "prometheus-1" { - availability_zone = lookup(data.terraform_remote_state.infra_networking.private_subnet_names_azs_map, var.prometheus_1_subnet) - size = var.ebs_volume_size - type = "gp3" - - tags { - Name = "${var.stackname}-prometheus-1" - Project = var.stackname - Device = "xvdf" - aws_stackname = var.stackname - aws_environment = var.aws_environment - aws_migration = "prometheus" - aws_hostname = "prometheus-1" - } -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -data "aws_acm_certificate" "elb_internal_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -module "prometheus_internal_alb" { - source = "../../modules/aws/lb" - name = "${var.stackname}-prometheus-internal" - internal = true - vpc_id = data.terraform_remote_state.infra_vpc.vpc_id - access_logs_bucket_name = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - access_logs_bucket_prefix = "elb/${var.stackname}-prometheus-internal-alb" - listener_certificate_domain_name = var.elb_internal_certname - listener_action = map("HTTPS:443", "HTTP:80") - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - target_group_health_check_path = "/-/ready" # See https://prometheus.io/docs/prometheus/latest/management_api/ - - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_prometheus_internal_elb_id}"] - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - default_tags = "${map("Project", var.stackname, "aws_migration", "prometheus", "aws_environment", var.aws_environment)}" -} - -resource "aws_autoscaling_attachment" "internal_lb" { - autoscaling_group_name = module.prometheus-1.autoscaling_group_name - alb_target_group_arn = module.prometheus_internal_alb.target_group_arns[0] -} - -resource "aws_lb_listener_rule" "internal_lb" { - listener_arn = module.prometheus_internal_alb.load_balancer_ssl_listeners[0] - - action { - type = "forward" - target_group_arn = module.prometheus_internal_alb.target_group_arns[0] - } - - condition { - field = "host-header" - values = ["prometheus.${var.internal_domain_name}"] - } -} - -resource "aws_route53_record" "service_record_internal" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "prometheus.${var.internal_domain_name}" - type = "A" - - alias { - name = module.prometheus_internal_alb.lb_dns_name - zone_id = module.prometheus_internal_alb.lb_zone_id - evaluate_target_health = true - } -} - -resource "aws_iam_policy" "prometheus_1_iam_policy" { - name = "${var.stackname}-prometheus-1-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "prometheus_1_iam_role_policy_attachment" { - role = module.prometheus-1.instance_iam_role_name - policy_arn = aws_iam_policy.prometheus_1_iam_policy.arn -} - -resource "aws_iam_role_policy_attachment" "prometheus_1_iam_role_policy_cloudwatch_attachment" { - role = module.prometheus-1.instance_iam_role_name - policy_arn = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess" -} diff --git a/terraform/projects/app-prometheus/production.blue.backend b/terraform/projects/app-prometheus/production.blue.backend deleted file mode 100644 index 55d34576c..000000000 --- a/terraform/projects/app-prometheus/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-prometheus.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-prometheus/remote-state.tf b/terraform/projects/app-prometheus/remote-state.tf deleted file mode 100644 index 8edd1efc0..000000000 --- a/terraform/projects/app-prometheus/remote-state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = "eu-west-1" - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = "eu-west-1" - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = "eu-west-1" - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = "eu-west-1" - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = "eu-west-1" - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = "eu-west-1" - } -} diff --git a/terraform/projects/app-prometheus/staging.blue.backend b/terraform/projects/app-prometheus/staging.blue.backend deleted file mode 100644 index b970559d2..000000000 --- a/terraform/projects/app-prometheus/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-prometheus.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-prometheus/userdata-snippet.tf b/terraform/projects/app-prometheus/userdata-snippet.tf deleted file mode 100644 index d14ea5772..000000000 --- a/terraform/projects/app-prometheus/userdata-snippet.tf +++ /dev/null @@ -1,25 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = file("../../userdata/${element(var.user_data_snippets, count.index)}") - } -} diff --git a/terraform/projects/app-puppetmaster/README.md b/terraform/projects/app-puppetmaster/README.md deleted file mode 100644 index 4854145e2..000000000 --- a/terraform/projects/app-puppetmaster/README.md +++ /dev/null @@ -1,82 +0,0 @@ -## Project: app-puppetmaster - -Puppetmaster node - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-elb-puppetmaster-internal](#module\_alarms-elb-puppetmaster-internal) | ../../modules/aws/alarms/elb | n/a | -| [puppetmaster](#module\_puppetmaster) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_elb.puppetmaster_bootstrap_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_elb.puppetmaster_internal_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_iam_policy.puppetmaster_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_policy.puppetmaster_ssm_getparameter_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.puppetmaster_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.puppetmaster_iam_role_policy_attachment_2](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.puppetdb_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_security_group_rule.puppetmaster_ingress_offsite-ssh_22](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/security_group_rule) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_acm_certificate.elb_internal_cert](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/acm_certificate) | data source | -| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/caller_identity) | data source | -| [aws_iam_policy_document.ssm_getparameter_policy_doc](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/iam_policy_document) | data source | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [elb\_internal\_certname](#input\_elb\_internal\_certname) | The ACM cert domain name to find the ARN of | `string` | n/a | yes | -| [enable\_bootstrap](#input\_enable\_bootstrap) | Whether to create the ELB which allows a user to SSH to the Puppetmaster from the office | `string` | `false` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"m5.xlarge"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name. | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [puppetdb\_service\_dns\_name](#output\_puppetdb\_service\_dns\_name) | DNS name to access the node service | -| [puppetmaster\_bootstrap\_elb\_dns\_name](#output\_puppetmaster\_bootstrap\_elb\_dns\_name) | DNS name to access the puppetmaster bootstrap service | -| [puppetmaster\_internal\_elb\_dns\_name](#output\_puppetmaster\_internal\_elb\_dns\_name) | DNS name to access the puppetmaster service | -| [service\_dns\_name](#output\_service\_dns\_name) | DNS name to access the node service | diff --git a/terraform/projects/app-puppetmaster/additional_policy.json b/terraform/projects/app-puppetmaster/additional_policy.json deleted file mode 100644 index 3d795af15..000000000 --- a/terraform/projects/app-puppetmaster/additional_policy.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:CreateTags" - ], - "Resource": [ - "arn:aws:ec2:*" - ] - } - ] -} diff --git a/terraform/projects/app-puppetmaster/integration.blue.backend b/terraform/projects/app-puppetmaster/integration.blue.backend deleted file mode 100644 index 1326f6866..000000000 --- a/terraform/projects/app-puppetmaster/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-puppetmaster.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-puppetmaster/main.tf b/terraform/projects/app-puppetmaster/main.tf deleted file mode 100644 index 4359a16d7..000000000 --- a/terraform/projects/app-puppetmaster/main.tf +++ /dev/null @@ -1,280 +0,0 @@ -/** -* ## Project: app-puppetmaster -* -* Puppetmaster node -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS environment" -} - -variable "instance_ami_filter_name" { - type = string - description = "Name to use to find AMI images" - default = "" -} - -variable "enable_bootstrap" { - type = string - description = "Whether to create the ELB which allows a user to SSH to the Puppetmaster from the office" - default = false -} - -variable "elb_internal_certname" { - type = string - description = "The ACM cert domain name to find the ARN of" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name." -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "m5.xlarge" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_acm_certificate" "elb_internal_cert" { - domain = var.elb_internal_certname - statuses = ["ISSUED"] -} - -data "aws_caller_identity" "current" {} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -resource "aws_elb" "puppetmaster_bootstrap_elb" { - count = var.enable_bootstrap - name = "${var.stackname}-puppetmaster-bootstrap" - subnets = ["${data.terraform_remote_state.infra_networking.public_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_offsite_ssh_id}"] - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-puppetmaster-bootstrap-external-elb" - interval = 60 - } - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags { - Name = "${var.stackname}_puppetmaster_bootstrap" - Project = var.stackname - } -} - -resource "aws_security_group_rule" "puppetmaster_ingress_offsite-ssh_22" { - count = var.enable_bootstrap - type = "ingress" - from_port = "22" - to_port = "22" - protocol = "tcp" - source_security_group_id = data.terraform_remote_state.infra_security_groups.sg_offsite_ssh_id - security_group_id = data.terraform_remote_state.infra_security_groups.sg_puppetmaster_id -} - -resource "aws_elb" "puppetmaster_internal_elb" { - name = "${var.stackname}-puppetmaster" - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_puppetmaster_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-puppetmaster-internal-elb" - interval = 60 - } - - listener { - instance_port = "8140" - instance_protocol = "tcp" - lb_port = "8140" - lb_protocol = "tcp" - } - - listener { - instance_port = "80" - instance_protocol = "http" - lb_port = "443" - lb_protocol = "https" - - ssl_certificate_id = data.aws_acm_certificate.elb_internal_cert.arn - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - target = "TCP:8140" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-puppetmaster", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "puppetmaster")}" -} - -resource "aws_route53_record" "service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "puppet.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.puppetmaster_internal_elb.dns_name - zone_id = aws_elb.puppetmaster_internal_elb.zone_id - evaluate_target_health = true - } -} - -resource "aws_route53_record" "puppetdb_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "puppetdb.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.puppetmaster_internal_elb.dns_name - zone_id = aws_elb.puppetmaster_internal_elb.zone_id - evaluate_target_health = true - } -} - -module "puppetmaster" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-puppetmaster" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "puppetmaster", "aws_hostname", "puppetmaster-1")}" - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_puppetmaster_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids = ["${aws_elb.puppetmaster_internal_elb.id}", "${aws_elb.puppetmaster_bootstrap_elb.*.id}"] - instance_elb_ids_length = var.enable_bootstrap > 0 ? 2 : 1 - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "50" -} - -resource "aws_iam_policy" "puppetmaster_iam_policy" { - name = "${var.stackname}-puppetmaster-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "puppetmaster_iam_role_policy_attachment" { - role = module.puppetmaster.instance_iam_role_name - policy_arn = aws_iam_policy.puppetmaster_iam_policy.arn -} - -data "aws_iam_policy_document" "ssm_getparameter_policy_doc" { - statement { - sid = "1" - - actions = [ - "ssm:GetParameter", - "ssm:DescribeParameters", - ] - - resources = [ - "arn:aws:ssm:${var.aws_region}:${data.aws_caller_identity.current.account_id}:parameter/*", - ] - } -} - -resource "aws_iam_policy" "puppetmaster_ssm_getparameter_policy" { - name = "${var.stackname}-puppetmaster-ssm-getparameter" - policy = data.aws_iam_policy_document.ssm_getparameter_policy_doc.json -} - -resource "aws_iam_role_policy_attachment" "puppetmaster_iam_role_policy_attachment_2" { - role = module.puppetmaster.instance_iam_role_name - policy_arn = aws_iam_policy.puppetmaster_ssm_getparameter_policy.arn -} - -module "alarms-elb-puppetmaster-internal" { - source = "../../modules/aws/alarms/elb" - name_prefix = "${var.stackname}-puppetmaster-internal" - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - elb_name = aws_elb.puppetmaster_internal_elb.name - httpcode_backend_4xx_threshold = "0" - httpcode_backend_5xx_threshold = "0" - httpcode_elb_4xx_threshold = "0" - httpcode_elb_5xx_threshold = "0" - surgequeuelength_threshold = "200" - healthyhostcount_threshold = "1" -} - -# Outputs -# -------------------------------------------------------------- - -output "puppetmaster_internal_elb_dns_name" { - value = aws_elb.puppetmaster_internal_elb.dns_name - description = "DNS name to access the puppetmaster service" -} - -output "puppetmaster_bootstrap_elb_dns_name" { - value = join("", aws_elb.puppetmaster_bootstrap_elb.*.dns_name) - description = "DNS name to access the puppetmaster bootstrap service" -} - -output "service_dns_name" { - value = aws_route53_record.service_record.fqdn - description = "DNS name to access the node service" -} - -output "puppetdb_service_dns_name" { - value = aws_route53_record.puppetdb_service_record.fqdn - description = "DNS name to access the node service" -} diff --git a/terraform/projects/app-puppetmaster/production.blue.backend b/terraform/projects/app-puppetmaster/production.blue.backend deleted file mode 100644 index bccfe95e4..000000000 --- a/terraform/projects/app-puppetmaster/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-puppetmaster.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-puppetmaster/remote_state.tf b/terraform/projects/app-puppetmaster/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-puppetmaster/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-puppetmaster/staging.blue.backend b/terraform/projects/app-puppetmaster/staging.blue.backend deleted file mode 100644 index 9d169b575..000000000 --- a/terraform/projects/app-puppetmaster/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-puppetmaster.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-puppetmaster/user_data_snippets.tf b/terraform/projects/app-puppetmaster/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-puppetmaster/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/app-router-backend/README.md b/terraform/projects/app-router-backend/README.md deleted file mode 100644 index 10d1414a3..000000000 --- a/terraform/projects/app-router-backend/README.md +++ /dev/null @@ -1,90 +0,0 @@ -## Project: app-router-backend - -Router backend hosts both Mongo and router-api - -## Requirements - -| Name | Version | -|------|---------| -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [router-backend-1](#module\_router-backend-1) | ../../modules/aws/node_group | n/a | -| [router-backend-2](#module\_router-backend-2) | ../../modules/aws/node_group | n/a | -| [router-backend-3](#module\_router-backend-3) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_iam_policy.router-backend_iam_policy](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_policy) | resource | -| [aws_iam_role_policy_attachment.read_integration_router-backend_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_staging_router-backend_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.router-backend_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.staging_read_production_router-backend_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.write_router-backend_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_network_interface.router-backend-1_eni](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/network_interface) | resource | -| [aws_network_interface.router-backend-2_eni](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/network_interface) | resource | -| [aws_network_interface.router-backend-3_eni](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/network_interface) | resource | -| [aws_route53_record.router-backend_1_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.router-backend_2_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_record.router-backend_3_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_database_backups_bucket](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `any` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `any` | n/a | yes | -| [instance\_ami\_filter\_name](#input\_instance\_ami\_filter\_name) | Name to use to find AMI images | `string` | `""` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.medium"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `any` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `any` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `any` | n/a | yes | -| [remote\_state\_infra\_database\_backups\_bucket\_key\_stack](#input\_remote\_state\_infra\_database\_backups\_bucket\_key\_stack) | Override stackname path to infra\_database\_backups\_bucket remote state | `string` | `""` | no | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [router-backend\_1\_ip](#input\_router-backend\_1\_ip) | IP address of the private IP to assign to the instance | `any` | n/a | yes | -| [router-backend\_1\_reserved\_ips\_subnet](#input\_router-backend\_1\_reserved\_ips\_subnet) | Name of the subnet to place the reserved IP of the instance | `any` | n/a | yes | -| [router-backend\_1\_subnet](#input\_router-backend\_1\_subnet) | Name of the subnet to place the Router Mongo 1 | `any` | n/a | yes | -| [router-backend\_2\_ip](#input\_router-backend\_2\_ip) | IP address of the private IP to assign to the instance | `any` | n/a | yes | -| [router-backend\_2\_reserved\_ips\_subnet](#input\_router-backend\_2\_reserved\_ips\_subnet) | Name of the subnet to place the reserved IP of the instance | `any` | n/a | yes | -| [router-backend\_2\_subnet](#input\_router-backend\_2\_subnet) | Name of the subnet to place the Router Mongo 2 | `any` | n/a | yes | -| [router-backend\_3\_ip](#input\_router-backend\_3\_ip) | IP address of the private IP to assign to the instance | `any` | n/a | yes | -| [router-backend\_3\_reserved\_ips\_subnet](#input\_router-backend\_3\_reserved\_ips\_subnet) | Name of the subnet to place the reserved IP of the instance | `any` | n/a | yes | -| [router-backend\_3\_subnet](#input\_router-backend\_3\_subnet) | Name of the subnet to place the Router Mongo 3 | `any` | n/a | yes | -| [stackname](#input\_stackname) | Stackname | `any` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(any)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [router\_backend\_1\_service\_dns\_name](#output\_router\_backend\_1\_service\_dns\_name) | DNS name to access the Router Mongo 1 internal service | -| [router\_backend\_2\_service\_dns\_name](#output\_router\_backend\_2\_service\_dns\_name) | DNS name to access the Router Mongo 2 internal service | -| [router\_backend\_3\_service\_dns\_name](#output\_router\_backend\_3\_service\_dns\_name) | DNS name to access the Router Mongo 3 internal service | diff --git a/terraform/projects/app-router-backend/additional_policy.json b/terraform/projects/app-router-backend/additional_policy.json deleted file mode 100644 index 66c353d57..000000000 --- a/terraform/projects/app-router-backend/additional_policy.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "Stmt1499854881000", - "Effect": "Allow", - "Action": [ - "ec2:DescribeNetworkInterfaces", - "ec2:AttachNetworkInterface" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/terraform/projects/app-router-backend/integration.blue.backend b/terraform/projects/app-router-backend/integration.blue.backend deleted file mode 100644 index 0f2bd00b8..000000000 --- a/terraform/projects/app-router-backend/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-router-backend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-router-backend/main.tf b/terraform/projects/app-router-backend/main.tf deleted file mode 100644 index 2b83fa4bd..000000000 --- a/terraform/projects/app-router-backend/main.tf +++ /dev/null @@ -1,229 +0,0 @@ -/** -* ## Project: app-router-backend -* -* Router backend hosts both Mongo and router-api -*/ - -terraform { - backend "s3" {} -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -locals { - default_tags = { - "Project" = var.stackname - "aws_stackname" = var.stackname - "aws_environment" = var.aws_environment - "aws_migration" = "router_backend" - } -} - -# Instance 1 -resource "aws_network_interface" "router-backend-1_eni" { - subnet_id = lookup( - data.terraform_remote_state.infra_networking.outputs.private_subnet_reserved_ips_names_ids_map, - var.router-backend_1_reserved_ips_subnet - ) - private_ips = [var.router-backend_1_ip] - security_groups = [data.terraform_remote_state.infra_security_groups.outputs.sg_router-backend_id] - - tags = merge(local.default_tags, { - Name = "${var.stackname}-router-backend-1" - aws_hostname = "router-backend-1" - }) -} - -resource "aws_route53_record" "router-backend_1_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "router-backend-1.${var.internal_domain_name}" - type = "A" - records = [var.router-backend_1_ip] - ttl = 300 -} - -module "router-backend-1" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-router-backend-1" - default_tags = merge(local.default_tags, { - "aws_hostname" = "router-backend-1" - }) - instance_subnet_ids = matchkeys( - values(data.terraform_remote_state.infra_networking.outputs.private_subnet_names_ids_map), - keys(data.terraform_remote_state.infra_networking.outputs.private_subnet_names_ids_map), - [var.router-backend_1_subnet] - ) - instance_security_group_ids = [ - data.terraform_remote_state.infra_security_groups.outputs.sg_router-backend_id, - data.terraform_remote_state.infra_security_groups.outputs.sg_management_id - ] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data[*].triggers.snippet) - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.outputs.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = 20 -} - -# Instance 2 -resource "aws_network_interface" "router-backend-2_eni" { - subnet_id = lookup( - data.terraform_remote_state.infra_networking.outputs.private_subnet_reserved_ips_names_ids_map, - var.router-backend_2_reserved_ips_subnet - ) - private_ips = [var.router-backend_2_ip] - security_groups = [data.terraform_remote_state.infra_security_groups.outputs.sg_router-backend_id] - - tags = merge(local.default_tags, { - Name = "${var.stackname}-router-backend-2" - aws_hostname = "router-backend-2" - }) -} - -resource "aws_route53_record" "router-backend_2_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "router-backend-2.${var.internal_domain_name}" - type = "A" - records = [var.router-backend_2_ip] - ttl = 300 -} - -module "router-backend-2" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-router-backend-2" - default_tags = merge(local.default_tags, { - "aws_hostname" = "router-backend-2" - }) - instance_subnet_ids = matchkeys( - values(data.terraform_remote_state.infra_networking.outputs.private_subnet_names_ids_map), - keys(data.terraform_remote_state.infra_networking.outputs.private_subnet_names_ids_map), - [var.router-backend_2_subnet] - ) - instance_security_group_ids = [ - data.terraform_remote_state.infra_security_groups.outputs.sg_router-backend_id, - data.terraform_remote_state.infra_security_groups.outputs.sg_management_id - ] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data[*].triggers.snippet) - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.outputs.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = 20 -} - -# Instance 3 -resource "aws_network_interface" "router-backend-3_eni" { - subnet_id = lookup( - data.terraform_remote_state.infra_networking.outputs.private_subnet_reserved_ips_names_ids_map, - var.router-backend_3_reserved_ips_subnet - ) - private_ips = [var.router-backend_3_ip] - security_groups = [data.terraform_remote_state.infra_security_groups.outputs.sg_router-backend_id] - - tags = merge(local.default_tags, { - Name = "${var.stackname}-router-backend-3" - aws_hostname = "router-backend-3" - }) -} - -resource "aws_route53_record" "router-backend_3_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "router-backend-3.${var.internal_domain_name}" - type = "A" - records = [var.router-backend_3_ip] - ttl = 300 -} - -module "router-backend-3" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-router-backend-3" - default_tags = merge(local.default_tags, { - "aws_hostname" = "router-backend-3" - }) - instance_subnet_ids = matchkeys( - values(data.terraform_remote_state.infra_networking.outputs.private_subnet_names_ids_map), - keys(data.terraform_remote_state.infra_networking.outputs.private_subnet_names_ids_map), - [var.router-backend_3_subnet] - ) - instance_security_group_ids = [ - data.terraform_remote_state.infra_security_groups.outputs.sg_router-backend_id, - data.terraform_remote_state.infra_security_groups.outputs.sg_management_id - ] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data[*].triggers.snippet) - instance_ami_filter_name = var.instance_ami_filter_name - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.outputs.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = 20 -} - -data "terraform_remote_state" "infra_database_backups_bucket" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_database_backups_bucket_key_stack, var.stackname)}/infra-database-backups-bucket.tfstate" - region = var.aws_region - } -} - -resource "aws_iam_role_policy_attachment" "write_router-backend_database_backups_iam_role_policy_attachment" { - count = 3 - role = [ - module.router-backend-1.instance_iam_role_name, - module.router-backend-2.instance_iam_role_name, - module.router-backend-3.instance_iam_role_name, - ][count.index] - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.outputs.mongo_router_write_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "read_integration_router-backend_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 3 : 0 - role = [ - module.router-backend-1.instance_iam_role_name, - module.router-backend-2.instance_iam_role_name, - module.router-backend-3.instance_iam_role_name, - ][count.index] - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.outputs.integration_mongo_router_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "read_staging_router-backend_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 3 : 0 - role = [ - module.router-backend-1.instance_iam_role_name, - module.router-backend-2.instance_iam_role_name, - module.router-backend-3.instance_iam_role_name, - ][count.index] - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.outputs.staging_mongo_router_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "staging_read_production_router-backend_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "staging" ? 3 : 0 - role = [ - module.router-backend-1.instance_iam_role_name, - module.router-backend-2.instance_iam_role_name, - module.router-backend-3.instance_iam_role_name, - ][count.index] - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.outputs.production_mongo_router_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_policy" "router-backend_iam_policy" { - name = "${var.stackname}-router-backend-additional" - path = "/" - policy = file("${path.module}/additional_policy.json") -} - -resource "aws_iam_role_policy_attachment" "router-backend_iam_role_policy_attachment" { - count = 3 - role = [ - module.router-backend-1.instance_iam_role_name, - module.router-backend-2.instance_iam_role_name, - module.router-backend-3.instance_iam_role_name, - ][count.index] - policy_arn = aws_iam_policy.router-backend_iam_policy.arn -} diff --git a/terraform/projects/app-router-backend/outputs.tf b/terraform/projects/app-router-backend/outputs.tf deleted file mode 100644 index 120e4f5f4..000000000 --- a/terraform/projects/app-router-backend/outputs.tf +++ /dev/null @@ -1,14 +0,0 @@ -output "router_backend_1_service_dns_name" { - value = aws_route53_record.router-backend_1_service_record.fqdn - description = "DNS name to access the Router Mongo 1 internal service" -} - -output "router_backend_2_service_dns_name" { - value = aws_route53_record.router-backend_2_service_record.fqdn - description = "DNS name to access the Router Mongo 2 internal service" -} - -output "router_backend_3_service_dns_name" { - value = aws_route53_record.router-backend_3_service_record.fqdn - description = "DNS name to access the Router Mongo 3 internal service" -} diff --git a/terraform/projects/app-router-backend/production.blue.backend b/terraform/projects/app-router-backend/production.blue.backend deleted file mode 100644 index 51dfac7c1..000000000 --- a/terraform/projects/app-router-backend/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-router-backend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-router-backend/remote_state.tf b/terraform/projects/app-router-backend/remote_state.tf deleted file mode 100644 index 00aa2f09a..000000000 --- a/terraform/projects/app-router-backend/remote_state.tf +++ /dev/null @@ -1,104 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config = { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-router-backend/staging.blue.backend b/terraform/projects/app-router-backend/staging.blue.backend deleted file mode 100644 index 92d420ae3..000000000 --- a/terraform/projects/app-router-backend/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-router-backend.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-router-backend/user_data_snippets.tf b/terraform/projects/app-router-backend/user_data_snippets.tf deleted file mode 100644 index ef7b69bcf..000000000 --- a/terraform/projects/app-router-backend/user_data_snippets.tf +++ /dev/null @@ -1,16 +0,0 @@ -variable "user_data_snippets" { - type = list(any) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" {} - -# Generates user-data from a list of snippets. To concatenate the snippets, use: -# join("\n", null_resource.user_data[*].triggers.snippet) -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers = { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", var.esm_trusty_token) - } -} diff --git a/terraform/projects/app-router-backend/variables.tf b/terraform/projects/app-router-backend/variables.tf deleted file mode 100644 index b711c8bee..000000000 --- a/terraform/projects/app-router-backend/variables.tf +++ /dev/null @@ -1,71 +0,0 @@ -variable "aws_region" { - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - description = "Stackname" -} - -variable "aws_environment" { - description = "AWS Environment" -} - -variable "instance_ami_filter_name" { - description = "Name to use to find AMI images" - default = "" -} - -variable "router-backend_1_subnet" { - description = "Name of the subnet to place the Router Mongo 1" -} - -variable "router-backend_2_subnet" { - description = "Name of the subnet to place the Router Mongo 2" -} - -variable "router-backend_3_subnet" { - description = "Name of the subnet to place the Router Mongo 3" -} - -variable "router-backend_1_reserved_ips_subnet" { - description = "Name of the subnet to place the reserved IP of the instance" -} - -variable "router-backend_2_reserved_ips_subnet" { - description = "Name of the subnet to place the reserved IP of the instance" -} - -variable "router-backend_3_reserved_ips_subnet" { - description = "Name of the subnet to place the reserved IP of the instance" -} - -variable "router-backend_1_ip" { - description = "IP address of the private IP to assign to the instance" -} - -variable "router-backend_2_ip" { - description = "IP address of the private IP to assign to the instance" -} - -variable "router-backend_3_ip" { - description = "IP address of the private IP to assign to the instance" -} - -variable "remote_state_infra_database_backups_bucket_key_stack" { - description = "Override stackname path to infra_database_backups_bucket remote state" - default = "" -} - -variable "internal_zone_name" { - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "instance_type" { - description = "Instance type used for EC2 resources" - default = "t2.medium" -} diff --git a/terraform/projects/app-shared-documentdb/README.md b/terraform/projects/app-shared-documentdb/README.md deleted file mode 100644 index 5bec59741..000000000 --- a/terraform/projects/app-shared-documentdb/README.md +++ /dev/null @@ -1,72 +0,0 @@ -## Project: app-shared-documentdb - -Shared DocumentDB to support the following apps: - 1. asset-manager - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 0.12.31 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [aws_docdb_cluster.cluster](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/docdb_cluster) | resource | -| [aws_docdb_cluster_instance.cluster_instances](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/docdb_cluster_instance) | resource | -| [aws_docdb_cluster_parameter_group.parameter_group](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/docdb_cluster_parameter_group) | resource | -| [aws_docdb_subnet_group.cluster_subnet](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/docdb_subnet_group) | resource | -| [aws_route53_record.share-documentdb_internal_service_cname](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [backup\_retention\_period](#input\_backup\_retention\_period) | Retention period in days for DocumentDB automatic snapshots | `string` | `"1"` | no | -| [instance\_count](#input\_instance\_count) | Instance count used for DocumentDB resources | `string` | `"3"` | no | -| [instance\_type](#input\_instance\_type) | Instance type used for DocumentDB resources | `string` | `"db.r5.large"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [master\_password](#input\_master\_password) | Password of master user on DocumentDB cluster | `string` | n/a | yes | -| [master\_username](#input\_master\_username) | Username of master user on DocumentDB cluster | `string` | n/a | yes | -| [profiler](#input\_profiler) | Whether to log slow queries to CloudWatch. Must be either 'enabled' or 'disabled'. | `string` | `"enabled"` | no | -| [profiler\_threshold\_ms](#input\_profiler\_threshold\_ms) | Queries which take longer than this number of milliseconds are logged to CloudWatch if profiler is enabled. Minimum is 50. | `string` | `"300"` | no | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_key\_stack](#input\_remote\_state\_infra\_security\_key\_stack) | Override infra\_security stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [tls](#input\_tls) | Whether to enable or disable TLS for the DocumentDB cluster. Must be either 'enabled' or 'disabled'. | `string` | `"disabled"` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [shared\_documentdb\_endpoint](#output\_shared\_documentdb\_endpoint) | The endpoint of the shared DocumentDB | diff --git a/terraform/projects/app-shared-documentdb/integration.blue.backend b/terraform/projects/app-shared-documentdb/integration.blue.backend deleted file mode 100644 index b3d7ab989..000000000 --- a/terraform/projects/app-shared-documentdb/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-shared-documentdb.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-shared-documentdb/main.tf b/terraform/projects/app-shared-documentdb/main.tf deleted file mode 100644 index 379bf5791..000000000 --- a/terraform/projects/app-shared-documentdb/main.tf +++ /dev/null @@ -1,166 +0,0 @@ -/** -* ## Project: app-shared-documentdb -* -* Shared DocumentDB to support the following apps: -* 1. asset-manager -*/ -variable "aws_environment" { - type = string - description = "AWS environment" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "instance_type" { - type = string - description = "Instance type used for DocumentDB resources" - default = "db.r5.large" -} - -variable "instance_count" { - type = string - description = "Instance count used for DocumentDB resources" - default = "3" -} - -variable "master_username" { - type = string - description = "Username of master user on DocumentDB cluster" -} - -variable "master_password" { - type = string - description = "Password of master user on DocumentDB cluster" -} - -variable "tls" { - type = string - description = "Whether to enable or disable TLS for the DocumentDB cluster. Must be either 'enabled' or 'disabled'." - default = "disabled" -} - -variable "profiler" { - type = string - description = "Whether to log slow queries to CloudWatch. Must be either 'enabled' or 'disabled'." - default = "enabled" -} - -variable "profiler_threshold_ms" { - type = string - description = "Queries which take longer than this number of milliseconds are logged to CloudWatch if profiler is enabled. Minimum is 50." - default = "300" -} - -variable "backup_retention_period" { - type = string - description = "Retention period in days for DocumentDB automatic snapshots" - default = "1" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "~> 0.12.31" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -resource "aws_docdb_cluster_instance" "cluster_instances" { - count = var.instance_count - identifier = "shared-documentdb-${count.index}" - cluster_identifier = aws_docdb_cluster.cluster.id - instance_class = var.instance_type - tags = aws_docdb_cluster.cluster.tags -} - -resource "aws_docdb_subnet_group" "cluster_subnet" { - name = "shared-documentdb-${var.aws_environment}" - subnet_ids = data.terraform_remote_state.infra_networking.outputs.private_subnet_ids -} - -resource "aws_docdb_cluster_parameter_group" "parameter_group" { - family = "docdb3.6" - name = "shared-documentdb-parameter-group" - description = "Shared DocumentDB cluster parameter group" - - parameter { - name = "tls" - value = var.tls - } - - parameter { - name = "profiler" - value = var.profiler - } - - parameter { - name = "profiler_threshold_ms" - value = var.profiler_threshold_ms - } -} - -resource "aws_docdb_cluster" "cluster" { - cluster_identifier = "shared-documentdb-${var.aws_environment}" - availability_zones = ["eu-west-1a", "eu-west-1b", "eu-west-1c"] - db_subnet_group_name = aws_docdb_subnet_group.cluster_subnet.name - master_username = var.master_username - master_password = var.master_password - storage_encrypted = true - backup_retention_period = var.backup_retention_period - db_cluster_parameter_group_name = aws_docdb_cluster_parameter_group.parameter_group.name - kms_key_id = data.terraform_remote_state.infra_security.outputs.shared_documentdb_kms_key_arn - vpc_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.outputs.sg_shared_documentdb_id}"] - - # enabled_cloudwatch_logs_exports is ["profiler"] if profiling is enabled, otherwise []. - enabled_cloudwatch_logs_exports = slice("${list("profiler")}", 0, var.profiler == "enabled" ? 1 : 0) - - tags = { - Service = "shared documentdb" - Customer = "asset-manager" - Name = "shared-documentdb" - Source = "app-shared-documentdb" - } -} - -resource "aws_route53_record" "share-documentdb_internal_service_cname" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "shared-documentdb.${var.internal_domain_name}" - type = "CNAME" - ttl = 300 - records = ["${aws_docdb_cluster.cluster.endpoint}"] -} - -# Outputs -# -------------------------------------------------------------- -output "shared_documentdb_endpoint" { - value = aws_docdb_cluster.cluster.endpoint - description = "The endpoint of the shared DocumentDB" -} diff --git a/terraform/projects/app-shared-documentdb/production.blue.backend b/terraform/projects/app-shared-documentdb/production.blue.backend deleted file mode 100644 index 163f485e4..000000000 --- a/terraform/projects/app-shared-documentdb/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-shared-documentdb.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-shared-documentdb/remote_state.tf b/terraform/projects/app-shared-documentdb/remote_state.tf deleted file mode 100644 index 8e460df80..000000000 --- a/terraform/projects/app-shared-documentdb/remote_state.tf +++ /dev/null @@ -1,127 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_key_stack" { - type = string - description = "Override infra_security stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_security" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_security_key_stack, var.stackname)}/infra-security.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = "${var.aws_region}" - } -} diff --git a/terraform/projects/app-shared-documentdb/staging.blue.backend b/terraform/projects/app-shared-documentdb/staging.blue.backend deleted file mode 100644 index 835cb3aa8..000000000 --- a/terraform/projects/app-shared-documentdb/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-shared-documentdb.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-transition-db-admin/README.md b/terraform/projects/app-transition-db-admin/README.md deleted file mode 100644 index 222572ebb..000000000 --- a/terraform/projects/app-transition-db-admin/README.md +++ /dev/null @@ -1,73 +0,0 @@ -## Project: app-transition-db-admin - -DB admin boxes for Transition's RDS instance - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | = 0.11.15 | -| [aws](#requirement\_aws) | 2.46.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 2.46.0 | -| [null](#provider\_null) | n/a | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [alarms-autoscaling-transition-db-admin](#module\_alarms-autoscaling-transition-db-admin) | ../../modules/aws/alarms/autoscaling | n/a | -| [alarms-ec2-transition-db-admin](#module\_alarms-ec2-transition-db-admin) | ../../modules/aws/alarms/ec2 | n/a | -| [transition-db-admin](#module\_transition-db-admin) | ../../modules/aws/node_group | n/a | - -## Resources - -| Name | Type | -|------|------| -| [aws_elb.transition-db-admin_elb](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/elb) | resource | -| [aws_iam_role_policy_attachment.read_integration_transition-db-admin_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_production_transition-db-admin_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.read_staging_transition-db-admin_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_iam_role_policy_attachment.write_transition-db-admin_database_backups_iam_role_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/iam_role_policy_attachment) | resource | -| [aws_route53_record.transition_db_admin_service_record](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/resources/route53_record) | resource | -| [null_resource.user_data](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | -| [aws_route53_zone.internal](https://registry.terraform.io/providers/hashicorp/aws/2.46.0/docs/data-sources/route53_zone) | data source | -| [terraform_remote_state.infra_database_backups_bucket](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [esm\_trusty\_token](#input\_esm\_trusty\_token) | n/a | `string` | n/a | yes | -| [instance\_type](#input\_instance\_type) | Instance type used for EC2 resources | `string` | `"t2.medium"` | no | -| [internal\_domain\_name](#input\_internal\_domain\_name) | The domain name of the internal DNS records, it could be different from the zone name | `string` | n/a | yes | -| [internal\_zone\_name](#input\_internal\_zone\_name) | The name of the Route53 zone that contains internal records | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_database\_backups\_bucket\_key\_stack](#input\_remote\_state\_infra\_database\_backups\_bucket\_key\_stack) | Override stackname path to infra\_database\_backups\_bucket remote state | `string` | `""` | no | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | -| [user\_data\_snippets](#input\_user\_data\_snippets) | List of user-data snippets | `list(string)` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [transition-db-admin\_elb\_dns\_name](#output\_transition-db-admin\_elb\_dns\_name) | DNS name to access the transition-db-admin service | diff --git a/terraform/projects/app-transition-db-admin/integration.blue.backend b/terraform/projects/app-transition-db-admin/integration.blue.backend deleted file mode 100644 index 9d94dfb9c..000000000 --- a/terraform/projects/app-transition-db-admin/integration.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "blue/app-transition-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-transition-db-admin/main.tf b/terraform/projects/app-transition-db-admin/main.tf deleted file mode 100644 index 7c2a661f2..000000000 --- a/terraform/projects/app-transition-db-admin/main.tf +++ /dev/null @@ -1,183 +0,0 @@ -/** -* ## Project: app-transition-db-admin -* -* DB admin boxes for Transition's RDS instance -*/ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "remote_state_infra_database_backups_bucket_key_stack" { - type = string - description = "Override stackname path to infra_database_backups_bucket remote state" - default = "" -} - -variable "internal_zone_name" { - type = string - description = "The name of the Route53 zone that contains internal records" -} - -variable "internal_domain_name" { - type = string - description = "The domain name of the internal DNS records, it could be different from the zone name" -} - -variable "instance_type" { - type = string - description = "Instance type used for EC2 resources" - default = "t2.medium" -} - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "= 0.11.15" -} - -provider "aws" { - region = var.aws_region - version = "2.46.0" -} - -data "aws_route53_zone" "internal" { - name = var.internal_zone_name - private_zone = true -} - -resource "aws_elb" "transition-db-admin_elb" { - name = "${var.stackname}-transition-db-admin" - subnets = ["${data.terraform_remote_state.infra_networking.private_subnet_ids}"] - security_groups = ["${data.terraform_remote_state.infra_security_groups.sg_transition-db-admin_elb_id}"] - internal = "true" - - access_logs { - bucket = data.terraform_remote_state.infra_monitoring.aws_logging_bucket_id - bucket_prefix = "elb/${var.stackname}-transition-db-admin-internal-elb" - interval = 60 - } - - listener { - instance_port = 22 - instance_protocol = "tcp" - lb_port = 22 - lb_protocol = "tcp" - } - - health_check { - healthy_threshold = 2 - unhealthy_threshold = 2 - timeout = 3 - - target = "TCP:22" - interval = 30 - } - - cross_zone_load_balancing = true - idle_timeout = 400 - connection_draining = true - connection_draining_timeout = 400 - - tags = "${map("Name", "${var.stackname}-transition-db-admin", "Project", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "transition_db_admin")}" -} - -module "transition-db-admin" { - source = "../../modules/aws/node_group" - name = "${var.stackname}-transition-db-admin" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "transition_db_admin", "aws_hostname", "transition-db-admin-1")}" - instance_subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_ids - instance_security_group_ids = ["${data.terraform_remote_state.infra_security_groups.sg_transition-db-admin_id}", "${data.terraform_remote_state.infra_security_groups.sg_management_id}"] - instance_type = var.instance_type - instance_additional_user_data = join("\n", null_resource.user_data.*.triggers.snippet) - instance_elb_ids_length = "1" - instance_elb_ids = ["${aws_elb.transition-db-admin_elb.id}"] - asg_max_size = "1" - asg_min_size = "1" - asg_desired_capacity = "1" - asg_notification_topic_arn = data.terraform_remote_state.infra_monitoring.sns_topic_autoscaling_group_events_arn - root_block_device_volume_size = "64" -} - -resource "aws_route53_record" "transition_db_admin_service_record" { - zone_id = data.aws_route53_zone.internal.zone_id - name = "transition-db-admin.${var.internal_domain_name}" - type = "A" - - alias { - name = aws_elb.transition-db-admin_elb.dns_name - zone_id = aws_elb.transition-db-admin_elb.zone_id - evaluate_target_health = true - } -} - -module "alarms-autoscaling-transition-db-admin" { - source = "../../modules/aws/alarms/autoscaling" - name_prefix = "${var.stackname}-transition-db-admin" - autoscaling_group_name = module.transition-db-admin.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - groupinserviceinstances_threshold = "1" -} - -module "alarms-ec2-transition-db-admin" { - source = "../../modules/aws/alarms/ec2" - name_prefix = "${var.stackname}-transition-db-admin" - autoscaling_group_name = module.transition-db-admin.autoscaling_group_name - alarm_actions = ["${data.terraform_remote_state.infra_monitoring.sns_topic_cloudwatch_alarms_arn}"] - cpuutilization_threshold = "85" -} - -data "terraform_remote_state" "infra_database_backups_bucket" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_database_backups_bucket_key_stack, var.stackname)}/infra-database-backups-bucket.tfstate" - region = var.aws_region - } -} - -resource "aws_iam_role_policy_attachment" "write_transition-db-admin_database_backups_iam_role_policy_attachment" { - count = 1 - role = module.transition-db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.transition_dbadmin_write_database_backups_bucket_policy_arn -} - -# Non-production environments should be able to read the database backups from production to pull data for syncing. -resource "aws_iam_role_policy_attachment" "read_production_transition-db-admin_database_backups_iam_role_policy_attachment" { - count = var.aws_environment != "production" ? 1 : 0 - role = module.transition-db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.production_transition_dbadmin_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "read_integration_transition-db-admin_database_backups_iam_role_policy_attachment" { - count = var.aws_environment == "integration" ? 1 : 0 - role = module.transition-db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.integration_transition_dbadmin_read_database_backups_bucket_policy_arn -} - -resource "aws_iam_role_policy_attachment" "read_staging_transition-db-admin_database_backups_iam_role_policy_attachment" { - count = (var.aws_environment == "staging") || (var.aws_environment == "production") ? 1 : 0 - role = module.transition-db-admin.instance_iam_role_name - policy_arn = data.terraform_remote_state.infra_database_backups_bucket.staging_transition_dbadmin_read_database_backups_bucket_policy_arn -} - -# Outputs -# -------------------------------------------------------------- - -output "transition-db-admin_elb_dns_name" { - value = aws_elb.transition-db-admin_elb.dns_name - description = "DNS name to access the transition-db-admin service" -} diff --git a/terraform/projects/app-transition-db-admin/production.blue.backend b/terraform/projects/app-transition-db-admin/production.blue.backend deleted file mode 100644 index 73dd78ae6..000000000 --- a/terraform/projects/app-transition-db-admin/production.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "blue/app-transition-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-transition-db-admin/remote_state.tf b/terraform/projects/app-transition-db-admin/remote_state.tf deleted file mode 100644 index 7e9222d71..000000000 --- a/terraform/projects/app-transition-db-admin/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = var.aws_region - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config { - bucket = var.remote_state_bucket - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = var.aws_region - } -} diff --git a/terraform/projects/app-transition-db-admin/staging.blue.backend b/terraform/projects/app-transition-db-admin/staging.blue.backend deleted file mode 100644 index 46c579754..000000000 --- a/terraform/projects/app-transition-db-admin/staging.blue.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "blue/app-transition-db-admin.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/app-transition-db-admin/user_data_snippets.tf b/terraform/projects/app-transition-db-admin/user_data_snippets.tf deleted file mode 100644 index 9d921788c..000000000 --- a/terraform/projects/app-transition-db-admin/user_data_snippets.tf +++ /dev/null @@ -1,29 +0,0 @@ -# == Manifest: ::user-data -# -# This file is generated by generate-user-data-boiler-plate.sh. DO NOT EDIT -# -# Generate user-data from a list of snippets. -# -# To concatenate the snippets, use: -# ${join("\n", null_resource.user_data.*.triggers.snippet)} -# - -variable "user_data_snippets" { - type = list(string) - description = "List of user-data snippets" -} - -variable "esm_trusty_token" { - type = string -} - -# Resources -# -------------------------------------------------------------- - -resource "null_resource" "user_data" { - count = length(var.user_data_snippets) - - triggers { - snippet = replace(file("../../userdata/${element(var.user_data_snippets, count.index)}"), "ESM_TRUSTY_TOKEN", "${var.esm_trusty_token}") - } -} diff --git a/terraform/projects/fastly-datagovuk/README.md b/terraform/projects/fastly-datagovuk/README.md deleted file mode 100644 index 66feccf31..000000000 --- a/terraform/projects/fastly-datagovuk/README.md +++ /dev/null @@ -1,59 +0,0 @@ -## Project: fastly-datagovuk - -Manages the Fastly service for data.gov.uk - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | ~> 0.12.31 | -| [fastly](#requirement\_fastly) | ~> 0.26.0 | - -## Providers - -| Name | Version | -|------|---------| -| [external](#provider\_external) | n/a | -| [fastly](#provider\_fastly) | ~> 0.26.0 | -| [terraform](#provider\_terraform) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [fastly_service_v1.datagovuk](https://registry.terraform.io/providers/hashicorp/fastly/latest/docs/resources/service_v1) | resource | -| [external_external.fastly](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | -| [terraform_remote_state.infra_monitoring](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_networking](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_root_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_security_groups](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_stack_dns_zones](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | -| [terraform_remote_state.infra_vpc](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/data-sources/remote_state) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [aws\_environment](#input\_aws\_environment) | AWS Environment | `string` | n/a | yes | -| [aws\_region](#input\_aws\_region) | AWS region | `string` | `"eu-west-1"` | no | -| [backend\_domain](#input\_backend\_domain) | The domain of the data.gov.uk PaaS instance to forward requests to | `string` | n/a | yes | -| [domain](#input\_domain) | The domain of the data.gov.uk service to manage | `string` | n/a | yes | -| [fastly\_api\_key](#input\_fastly\_api\_key) | API key to authenticate with Fastly | `string` | n/a | yes | -| [logging\_aws\_access\_key\_id](#input\_logging\_aws\_access\_key\_id) | IAM key ID with access to put logs into the S3 bucket | `string` | n/a | yes | -| [logging\_aws\_secret\_access\_key](#input\_logging\_aws\_secret\_access\_key) | IAM secret key with access to put logs into the S3 bucket | `string` | n/a | yes | -| [remote\_state\_bucket](#input\_remote\_state\_bucket) | S3 bucket we store our terraform state in | `string` | n/a | yes | -| [remote\_state\_infra\_monitoring\_key\_stack](#input\_remote\_state\_infra\_monitoring\_key\_stack) | Override stackname path to infra\_monitoring remote state | `string` | `""` | no | -| [remote\_state\_infra\_networking\_key\_stack](#input\_remote\_state\_infra\_networking\_key\_stack) | Override infra\_networking remote state path | `string` | `""` | no | -| [remote\_state\_infra\_root\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_root\_dns\_zones\_key\_stack) | Override stackname path to infra\_root\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_security\_groups\_key\_stack](#input\_remote\_state\_infra\_security\_groups\_key\_stack) | Override infra\_security\_groups stackname path to infra\_vpc remote state | `string` | `""` | no | -| [remote\_state\_infra\_stack\_dns\_zones\_key\_stack](#input\_remote\_state\_infra\_stack\_dns\_zones\_key\_stack) | Override stackname path to infra\_stack\_dns\_zones remote state | `string` | `""` | no | -| [remote\_state\_infra\_vpc\_key\_stack](#input\_remote\_state\_infra\_vpc\_key\_stack) | Override infra\_vpc remote state path | `string` | `""` | no | -| [stackname](#input\_stackname) | Stackname | `string` | n/a | yes | - -## Outputs - -No outputs. diff --git a/terraform/projects/fastly-datagovuk/datagovuk.vcl b/terraform/projects/fastly-datagovuk/datagovuk.vcl deleted file mode 100644 index bb43611d5..000000000 --- a/terraform/projects/fastly-datagovuk/datagovuk.vcl +++ /dev/null @@ -1,123 +0,0 @@ -acl purge_ip_whitelist { - "18.202.183.143"; # AWS NAT GW1 Staging - "18.203.90.80"; # AWS NAT GW2 Staging - "18.203.108.248"; # AWS NAT GW3 Staging - "34.246.209.74"; # AWS NAT GW1 Production - "34.253.57.8"; # AWS NAT GW2 Production - "18.202.136.43"; # AWS NAT GW3 Production - "54.246.115.159"; # EKS Staging NAT gateways - "54.220.171.242"; - "54.228.115.164"; - "63.33.241.191"; # EKS Production NAT gateways - "52.208.193.230"; - "54.220.6.200"; -} - -sub vcl_recv { -#FASTLY recv - - # Allow FASTLYPURGE from IPs defined in the ACL only, else return a HTTP 403 - if (req.request == "FASTLYPURGE" && !(client.ip ~ purge_ip_whitelist)) { - error 403 "Forbidden"; - } - - # Redirect to security.txt for "/.well-known/security.txt" or "/security.txt" - if (req.url.path ~ "(?i)^(?:/\.well[-_]known)?/security\.txt$") { - error 805 "security.txt"; - } - - # Remove any Google Analytics campaign params - set req.url = querystring.globfilter(req.url, "utm_*"); - - # Sort query params (improve cache hit rate) - set req.url = querystring.sort(req.url); - - if (req.url.path == "/") { - # get rid of all query parameters - set req.url = querystring.remove(req.url); - } - - if (req.method != "HEAD" && req.method != "GET" && req.method != "FASTLYPURGE") { - return(pass); - } - - return(lookup); -} - -sub vcl_fetch { -#FASTLY fetch - - if ((beresp.status == 500 || beresp.status == 503) && req.restarts < 1 && (req.method == "GET" || req.method == "HEAD")) { - restart; - } - - if (req.restarts > 0) { - set beresp.http.Fastly-Restarts = req.restarts; - } - - if (beresp.http.Set-Cookie) { - set req.http.Fastly-Cachetype = "SETCOOKIE"; - return(pass); - } - - if (beresp.http.Cache-Control ~ "private") { - set req.http.Fastly-Cachetype = "PRIVATE"; - return(pass); - } - - if (beresp.status == 500 || beresp.status == 503) { - set req.http.Fastly-Cachetype = "ERROR"; - set beresp.ttl = 1s; - set beresp.grace = 5s; - return(deliver); - } - - if (beresp.http.Expires || beresp.http.Surrogate-Control ~ "max-age" || beresp.http.Cache-Control ~ "(s-maxage|max-age)") { - # keep the ttl here - } else { - # apply the default ttl - set beresp.ttl = 3600s; - } - - return(deliver); -} - -sub vcl_hit { -#FASTLY hit - - if (!obj.cacheable) { - return(pass); - } - return(deliver); -} - -sub vcl_miss { -#FASTLY miss - return(fetch); -} - -sub vcl_deliver { -#FASTLY deliver - return(deliver); -} - -sub vcl_error { -#FASTLY error - - # 302 redirect to vdp.cabinetoffice.gov.uk called from vcl_recv. - if (obj.status == 805) { - set obj.status = 302; - set obj.http.Location = "https://vdp.cabinetoffice.gov.uk/.well-known/security.txt"; - set obj.response = "Moved"; - synthetic {""}; - return (deliver); - } -} - -sub vcl_pass { -#FASTLY pass -} - -sub vcl_log { -#FASTLY log -} diff --git a/terraform/projects/fastly-datagovuk/datagovuk.vcl.tmp b/terraform/projects/fastly-datagovuk/datagovuk.vcl.tmp deleted file mode 100644 index 4023e0f43..000000000 --- a/terraform/projects/fastly-datagovuk/datagovuk.vcl.tmp +++ /dev/null @@ -1,97 +0,0 @@ -acl purge_ip_whitelist { - "37.26.93.252"; # Skyscape mirrors - "31.210.241.100"; # Carrenza mirrors - "31.210.245.70"; # Carrenza Staging - "18.202.183.143"; # AWS NAT GW1 Staging - "18.203.90.80"; # AWS NAT GW2 Staging - "18.203.108.248"; # AWS NAT GW3 Staging - "31.210.245.86"; # Carrenza Production - "34.246.209.74"; # AWS NAT GW1 Production - "34.253.57.8"; # AWS NAT GW2 Production - "18.202.136.43"; # AWS NAT GW3 Production - <%= fastly_cache_node_subnets %> -} - -sub vcl_recv { -#FASTLY recv - - # Allow FASTLYPURGE from IPs defined in the ACL only, else return a HTTP 403 - if (req.request == "FASTLYPURGE" && !(client.ip ~ purge_ip_whitelist)) { - error 403 "Forbidden"; - } - - if (req.method != "HEAD" && req.method != "GET" && req.method != "FASTLYPURGE") { - return(pass); - } - - return(lookup); -} - -sub vcl_fetch { -#FASTLY fetch - - if ((beresp.status == 500 || beresp.status == 503) && req.restarts < 1 && (req.method == "GET" || req.method == "HEAD")) { - restart; - } - - if (req.restarts > 0) { - set beresp.http.Fastly-Restarts = req.restarts; - } - - if (beresp.http.Set-Cookie) { - set req.http.Fastly-Cachetype = "SETCOOKIE"; - return(pass); - } - - if (beresp.http.Cache-Control ~ "private") { - set req.http.Fastly-Cachetype = "PRIVATE"; - return(pass); - } - - if (beresp.status == 500 || beresp.status == 503) { - set req.http.Fastly-Cachetype = "ERROR"; - set beresp.ttl = 1s; - set beresp.grace = 5s; - return(deliver); - } - - if (beresp.http.Expires || beresp.http.Surrogate-Control ~ "max-age" || beresp.http.Cache-Control ~ "(s-maxage|max-age)") { - # keep the ttl here - } else { - # apply the default ttl - set beresp.ttl = 3600s; - } - - return(deliver); -} - -sub vcl_hit { -#FASTLY hit - - if (!obj.cacheable) { - return(pass); - } - return(deliver); -} - -sub vcl_miss { -#FASTLY miss - return(fetch); -} - -sub vcl_deliver { -#FASTLY deliver - return(deliver); -} - -sub vcl_error { -#FASTLY error -} - -sub vcl_pass { -#FASTLY pass -} - -sub vcl_log { -#FASTLY log -} diff --git a/terraform/projects/fastly-datagovuk/datagovuk.vcle b/terraform/projects/fastly-datagovuk/datagovuk.vcle deleted file mode 100644 index 4023e0f43..000000000 --- a/terraform/projects/fastly-datagovuk/datagovuk.vcle +++ /dev/null @@ -1,97 +0,0 @@ -acl purge_ip_whitelist { - "37.26.93.252"; # Skyscape mirrors - "31.210.241.100"; # Carrenza mirrors - "31.210.245.70"; # Carrenza Staging - "18.202.183.143"; # AWS NAT GW1 Staging - "18.203.90.80"; # AWS NAT GW2 Staging - "18.203.108.248"; # AWS NAT GW3 Staging - "31.210.245.86"; # Carrenza Production - "34.246.209.74"; # AWS NAT GW1 Production - "34.253.57.8"; # AWS NAT GW2 Production - "18.202.136.43"; # AWS NAT GW3 Production - <%= fastly_cache_node_subnets %> -} - -sub vcl_recv { -#FASTLY recv - - # Allow FASTLYPURGE from IPs defined in the ACL only, else return a HTTP 403 - if (req.request == "FASTLYPURGE" && !(client.ip ~ purge_ip_whitelist)) { - error 403 "Forbidden"; - } - - if (req.method != "HEAD" && req.method != "GET" && req.method != "FASTLYPURGE") { - return(pass); - } - - return(lookup); -} - -sub vcl_fetch { -#FASTLY fetch - - if ((beresp.status == 500 || beresp.status == 503) && req.restarts < 1 && (req.method == "GET" || req.method == "HEAD")) { - restart; - } - - if (req.restarts > 0) { - set beresp.http.Fastly-Restarts = req.restarts; - } - - if (beresp.http.Set-Cookie) { - set req.http.Fastly-Cachetype = "SETCOOKIE"; - return(pass); - } - - if (beresp.http.Cache-Control ~ "private") { - set req.http.Fastly-Cachetype = "PRIVATE"; - return(pass); - } - - if (beresp.status == 500 || beresp.status == 503) { - set req.http.Fastly-Cachetype = "ERROR"; - set beresp.ttl = 1s; - set beresp.grace = 5s; - return(deliver); - } - - if (beresp.http.Expires || beresp.http.Surrogate-Control ~ "max-age" || beresp.http.Cache-Control ~ "(s-maxage|max-age)") { - # keep the ttl here - } else { - # apply the default ttl - set beresp.ttl = 3600s; - } - - return(deliver); -} - -sub vcl_hit { -#FASTLY hit - - if (!obj.cacheable) { - return(pass); - } - return(deliver); -} - -sub vcl_miss { -#FASTLY miss - return(fetch); -} - -sub vcl_deliver { -#FASTLY deliver - return(deliver); -} - -sub vcl_error { -#FASTLY error -} - -sub vcl_pass { -#FASTLY pass -} - -sub vcl_log { -#FASTLY log -} diff --git a/terraform/projects/fastly-datagovuk/fastly.sh b/terraform/projects/fastly-datagovuk/fastly.sh deleted file mode 100644 index 660dcd0ff..000000000 --- a/terraform/projects/fastly-datagovuk/fastly.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash - -set -e - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" - -# TODO: FIXME -# shellcheck disable=SC2207 -fastly_raw_ips=( $(curl https://api.fastly.com/public-ip-list 2>/dev/null | jq -r ".addresses[]") ) - -fastly_ips_snippet="" - -for cidrip in "${fastly_raw_ips[@]}" -do - ipstr=$(echo "${cidrip}" | awk -F "/" '{ print("\\\""$1"\\\"""/"$2) }') - fastly_ips_snippet="${fastly_ips_snippet}"$(printf "%-22s %s" "${ipstr}\;" "\# Fastly cache node\n ") -done - -cp "${DIR}/datagovuk.vcl.tmp" "${DIR}/datagovuk.vcl" - -sed -ie "s@<%= fastly_cache_node_subnets %>@${fastly_ips_snippet}@g" "${DIR}/datagovuk.vcl" - -echo '{"fastly":"datagovuk.vcl"}' diff --git a/terraform/projects/fastly-datagovuk/integration.govuk.backend b/terraform/projects/fastly-datagovuk/integration.govuk.backend deleted file mode 100644 index c81f5306f..000000000 --- a/terraform/projects/fastly-datagovuk/integration.govuk.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-integration" -key = "govuk/fastly-datagovuk.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/fastly-datagovuk/main.tf b/terraform/projects/fastly-datagovuk/main.tf deleted file mode 100644 index eb13f7237..000000000 --- a/terraform/projects/fastly-datagovuk/main.tf +++ /dev/null @@ -1,135 +0,0 @@ -/** -* ## Project: fastly-datagovuk -* -* Manages the Fastly service for data.gov.uk -*/ - -# Resources -# -------------------------------------------------------------- -terraform { - backend "s3" {} - required_version = "~> 0.12.31" -} - -provider "fastly" { - api_key = var.fastly_api_key - version = "~> 0.26.0" -} - -data "external" "fastly" { - program = ["/bin/bash", "${path.module}/fastly.sh"] -} - -resource "fastly_service_v1" "datagovuk" { - name = "${title(var.aws_environment)} data.gov.uk" - - domain { - name = var.domain - } - - domain { - name = "www.${var.domain}" - } - - backend { - name = "cname ${var.backend_domain}" - address = var.backend_domain - port = "443" - use_ssl = true - auto_loadbalance = false - first_byte_timeout = 120000 - ssl_check_cert = false - } - - backend { - name = "cname dfe-app1.codeenigma.net" - address = "dfe-app1.codeenigma.net" - port = "443" - use_ssl = true - auto_loadbalance = false - first_byte_timeout = 120000 - ssl_check_cert = false - request_condition = "education_standards" - } - - vcl { - name = "datagovuk_vcl" - content = file(data.external.fastly.result.fastly) - main = true - } - - condition { - name = "education_standards" - type = "REQUEST" - statement = "req.url ~ \"^/education-standards\"" - } - - header { - name = "education_standards_url" - action = "set" - type = "request" - destination = "url" - source = "regsub(req.url, \"^/education-standards\", \"\")" - request_condition = "education_standards" - } - - header { - name = "education_standards_host" - action = "set" - type = "request" - destination = "http.host" - source = "\"dfe-app1.codeenigma.net\"" - request_condition = "education_standards" - } - - request_setting { - name = "Force TLS" - force_ssl = true - } - - s3logging { - # Apache log format documentation: https://www.loggly.com/ultimate-guide/apache-logging-basics/ - format = "%h\\t%%{%Y-%m-%d %H:%M:%S}t.%%{msec_frac}t\\t%m\\t%U%q\\t%>s\\t%B\\t%%{tls.client.protocol}V\\t%%{fastly_info.state}V\\t%%{Referer}i\\t%%{User-Agent}i" - bucket_name = "govuk-${var.aws_environment}-fastly-logs" - domain = "s3-eu-west-1.amazonaws.com" - format_version = "2" - gzip_level = "9" - message_type = "blank" - name = "s3-dgu-logging" - path = "datagovuk/" - period = "600" - redundancy = "standard" - response_condition = "" - s3_access_key = var.logging_aws_access_key_id - s3_secret_key = var.logging_aws_secret_access_key - timestamp_format = "" - } - - # The next four blocks handle the data.gov.uk -> www.data.gov.uk redirect - condition { - name = "${var.domain} to www.${var.domain} redirect request condition" - statement = "req.http.host == \"${var.domain}\"" - type = "REQUEST" - } - - response_object { - name = "${var.domain} to www.${var.domain} redirect synthetic response" - status = 301 - request_condition = "${var.domain} to www.${var.domain} redirect request condition" - } - - condition { - name = "${var.domain} to www.${var.domain} redirect response condition" - statement = "req.http.host == \"${var.domain}\" && resp.status == 301" - type = "RESPONSE" - } - - header { - name = "${var.domain} to www.${var.domain} redirect location header" - action = "set" - type = "response" - destination = "http.Location" - source = "\"https://www.${var.domain}\" + req.url" - response_condition = "${var.domain} to www.${var.domain} redirect response condition" - } -} diff --git a/terraform/projects/fastly-datagovuk/production.govuk.backend b/terraform/projects/fastly-datagovuk/production.govuk.backend deleted file mode 100644 index 09341c252..000000000 --- a/terraform/projects/fastly-datagovuk/production.govuk.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-production" -key = "govuk/fastly-datagovuk.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/fastly-datagovuk/remote_state.tf b/terraform/projects/fastly-datagovuk/remote_state.tf deleted file mode 100644 index 9663ef63f..000000000 --- a/terraform/projects/fastly-datagovuk/remote_state.tf +++ /dev/null @@ -1,111 +0,0 @@ -/** -* ## Manifest: remote_state -* -* This file is generated by generate-remote-state-boiler-plate.sh. DO NOT EDIT -* -* Create infrastructure data resources -*/ - -variable "remote_state_bucket" { - type = string - description = "S3 bucket we store our terraform state in" -} - -variable "remote_state_infra_vpc_key_stack" { - type = string - description = "Override infra_vpc remote state path" - default = "" -} - -variable "remote_state_infra_networking_key_stack" { - type = string - description = "Override infra_networking remote state path" - default = "" -} - -variable "remote_state_infra_security_groups_key_stack" { - type = string - description = "Override infra_security_groups stackname path to infra_vpc remote state " - default = "" -} - -variable "remote_state_infra_root_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_root_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_stack_dns_zones_key_stack" { - type = string - description = "Override stackname path to infra_stack_dns_zones remote state " - default = "" -} - -variable "remote_state_infra_monitoring_key_stack" { - type = string - description = "Override stackname path to infra_monitoring remote state " - default = "" -} - -# Resources -# -------------------------------------------------------------- - -data "terraform_remote_state" "infra_vpc" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_vpc_key_stack, var.stackname)}/infra-vpc.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_networking" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_networking_key_stack, var.stackname)}/infra-networking.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_security_groups" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_security_groups_key_stack, var.stackname)}/infra-security-groups.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_root_dns_zones" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_root_dns_zones_key_stack, var.stackname)}/infra-root-dns-zones.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_stack_dns_zones" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_stack_dns_zones_key_stack, var.stackname)}/infra-stack-dns-zones.tfstate" - region = "${var.aws_region}" - } -} - -data "terraform_remote_state" "infra_monitoring" { - backend = "s3" - - config = { - bucket = "${var.remote_state_bucket}" - key = "${coalesce(var.remote_state_infra_monitoring_key_stack, var.stackname)}/infra-monitoring.tfstate" - region = "${var.aws_region}" - } -} diff --git a/terraform/projects/fastly-datagovuk/staging.govuk.backend b/terraform/projects/fastly-datagovuk/staging.govuk.backend deleted file mode 100644 index cfbcbfb58..000000000 --- a/terraform/projects/fastly-datagovuk/staging.govuk.backend +++ /dev/null @@ -1,4 +0,0 @@ -bucket = "govuk-terraform-steppingstone-staging" -key = "govuk/fastly-datagovuk.tfstate" -encrypt = true -region = "eu-west-1" diff --git a/terraform/projects/fastly-datagovuk/variables.tf b/terraform/projects/fastly-datagovuk/variables.tf deleted file mode 100644 index dd4d3ae9d..000000000 --- a/terraform/projects/fastly-datagovuk/variables.tf +++ /dev/null @@ -1,40 +0,0 @@ -variable "aws_region" { - type = string - description = "AWS region" - default = "eu-west-1" -} - -variable "stackname" { - type = string - description = "Stackname" -} - -variable "aws_environment" { - type = string - description = "AWS Environment" -} - -variable "fastly_api_key" { - type = string - description = "API key to authenticate with Fastly" -} - -variable "logging_aws_access_key_id" { - type = string - description = "IAM key ID with access to put logs into the S3 bucket" -} - -variable "logging_aws_secret_access_key" { - type = string - description = "IAM secret key with access to put logs into the S3 bucket" -} - -variable "domain" { - type = string - description = "The domain of the data.gov.uk service to manage" -} - -variable "backend_domain" { - type = string - description = "The domain of the data.gov.uk PaaS instance to forward requests to" -} From 1d00236833e7613ef6cf57bfd25fa57df5990a23 Mon Sep 17 00:00:00 2001 From: Sam Simpson Date: Wed, 6 Mar 2024 10:54:12 +0000 Subject: [PATCH 2/2] Fix formatting to shut the linter up --- .../app-transition-postgresql/main.tf | 2 +- terraform/projects/infra-fastly-logs/main.tf | 82 +++++++++---------- .../projects/infra-public-services/main.tf | 4 +- terraform/projects/infra-vpc/main.tf | 2 +- 4 files changed, 45 insertions(+), 45 deletions(-) diff --git a/terraform/projects/app-transition-postgresql/main.tf b/terraform/projects/app-transition-postgresql/main.tf index 093012b99..5cf00b0b4 100644 --- a/terraform/projects/app-transition-postgresql/main.tf +++ b/terraform/projects/app-transition-postgresql/main.tf @@ -115,7 +115,7 @@ module "transition-postgresql-primary_rds_instance" { name = "${var.stackname}-transition-postgresql-primary" engine_name = "postgres" engine_version = "13" - default_tags = "${map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "transition_postgresql_primary")}" + default_tags = map("Project", var.stackname, "aws_stackname", var.stackname, "aws_environment", var.aws_environment, "aws_migration", "transition_postgresql_primary") subnet_ids = data.terraform_remote_state.infra_networking.private_subnet_rds_ids username = var.username password = var.password diff --git a/terraform/projects/infra-fastly-logs/main.tf b/terraform/projects/infra-fastly-logs/main.tf index 2334e5012..12f8dedd4 100644 --- a/terraform/projects/infra-fastly-logs/main.tf +++ b/terraform/projects/infra-fastly-logs/main.tf @@ -4,18 +4,18 @@ * Manages the Fastly logging data which is sent from Fastly to S3. */ variable "aws_region" { - type = "string" + type = string description = "AWS region" default = "eu-west-1" } variable "aws_environment" { - type = "string" + type = string description = "AWS Environment" } variable "stackname" { - type = "string" + type = string description = "Stackname" } @@ -27,7 +27,7 @@ terraform { } provider "aws" { - region = "${var.aws_region}" + region = var.aws_region version = "5.21.0" } @@ -45,7 +45,7 @@ resource "aws_s3_bucket" "fastly_logs" { } logging { - target_bucket = "${data.terraform_remote_state.infra_monitoring.outputs.aws_logging_bucket_id}" + target_bucket = data.terraform_remote_state.infra_monitoring.outputs.aws_logging_bucket_id target_prefix = "s3/govuk-${var.aws_environment}-fastly-logs/" } @@ -65,18 +65,18 @@ resource "aws_iam_user" "logs_writer" { resource "aws_iam_policy" "logs_writer" { name = "fastly-logs-${var.aws_environment}-logs-writer-policy" - policy = "${data.template_file.logs_writer_policy_template.rendered}" + policy = data.template_file.logs_writer_policy_template.rendered description = "Allows writing to to the fastly-logs bucket" } resource "aws_iam_policy_attachment" "logs_writer" { name = "logs-writer-policy-attachment" users = ["${aws_iam_user.logs_writer.name}"] - policy_arn = "${aws_iam_policy.logs_writer.arn}" + policy_arn = aws_iam_policy.logs_writer.arn } data "template_file" "logs_writer_policy_template" { - template = "${file("${path.module}/../../policies/fastly_logs_writer_policy.tpl")}" + template = file("${path.module}/../../policies/fastly_logs_writer_policy.tpl") vars = { aws_environment = "${var.aws_environment}" @@ -91,7 +91,7 @@ resource "aws_glue_catalog_database" "fastly_logs" { resource "aws_iam_role_policy_attachment" "aws-glue-service-role-service-attachment" { policy_arn = "arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole" - role = "${aws_iam_role.glue.name}" + role = aws_iam_role.glue.name } resource "aws_iam_role" "glue" { @@ -118,7 +118,7 @@ EOF resource "aws_iam_role_policy" "fastly_logs_policy" { name = "govuk-${var.aws_environment}-fastly-logs-glue-policy" - role = "${aws_iam_role.glue.id}" + role = aws_iam_role.glue.id policy = <