generated from ministryofjustice/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
dc5b0af
commit 6b87482
Showing
3 changed files
with
129 additions
and
129 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,35 +1,35 @@ | ||
|
|
||
| resource "aws_instance" "tipstaff-ec2-instance-dev" { | ||
| instance_type = local.application_data.accounts[local.environment].instance_type | ||
| ami = local.application_data.accounts[local.environment].ami | ||
| count = "1" | ||
| subnet_id = data.aws_subnet.data_subnets_a.id | ||
| vpc_security_group_ids = [aws_security_group.tipstaff-dev-ec2-sc.id] | ||
| } | ||
| # resource "aws_instance" "tipstaff-ec2-instance-dev" { | ||
| # instance_type = local.application_data.accounts[local.environment].instance_type | ||
| # ami = local.application_data.accounts[local.environment].ami | ||
| # count = "1" | ||
| # subnet_id = data.aws_subnet.data_subnets_a.id | ||
| # vpc_security_group_ids = [aws_security_group.tipstaff-dev-ec2-sc.id] | ||
| # } | ||
|
|
||
| resource "aws_security_group" "tipstaff-dev-ec2-sc" { | ||
| name = "ec2 security group" | ||
| description = "control access to the ec2 instance" | ||
| vpc_id = data.aws_vpc.shared.id | ||
| ingress { | ||
| description = "Allow all traffic through HTTP" | ||
| from_port = 80 | ||
| to_port = 80 | ||
| protocol = "tcp" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
| ingress { | ||
| description = "Allow all traffic through HTTPS" | ||
| from_port = 443 | ||
| to_port = 443 | ||
| protocol = "tcp" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
| egress { | ||
| description = "allow all outbound traffic" | ||
| from_port = 0 | ||
| to_port = 0 | ||
| protocol = "-1" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
| } | ||
| # resource "aws_security_group" "tipstaff-dev-ec2-sc" { | ||
| # name = "ec2 security group" | ||
| # description = "control access to the ec2 instance" | ||
| # vpc_id = data.aws_vpc.shared.id | ||
| # ingress { | ||
| # description = "Allow all traffic through HTTP" | ||
| # from_port = 80 | ||
| # to_port = 80 | ||
| # protocol = "tcp" | ||
| # cidr_blocks = ["0.0.0.0/0"] | ||
| # } | ||
| # ingress { | ||
| # description = "Allow all traffic through HTTPS" | ||
| # from_port = 443 | ||
| # to_port = 443 | ||
| # protocol = "tcp" | ||
| # cidr_blocks = ["0.0.0.0/0"] | ||
| # } | ||
| # egress { | ||
| # description = "allow all outbound traffic" | ||
| # from_port = 0 | ||
| # to_port = 0 | ||
| # protocol = "-1" | ||
| # cidr_blocks = ["0.0.0.0/0"] | ||
| # } | ||
| # } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,43 +1,43 @@ | ||
|
|
||
| resource "aws_lb" "tipstaff-dev-lb" { | ||
| name = "tipstaff-dev-load-balancer" | ||
| internal = false | ||
| load_balancer_type = "application" | ||
| security_groups = [aws_security_group.tipstaff-dev-lb-sc.id] | ||
| subnets = data.aws_subnets.shared-public.ids | ||
| enable_deletion_protection = false | ||
| } | ||
| # resource "aws_lb" "tipstaff-dev-lb" { | ||
| # name = "tipstaff-dev-load-balancer" | ||
| # internal = false | ||
| # load_balancer_type = "application" | ||
| # security_groups = [aws_security_group.tipstaff-dev-lb-sc.id] | ||
| # subnets = data.aws_subnets.shared-public.ids | ||
| # enable_deletion_protection = false | ||
| # } | ||
|
|
||
| resource "aws_security_group" "tipstaff-dev-lb-sc" { | ||
| name = "load balancer security group" | ||
| description = "control access to the load balancer" | ||
| vpc_id = data.aws_vpc.shared.id | ||
| ingress { | ||
| description = "Allow all traffic through HTTP" | ||
| from_port = "80" | ||
| to_port = "80" | ||
| protocol = "tcp" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
| egress { | ||
| description = "allow all outbound traffic" | ||
| from_port = 0 | ||
| to_port = 0 | ||
| protocol = "-1" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
| } | ||
| # resource "aws_security_group" "tipstaff-dev-lb-sc" { | ||
| # name = "load balancer security group" | ||
| # description = "control access to the load balancer" | ||
| # vpc_id = data.aws_vpc.shared.id | ||
| # ingress { | ||
| # description = "Allow all traffic through HTTP" | ||
| # from_port = "80" | ||
| # to_port = "80" | ||
| # protocol = "tcp" | ||
| # cidr_blocks = ["0.0.0.0/0"] | ||
| # } | ||
| # egress { | ||
| # description = "allow all outbound traffic" | ||
| # from_port = 0 | ||
| # to_port = 0 | ||
| # protocol = "-1" | ||
| # cidr_blocks = ["0.0.0.0/0"] | ||
| # } | ||
| # } | ||
|
|
||
| resource "aws_route53_record" "external" { | ||
| provider = aws.core-vpc | ||
| # resource "aws_route53_record" "external" { | ||
| # provider = aws.core-vpc | ||
|
|
||
| zone_id = data.aws_route53_zone.external.zone_id | ||
| name = "${local.application_data.accounts[local.environment].subdomain_name}.modernisation-platform.service.justice.gov.uk" | ||
| type = "A" | ||
| # zone_id = data.aws_route53_zone.external.zone_id | ||
| # name = "${local.application_data.accounts[local.environment].subdomain_name}.modernisation-platform.service.justice.gov.uk" | ||
| # type = "A" | ||
|
|
||
| alias { | ||
| name = aws_lb.tipstaff-dev-lb.dns_name | ||
| zone_id = aws_lb.tipstaff-dev-lb.zone_id | ||
| evaluate_target_health = true | ||
| } | ||
| } | ||
| # alias { | ||
| # name = aws_lb.tipstaff-dev-lb.dns_name | ||
| # zone_id = aws_lb.tipstaff-dev-lb.zone_id | ||
| # evaluate_target_health = true | ||
| # } | ||
| # } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,64 +1,64 @@ | ||
| resource "aws_db_instance" "tipstaffdbdev" { | ||
| allocated_storage = local.application_data.accounts[local.environment].allocated_storage | ||
| db_name = local.application_data.accounts[local.environment].db_name | ||
| storage_type = local.application_data.accounts[local.environment].storage_type | ||
| identifier = local.application_data.accounts[local.environment].identifier | ||
| engine = local.application_data.accounts[local.environment].engine | ||
| engine_version = local.application_data.accounts[local.environment].engine_version | ||
| instance_class = local.application_data.accounts[local.environment].instance_class | ||
| username = jsondecode(data.aws_secretsmanager_secret_version.db_username.secret_string)["LOCAL_DB_USERNAME"] | ||
| password = jsondecode(data.aws_secretsmanager_secret_version.db_password.secret_string)["LOCAL_DB_PASSWORD"] | ||
| skip_final_snapshot = true | ||
| vpc_security_group_ids = [aws_security_group.postgresql_db_sc.id] | ||
| db_subnet_group_name = aws_db_subnet_group.dbsubnetgroup.name | ||
| publicly_accessible = true | ||
| } | ||
| # resource "aws_db_instance" "tipstaffdbdev" { | ||
| # allocated_storage = local.application_data.accounts[local.environment].allocated_storage | ||
| # db_name = local.application_data.accounts[local.environment].db_name | ||
| # storage_type = local.application_data.accounts[local.environment].storage_type | ||
| # identifier = local.application_data.accounts[local.environment].identifier | ||
| # engine = local.application_data.accounts[local.environment].engine | ||
| # engine_version = local.application_data.accounts[local.environment].engine_version | ||
| # instance_class = local.application_data.accounts[local.environment].instance_class | ||
| # username = jsondecode(data.aws_secretsmanager_secret_version.db_username.secret_string)["LOCAL_DB_USERNAME"] | ||
| # password = jsondecode(data.aws_secretsmanager_secret_version.db_password.secret_string)["LOCAL_DB_PASSWORD"] | ||
| # skip_final_snapshot = true | ||
| # vpc_security_group_ids = [aws_security_group.postgresql_db_sc.id] | ||
| # db_subnet_group_name = aws_db_subnet_group.dbsubnetgroup.name | ||
| # publicly_accessible = true | ||
| # } | ||
|
|
||
| resource "aws_db_subnet_group" "dbsubnetgroup" { | ||
| name = "dbsubnetgroup" | ||
| subnet_ids = [data.aws_subnet.data_subnets_a.id, data.aws_subnet.data_subnets_b.id, data.aws_subnet.data_subnets_c.id] | ||
| } | ||
| # resource "aws_db_subnet_group" "dbsubnetgroup" { | ||
| # name = "dbsubnetgroup" | ||
| # subnet_ids = [data.aws_subnet.data_subnets_a.id, data.aws_subnet.data_subnets_b.id, data.aws_subnet.data_subnets_c.id] | ||
| # } | ||
|
|
||
| resource "aws_security_group" "postgresql_db_sc" { | ||
| name = "postgres_security_group" | ||
| description = "control access to the database" | ||
| vpc_id = data.aws_vpc.shared.id | ||
| ingress { | ||
| from_port = 0 | ||
| to_port = 65535 | ||
| protocol = "tcp" | ||
| description = "MOJ Digital VPN access" | ||
| cidr_blocks = [local.application_data.accounts[local.environment].moj_ip] | ||
| } | ||
| ingress { | ||
| from_port = 5432 | ||
| to_port = 5432 | ||
| protocol = "tcp" | ||
| description = "Allows codebuild access to RDS" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
| egress { | ||
| description = "allow all outbound traffic" | ||
| from_port = 0 | ||
| to_port = 0 | ||
| protocol = "-1" | ||
| cidr_blocks = ["0.0.0.0/0"] | ||
| } | ||
| # resource "aws_security_group" "postgresql_db_sc" { | ||
| # name = "postgres_security_group" | ||
| # description = "control access to the database" | ||
| # vpc_id = data.aws_vpc.shared.id | ||
| # ingress { | ||
| # from_port = 0 | ||
| # to_port = 65535 | ||
| # protocol = "tcp" | ||
| # description = "MOJ Digital VPN access" | ||
| # cidr_blocks = [local.application_data.accounts[local.environment].moj_ip] | ||
| # } | ||
| # ingress { | ||
| # from_port = 5432 | ||
| # to_port = 5432 | ||
| # protocol = "tcp" | ||
| # description = "Allows codebuild access to RDS" | ||
| # cidr_blocks = ["0.0.0.0/0"] | ||
| # } | ||
| # egress { | ||
| # description = "allow all outbound traffic" | ||
| # from_port = 0 | ||
| # to_port = 0 | ||
| # protocol = "-1" | ||
| # cidr_blocks = ["0.0.0.0/0"] | ||
| # } | ||
|
|
||
| } | ||
| # } | ||
|
|
||
| resource "null_resource" "setup_db" { | ||
| depends_on = [aws_db_instance.tipstaffdbdev] | ||
| # resource "null_resource" "setup_db" { | ||
| # depends_on = [aws_db_instance.tipstaffdbdev] | ||
|
|
||
| provisioner "local-exec" { | ||
| interpreter = ["bash", "-c"] | ||
| command = "chmod +x ./setup-postgresql.sh; ./setup-postgresql.sh" | ||
| # provisioner "local-exec" { | ||
| # interpreter = ["bash", "-c"] | ||
| # command = "chmod +x ./setup-postgresql.sh; ./setup-postgresql.sh" | ||
|
|
||
| environment = { | ||
| DB_HOSTNAME = aws_db_instance.tipstaffdbdev.address | ||
| } | ||
| } | ||
| triggers = { | ||
| always_run = "${timestamp()}" | ||
| } | ||
| } | ||
| # environment = { | ||
| # DB_HOSTNAME = aws_db_instance.tipstaffdbdev.address | ||
| # } | ||
| # } | ||
| # triggers = { | ||
| # always_run = "${timestamp()}" | ||
| # } | ||
| # } |