To build, manage and deploy infrastructure to Azure, we use Terraform Cloud.
It is possible that you have already existing Terraform projects and have a build process for them. In that case, there's nothing special about the Terraform, though the backend may require extra configuration.
These instructions assume you have an already existing Azure account and subscription created. If this is not the case, you may need to go through that setup or liase with your ops team to get that.
You need to create a terraform organisation before you can set the required Terraform variables and environment variables on your Terraform app.
- Create a Terraform organisation (if you don't have one already)
You will need to create a Workspace in Terraform Cloud to store configuration and state.
The backend configuration expects this to be named like "nhs-virtual-visit-dev" but this is just nomenclature.
See Creating Workspaces on how to create a workspace.
The following are all variables that currently exist for the service.
Which ones you will need to set will depend on your requirements.
At minimum, you will need to set variables which do not have a default set.
| Variable Name | Default | Notes |
|---|---|---|
| environment | dev | This can be used to run multiple environments in the same subscription and is arbritary. |
| location | UK South | It is unlikely this will need to get changed, but the app can be hosted elsewhere. |
| subscription_id | Azure Subscription ID, if you don't know this, ask your ops team | |
| image_name | virtualvisits.azurecr.io/virtualvisits | This shouldn't need to be changed from default, where the docker image is stored |
| image_version | latest | This is set by CI/CD for dev, but will likely want to be pinned in production. |
| app_service_sku_tier | Basic | Tier of App Service |
| app_service_sku_size | B0 | Size of App Service |
| azure_sql_username | virtualvisits | Username of Azure SQL admin user |
| azure_sql_password | This should be a strong password to secure the database | |
| gov_notify_api_key | Gov Notify API Key created in Step 2 | |
| sms_initial_template_id | Created in Step 2 | |
| sms_join_template_id | Created in Step 2 | |
| sms_updated_visit_template_id | Created in Step 2 | |
| email_initial_template_id | Created in Step 2 | |
| email_join_template_id | Created in Step 2 | |
| email_updated_visit_template_id | Created in Step 2 | |
| email_reset_password_template_id | Created in Step 2 | |
| email_sign_up_template_id | Created in Step 2 | |
| email_sign_up_request_template_id | Created in Step 2 | |
| jwt_signing_key | A secure string used to sign JWTs | |
| whereby_api_key | WhereBy API key created in Step 6 | |
| whereby_subdomain | WhereBy Subdomain created in Step 6 | |
| datadog_api_key | DataDog API key created in Step 3, only if using DataDog | |
| valid_email_domains | nhs.uk,nhs.net | A comma separated list of allowed email domains |
| azure_sql_weekly_retention | P4W | How long to retain weekly backups, specified in ISO 8601 format |
| azure_sql_monthly_retention | P12M | How long to retain monthly backups, specified in ISO 8601 format |
| azure_sql_yearly_retention | P5Y | How long to retain yearly backups, specified in ISO 8601 format |
| azure_sql_week_of_year | 13 | Which week of the year are yearly backups taken |
| azure_sql_retention_days | 7 | How many days short-term backups are retained for |
| azure_sql_sku_name | Basic | Tier of Azure SQL database |
| azure_sql_max_size_gb | 2 | Maximum size of the database |
For Terraform to deploy to Azure, extra environment variables will need to be set, these are:
ARM_CLIENT_IDARM_CLIENT_SECRETARM_TENANT_ID
These will be from the Service Principal that Terraform will use to authenticate with Azure.
If you do not already have this, you will need to ask the administrator of your Azure Active Directory organisation to create a Service Principal with the necessary permissions to create and manage resources within a subscription.