[EC-310] Revise terraform code structure to follow engineering standa…

…rd (#870) * feat: create bucket containing ai knowledge base * chore: applying newly introduced engineering standards for terraform repository structure * fix: formatted modules * fix: added missing providers to modules * fix: added missing providers to modules * fix: added missing providers to modules * feat: subdivided in cms, website and chatbot * fix: added moved.tf file containing the moves from old repo structure to the new * fix: update terraform lock * feat: returning name servers records as output * fix: some resources not moved correctly * fix: some resources not moved correctly * fix: moving production website certificate records * chore: changed modules folder from _modules to modules
pagopa · May 27, 2024 · d1d8fa9 · d1d8fa9
1 parent 4f6aebf
commit d1d8fa9
Show file tree

Hide file tree

Showing 50 changed files with 2,106 additions and 583 deletions.
diff --git a/apps/infrastructure/src/.terraform.lock.hcl b/apps/infrastructure/src/.terraform.lock.hcl
diff --git a/apps/infrastructure/src/ecs.tf b/apps/infrastructure/src/ecs.tf
diff --git a/apps/infrastructure/src/main.tf b/apps/infrastructure/src/main.tf
@@ -32,3 +32,59 @@ module "identity" {
   source            = "./identity"
   github_repository = var.github_repository
 }
+
+module "core" {
+  source = "./modules/core"
+
+  environment = var.environment
+  tags        = var.tags
+
+  dns_domain_name      = var.dns_domain_name
+  dns_delegate_records = var.dns_delegate_records
+}
+
+module "website" {
+  source = "./modules/website"
+
+  providers = {
+    aws           = aws
+    aws.us-east-1 = aws.us-east-1
+  }
+
+  environment       = var.environment
+  github_repository = var.github_repository
+  tags              = var.tags
+
+  cdn_custom_headers           = var.cdn_custom_headers
+  publish_cloudfront_functions = var.publish_cloudfront_functions
+  dns_domain_name              = var.dns_domain_name
+  dns_delegate_records         = var.dns_delegate_records
+  use_custom_certificate       = var.use_custom_certificate
+  hosted_zone_id               = module.core.hosted_zone_id
+  ses_domain_identity_arn      = module.core.ses_domain_identity_arn
+}
+
+module "cms" {
+  source = "./modules/cms"
+
+  providers = {
+    aws           = aws
+    aws.us-east-1 = aws.us-east-1
+  }
+
+  environment       = var.environment
+  github_repository = var.github_repository
+  tags              = var.tags
+
+  dns_domain_name     = var.dns_domain_name
+  dns_domain_name_cms = var.dns_domain_name_cms
+  hosted_zone_id      = module.core.hosted_zone_id
+}
+
+module "chatbot" {
+  source = "./modules/chatbot"
+
+  aws_region  = "eu-west-3"
+  environment = var.environment
+  tags        = var.tags
+}
diff --git a/apps/infrastructure/src/modules/chatbot/providers.tf b/apps/infrastructure/src/modules/chatbot/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.33.0"
+    }
+  }
+}
diff --git a/apps/infrastructure/src/modules/chatbot/s3_bucket.tf b/apps/infrastructure/src/modules/chatbot/s3_bucket.tf
@@ -0,0 +1,19 @@
+resource "random_integer" "ai_kb_bucket_random_integer" {
+  min = 1
+  max = 9999
+}
+
+module "s3_bucket_ai_kb" {
+  source = "git::https://github.com/terraform-aws-modules/terraform-aws-s3-bucket.git?ref=3a1c80b29fdf8fc682d2749456ec36ecbaf4ce14" # v4.1.0
+
+  bucket                  = "ai-knowledge-base-${random_integer.ai_kb_bucket_random_integer.result}"
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+
+  versioning = {
+    status  = true
+    enabled = true
+  }
+}
diff --git a/apps/infrastructure/src/modules/chatbot/variables.tf b/apps/infrastructure/src/modules/chatbot/variables.tf
@@ -0,0 +1,17 @@
+variable "aws_region" {
+  type        = string
+  description = "AWS region to create resources. Default Milan"
+  default     = "eu-south-1"
+}
+
+variable "environment" {
+  type        = string
+  description = "Environment"
+}
+
+variable "tags" {
+  type = map(any)
+  default = {
+    CreatedBy = "Terraform"
+  }
+}
diff --git a/apps/infrastructure/src/acm.tf → apps/infrastructure/src/modules/cms/acm.tf b/apps/infrastructure/src/acm.tf → apps/infrastructure/src/modules/cms/acm.tf
@@ -1,34 +1,9 @@
-resource "aws_acm_certificate" "website" {
-  domain_name               = var.dns_domain_name
-  validation_method         = "DNS"
-  subject_alternative_names = [format("www.%s", var.dns_domain_name)]
-
-  lifecycle {
-    create_before_destroy = true
-  }
-
-  # TLS certificate generated in us-east because it is related to the CDN which is a global resource
-  provider = aws.us-east-1
-}
-
-resource "aws_acm_certificate" "auth" {
-  domain_name       = format("auth.%s", var.dns_domain_name)
-  validation_method = "DNS"
-
-  lifecycle {
-    create_before_destroy = true
-  }
-
-  # TLS certificate generated in us-east because it is related to the CDN which is a global resource
-  provider = aws.us-east-1
-}
-
 ## Certificate HTTPS for CMS Strapi
 module "cms_ssl_certificate" {
   source = "git::https://github.com/terraform-aws-modules/terraform-aws-acm.git?ref=8d0b22f1f242a1b36e29b8cb38aaeac9b887500d" # v5.0.0
 
   domain_name = keys(var.dns_domain_name_cms)[0]
-  zone_id     = aws_route53_zone.dev_portal.id
+  zone_id     = var.hosted_zone_id
 
   subject_alternative_names = [
     "www.${keys(var.dns_domain_name_cms)[0]}"
@@ -44,7 +19,7 @@ module "strapi_media_library_ssl_certificate" {
   source = "git::https://github.com/terraform-aws-modules/terraform-aws-acm.git?ref=8d0b22f1f242a1b36e29b8cb38aaeac9b887500d" # v5.0.0
 
   domain_name = format("cdn.%s", var.dns_domain_name)
-  zone_id     = aws_route53_zone.dev_portal.id
+  zone_id     = var.hosted_zone_id
 
   providers = {
     aws = aws.us-east-1

diff --git a/apps/infrastructure/src/alb.tf → apps/infrastructure/src/modules/cms/alb.tf b/apps/infrastructure/src/alb.tf → apps/infrastructure/src/modules/cms/alb.tf