From b7d9288b87c1951fed21f04d5740f3b98812ab5b Mon Sep 17 00:00:00 2001 From: scott alexander Date: Tue, 2 Jan 2024 15:29:02 +0000 Subject: [PATCH] Prod release (#122) Updated infrastructure for prod release --------- Co-authored-by: Rich Byrne Co-authored-by: Scott Alexander --- .../terraform-deploy-to-prod-manual.yml | 2 +- .gitignore | 2 ++ bootstrap/dev.tfvars | 1 + bootstrap/main.tf | 6 +++--- bootstrap/pre-prod.tfvars | 1 + bootstrap/prod.tfvars | 1 + bootstrap/variables.tf | 4 ++++ infrastructure/backend-prod.conf | 1 + infrastructure/buckets.tf | 4 ++-- infrastructure/prod.tfvars | 17 +++++++++++++++++ infrastructure/variable.tf | 2 +- 11 files changed, 34 insertions(+), 7 deletions(-) create mode 100644 bootstrap/dev.tfvars create mode 100644 bootstrap/pre-prod.tfvars create mode 100644 bootstrap/prod.tfvars create mode 100644 bootstrap/variables.tf create mode 100644 infrastructure/backend-prod.conf create mode 100644 infrastructure/prod.tfvars diff --git a/.github/workflows/terraform-deploy-to-prod-manual.yml b/.github/workflows/terraform-deploy-to-prod-manual.yml index 5b58b117..410b90db 100644 --- a/.github/workflows/terraform-deploy-to-prod-manual.yml +++ b/.github/workflows/terraform-deploy-to-prod-manual.yml @@ -46,7 +46,7 @@ jobs: - name: Terraform Init id: init - run: terraform init -backend-config=backend.conf + run: terraform init -backend-config=backend-prod.conf working-directory: ./infrastructure shell: bash diff --git a/.gitignore b/.gitignore index 3e6734b6..4eae1e71 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,8 @@ # Local .terraform directories backup-vault/teraform/.terraform/* +bootstrap/.terraform/* +infrastructure/.terraform # .tfstate files *.tfstate diff --git a/bootstrap/dev.tfvars b/bootstrap/dev.tfvars new file mode 100644 index 00000000..10e64393 --- /dev/null +++ b/bootstrap/dev.tfvars @@ -0,0 +1 @@ +environment = "dev" \ No newline at end of file diff --git a/bootstrap/main.tf b/bootstrap/main.tf index 85994800..d66fa3e3 100644 --- a/bootstrap/main.tf +++ b/bootstrap/main.tf @@ -13,13 +13,13 @@ provider "aws" { } resource "aws_kms_key" "ndr_state_key" { - description = "ndr-dev-terraform-state-key" + description = "ndr-${var.environment}-terraform-state-key" deletion_window_in_days = 10 enable_key_rotation = true } resource "aws_s3_bucket" "ndr_lock_bucket" { - bucket = "ndr-dev-terraform-state-${data.aws_caller_identity.current.account_id}" + bucket = "ndr-${var.environment}-terraform-state-${data.aws_caller_identity.current.account_id}" lifecycle { prevent_destroy = true @@ -88,4 +88,4 @@ variable "region" { type = string default = "eu-west-2" description = "The region to be used for bootstrapping" -} \ No newline at end of file +} diff --git a/bootstrap/pre-prod.tfvars b/bootstrap/pre-prod.tfvars new file mode 100644 index 00000000..adc7d5f8 --- /dev/null +++ b/bootstrap/pre-prod.tfvars @@ -0,0 +1 @@ +environment = "pre-prod" \ No newline at end of file diff --git a/bootstrap/prod.tfvars b/bootstrap/prod.tfvars new file mode 100644 index 00000000..1e3a3cdc --- /dev/null +++ b/bootstrap/prod.tfvars @@ -0,0 +1 @@ +environment = "prod" \ No newline at end of file diff --git a/bootstrap/variables.tf b/bootstrap/variables.tf new file mode 100644 index 00000000..f6bc011b --- /dev/null +++ b/bootstrap/variables.tf @@ -0,0 +1,4 @@ +variable "environment" { + type = string + description = "Environment to bootstrap" +} \ No newline at end of file diff --git a/infrastructure/backend-prod.conf b/infrastructure/backend-prod.conf new file mode 100644 index 00000000..2c352143 --- /dev/null +++ b/infrastructure/backend-prod.conf @@ -0,0 +1 @@ +bucket = "ndr-prod-terraform-state-487224344892" \ No newline at end of file diff --git a/infrastructure/buckets.tf b/infrastructure/buckets.tf index 0508f0f0..948ceea3 100644 --- a/infrastructure/buckets.tf +++ b/infrastructure/buckets.tf @@ -171,11 +171,11 @@ module "ndr-bulk-staging-store" { } resource "aws_s3_bucket" "logs_bucket" { - bucket = "${terraform.workspace}-load-balancer-logs" + bucket = "${terraform.workspace}-load-balancer-logs-${data.aws_caller_identity.current.account_id}" force_destroy = local.is_force_destroy tags = { - Name = "${terraform.workspace}-load-balancer-logs" + Name = "${terraform.workspace}-load-balancer-logs-${data.aws_caller_identity.current.account_id}" Owner = var.owner Environment = var.environment Workspace = terraform.workspace diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars new file mode 100644 index 00000000..6af05d4d --- /dev/null +++ b/infrastructure/prod.tfvars @@ -0,0 +1,17 @@ +environment = "prod" +owner = "nhse/ndr-team" +domain = "access-request-fulfilment.patient-deductions.nhs.uk" +certificate_domain = "prod.access-request-fulfilment.patient-deductions.nhs.uk" +certificate_subdomain_name_prefix = "api." + +cloudwatch_alarm_evaluation_periods = 30 +poll_frequency = "60" + +# Updated to prod url once testing has been confirmed +mesh_url = "https://msg.intspineservices.nhs.uk" +mesh_mailbox_ssm_param_name = "/repo/prod/user-input/external/mesh-mailbox-id" +mesh_password_ssm_param_name = "/repo/prod/user-input/external/mesh-mailbox-password" +mesh_shared_key_ssm_param_name = "/repo/prod/user-input/external/mesh-mailbox-shared-secret" +mesh_client_cert_ssm_param_name = "/repo/prod/user-input/external/mesh-mailbox-client-cert" +mesh_client_key_ssm_param_name = "/repo/prod/user-input/external/mesh-mailbox-client-key" +mesh_ca_cert_ssm_param_name = "/repo/prod/user-input/external/mesh-mailbox-ca-cert" \ No newline at end of file diff --git a/infrastructure/variable.tf b/infrastructure/variable.tf index 962fe2e1..37cae5d1 100644 --- a/infrastructure/variable.tf +++ b/infrastructure/variable.tf @@ -22,7 +22,7 @@ variable "certificate_subdomain_name_prefix" { variable "docstore_bucket_name" { type = string description = "The name of S3 bucket to store ARF documents" - default = "document-store" + default = "ndr-document-store" } variable "zip_store_bucket_name" {