Skip to content

Commit

Permalink
Merge pull request #8744 from ministryofjustice/date-1734002270
Browse files Browse the repository at this point in the history
New files for terraform/environments
  • Loading branch information
dms1981 authored Dec 12, 2024
2 parents 53c3ba5 + 1feaf9d commit 2ffb0ff
Show file tree
Hide file tree
Showing 9 changed files with 170 additions and 0 deletions.
14 changes: 14 additions & 0 deletions terraform/environments/youth-justice-app-framework/backend.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Backend
terraform {
# `backend` blocks do not support variables, so the following are hard-coded here:
# - S3 bucket name, which is created in modernisation-platform-account/s3.tf
backend "s3" {
acl = "bucket-owner-full-control"
bucket = "modernisation-platform-terraform-state"
encrypt = true
key = "terraform.tfstate"
region = "eu-west-2"
workspace_key_prefix = "environments/accounts/youth-justice-app-framework" # This will store the object as environments/accounts/youth-justice-app-framework/${workspace}/terraform.tfstate
dynamodb_table = "modernisation-platform-terraform-state-lock"
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
variable "networking" {

type = list(any)

}
4 changes: 4 additions & 0 deletions terraform/environments/youth-justice-app-framework/data.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Get the environments file from the main repository
data "http" "environments_file" {
url = "https://raw.githubusercontent.com/ministryofjustice/modernisation-platform/main/environments/${local.application_name}.json"
}
35 changes: 35 additions & 0 deletions terraform/environments/youth-justice-app-framework/locals.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
locals {

application_name = "youth-justice-app-framework"

environment_management = jsondecode(data.aws_secretsmanager_secret_version.environment_management.secret_string)

# This takes the name of the Terraform workspace (e.g. core-vpc-production), strips out the application name (e.g. core-vpc), and checks if
# the string leftover is `-production`, if it isn't (e.g. core-vpc-non-production => -non-production) then it sets the var to false.
is-production = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-production"
is-preproduction = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-preproduction"
is-test = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-test"
is-development = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-development"

# Merge tags from the environment json file with additional ones
tags = merge(
jsondecode(data.http.environments_file.response_body).tags,
{ "is-production" = local.is-production },
{ "environment-name" = terraform.workspace },
{ "source-code" = "https://github.com/ministryofjustice/modernisation-platform" }
)

environment = trimprefix(terraform.workspace, "${var.networking[0].application}-")
vpc_name = var.networking[0].business-unit
subnet_set = var.networking[0].set
vpc_all = "${local.vpc_name}-${local.environment}"
subnet_set_name = "${var.networking[0].business-unit}-${local.environment}-${var.networking[0].set}"

is_live = [substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-production" || substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-preproduction" ? "live" : "non-live"]
provider_name = "core-vpc-${local.environment}"

# environment specfic variables
# example usage:
# example_data = local.application_data.accounts[local.environment].example_var
application_data = fileexists("./application_variables.json") ? jsondecode(file("./application_variables.json")) : {}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
{
"networking": [
{
"business-unit": "",
"set": "",
"application": "youth-justice-app-framework"
}
]
}
33 changes: 33 additions & 0 deletions terraform/environments/youth-justice-app-framework/providers.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# AWS provider for the workspace you're working in (every resource will default to using this, unless otherwise specified)
provider "aws" {
region = "eu-west-2"
assume_role {
role_arn = "arn:aws:iam::${local.environment_management.account_ids[terraform.workspace]}:role/ModernisationPlatformAccess"
}
}

# AWS provider for the Modernisation Platform, to get things from there if required
provider "aws" {
alias = "modernisation-platform"
region = "eu-west-2"
}

# AWS provider for core-vpc-<environment>, to share VPCs into this account
provider "aws" {
alias = "core-vpc"
region = "eu-west-2"

assume_role {
role_arn = "arn:aws:iam::${local.environment_management.account_ids[local.provider_name]}:role/ModernisationPlatformAccess"
}
}

# AWS provider for core-network-services-production, to share VPCs into this account
provider "aws" {
alias = "core-network-services"
region = "eu-west-2"

assume_role {
role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/ModernisationPlatformAccess"
}
}
16 changes: 16 additions & 0 deletions terraform/environments/youth-justice-app-framework/secrets.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Get modernisation account id from ssm parameter
data "aws_ssm_parameter" "modernisation_platform_account_id" {
name = "modernisation_platform_account_id"
}

# Get secret by arn for environment management
data "aws_secretsmanager_secret" "environment_management" {
provider = aws.modernisation-platform
name = "environment_management"
}

# Get latest secret value with ID from above. This secret stores account IDs for the Modernisation Platform sub-accounts
data "aws_secretsmanager_secret_version" "environment_management" {
provider = aws.modernisation-platform
secret_id = data.aws_secretsmanager_secret.environment_management.id
}
41 changes: 41 additions & 0 deletions terraform/environments/youth-justice-app-framework/subnet_share.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
######## DO NOT EDIT - THIS FILE WILL BE OVERWRITTEN BY TERRAFORM #########

data "aws_caller_identity" "current" {}


module "ram-principal-association" {

count = (var.networking[0].set == "") ? 0 : 1

source = "../../modules/ram-principal-association"

providers = {
aws.share-acm = aws.core-network-services
aws.share-host = aws.core-vpc
aws.share-tenant = aws
}
principal = data.aws_caller_identity.current.account_id
vpc_name = var.networking[0].business-unit
subnet_set = var.networking[0].set
acm_pca = "acm-pca-${local.is_live[0]}"
environment = local.environment

}

#ram-ec2-retagging module
module "ram-ec2-retagging" {

count = (var.networking[0].set == "") ? 0 : 1


source = "../../modules/ram-ec2-retagging"
providers = {
aws.share-host = aws.core-vpc
aws.share-tenant = aws
}

vpc_name = "${var.networking[0].business-unit}-${local.environment}"
subnet_set = var.networking[0].set

depends_on = [module.ram-principal-association[0]]
}
13 changes: 13 additions & 0 deletions terraform/environments/youth-justice-app-framework/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
terraform {
required_providers {
aws = {
version = "~> 5.0"
source = "hashicorp/aws"
}
http = {
version = "~> 3.0"
source = "hashicorp/http"
}
}
required_version = "~> 1.0"
}

0 comments on commit 2ffb0ff

Please sign in to comment.