Prod release (#122)

Updated infrastructure for prod release

---------

Co-authored-by: Rich Byrne <[email protected]>
Co-authored-by: Scott Alexander <[email protected]>

.github/workflows/terraform-deploy-to-prod-manual.yml

@@ -46,7 +46,7 @@ jobs:
 
     - name: Terraform Init
       id: init
-      run: terraform init -backend-config=backend.conf
+      run: terraform init -backend-config=backend-prod.conf
       working-directory: ./infrastructure 
       shell: bash
 

.gitignore

@@ -2,6 +2,8 @@
 
 # Local .terraform directories
 backup-vault/teraform/.terraform/*
+bootstrap/.terraform/*
+infrastructure/.terraform
 
 # .tfstate files
 *.tfstate

bootstrap/dev.tfvars

@@ -0,0 +1 @@
+environment = "dev"

bootstrap/main.tf

@@ -13,13 +13,13 @@ provider "aws" {
 }
 
 resource "aws_kms_key" "ndr_state_key" {
-  description             = "ndr-dev-terraform-state-key"
+  description             = "ndr-${var.environment}-terraform-state-key"
   deletion_window_in_days = 10
   enable_key_rotation     = true
 }
 
 resource "aws_s3_bucket" "ndr_lock_bucket" {
-  bucket = "ndr-dev-terraform-state-${data.aws_caller_identity.current.account_id}"
+  bucket = "ndr-${var.environment}-terraform-state-${data.aws_caller_identity.current.account_id}"
 
   lifecycle {
     prevent_destroy = true
@@ -88,4 +88,4 @@ variable "region" {
   type        = string
   default     = "eu-west-2"
   description = "The region to be used for bootstrapping"
-}
+}

bootstrap/pre-prod.tfvars

@@ -0,0 +1 @@
+environment = "pre-prod"

bootstrap/prod.tfvars

@@ -0,0 +1 @@
+environment = "prod"

bootstrap/variables.tf

@@ -0,0 +1,4 @@
+variable "environment" {
+    type = string    
+    description = "Environment to bootstrap"
+}

infrastructure/backend-prod.conf

@@ -0,0 +1 @@
+bucket = "ndr-prod-terraform-state-487224344892"

infrastructure/buckets.tf

@@ -171,11 +171,11 @@ module "ndr-bulk-staging-store" {
 }
 
 resource "aws_s3_bucket" "logs_bucket" {
-  bucket        = "${terraform.workspace}-load-balancer-logs"
+  bucket        = "${terraform.workspace}-load-balancer-logs-${data.aws_caller_identity.current.account_id}"
   force_destroy = local.is_force_destroy
 
   tags = {
-    Name        = "${terraform.workspace}-load-balancer-logs"
+    Name        = "${terraform.workspace}-load-balancer-logs-${data.aws_caller_identity.current.account_id}"
     Owner       = var.owner
     Environment = var.environment
     Workspace   = terraform.workspace

infrastructure/prod.tfvars

@@ -0,0 +1,17 @@
+environment                       = "prod"
+owner                             = "nhse/ndr-team"
+domain                            = "access-request-fulfilment.patient-deductions.nhs.uk"
+certificate_domain                = "prod.access-request-fulfilment.patient-deductions.nhs.uk"
+certificate_subdomain_name_prefix = "api."
+
+cloudwatch_alarm_evaluation_periods = 30
+poll_frequency                      = "60"
+
+# Updated to prod url once testing has been confirmed
+mesh_url                        = "https://msg.intspineservices.nhs.uk"
+mesh_mailbox_ssm_param_name     = "/repo/prod/user-input/external/mesh-mailbox-id"
+mesh_password_ssm_param_name    = "/repo/prod/user-input/external/mesh-mailbox-password"
+mesh_shared_key_ssm_param_name  = "/repo/prod/user-input/external/mesh-mailbox-shared-secret"
+mesh_client_cert_ssm_param_name = "/repo/prod/user-input/external/mesh-mailbox-client-cert"
+mesh_client_key_ssm_param_name  = "/repo/prod/user-input/external/mesh-mailbox-client-key"
+mesh_ca_cert_ssm_param_name     = "/repo/prod/user-input/external/mesh-mailbox-ca-cert"

infrastructure/variable.tf

@@ -22,7 +22,7 @@ variable "certificate_subdomain_name_prefix" {
 variable "docstore_bucket_name" {
   type        = string
   description = "The name of S3 bucket to store ARF documents"
-  default     = "document-store"
+  default     = "ndr-document-store"
 }
 
 variable "zip_store_bucket_name" {