Skip to content

Commit

Permalink
Merge pull request #6979 from ministryofjustice/date_2024_07_08
Browse files Browse the repository at this point in the history
GitHub Actions Code Formatter workflow
  • Loading branch information
ASTRobinson authored Jul 8, 2024
2 parents 603f010 + 77d5783 commit 7cf7682
Show file tree
Hide file tree
Showing 22 changed files with 128 additions and 131 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,6 @@ resource "kubernetes_secret" "ui_app_secrets" {

type = "Opaque"
data = {
secret_key = random_password.ui_app_secrets.result
secret_key = random_password.ui_app_secrets.result
}
}
2 changes: 1 addition & 1 deletion terraform/environments/apex/modules/ecs/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,7 @@ resource "aws_ecs_task_definition" "windows_ecs_task_definition" {
}

resource "aws_ecs_task_definition" "linux_ecs_task_definition" {
family = "${var.app_name}-task-definition"
family = "${var.app_name}-task-definition"
# network_mode = var.network_mode
count = var.container_instance_type == "linux" ? 1 : 0
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn # grants the Amazon ECS container agents permission to make AWS API calls on your behalf
Expand Down
2 changes: 1 addition & 1 deletion terraform/environments/cdpt-ifs/ecs.tf
Original file line number Diff line number Diff line change
Expand Up @@ -368,7 +368,7 @@ resource "aws_ecs_service" "ecs_service" {
task_definition = data.aws_ecs_task_definition.latest_task_definition.arn
desired_count = local.application_data.accounts[local.environment].app_count
health_check_grace_period_seconds = 60
force_new_deployment = true
force_new_deployment = true
capacity_provider_strategy {
capacity_provider = aws_ecs_capacity_provider.ifs.name
weight = 1
Expand Down
16 changes: 8 additions & 8 deletions terraform/environments/cdpt-ifs/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -21,15 +21,15 @@ locals {
}))

loadbalancer_ingress_rules = {
"cluster_ec2_lb_ingress" = {
description = "allow access on HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["188.214.15.75/32", "192.168.5.101/32", "81.134.202.29/32", "79.152.189.104/32", "179.50.12.212/32", "188.172.252.34/32", "194.33.192.0/25", "194.33.193.0/25", "194.33.196.0/25", "194.33.197.0/25", "195.59.75.0/24", "201.33.21.5/32", "213.121.161.112/28", "52.67.148.55/32", "54.94.206.111/32", "178.248.34.42/32", "178.248.34.43/32", "178.248.34.44/32", "178.248.34.45/32", "178.248.34.46/32", "178.248.34.47/32", "89.32.121.144/32", "185.191.249.100/32", "2.138.20.8/32", "18.169.147.172/32", "35.176.93.186/32", "18.130.148.126/32", "35.176.148.126/32", "51.149.250.0/24", "51.149.249.0/29", "194.33.249.0/29", "51.149.249.32/29", "194.33.248.0/29", "20.49.214.199/32", "20.49.214.228/32", "20.26.11.71/32", "20.26.11.108/32", "128.77.75.128/26"]
security_groups = []
}
"cluster_ec2_lb_ingress" = {
description = "allow access on HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["188.214.15.75/32", "192.168.5.101/32", "81.134.202.29/32", "79.152.189.104/32", "179.50.12.212/32", "188.172.252.34/32", "194.33.192.0/25", "194.33.193.0/25", "194.33.196.0/25", "194.33.197.0/25", "195.59.75.0/24", "201.33.21.5/32", "213.121.161.112/28", "52.67.148.55/32", "54.94.206.111/32", "178.248.34.42/32", "178.248.34.43/32", "178.248.34.44/32", "178.248.34.45/32", "178.248.34.46/32", "178.248.34.47/32", "89.32.121.144/32", "185.191.249.100/32", "2.138.20.8/32", "18.169.147.172/32", "35.176.93.186/32", "18.130.148.126/32", "35.176.148.126/32", "51.149.250.0/24", "51.149.249.0/29", "194.33.249.0/29", "51.149.249.32/29", "194.33.248.0/29", "20.49.214.199/32", "20.49.214.228/32", "20.26.11.71/32", "20.26.11.108/32", "128.77.75.128/26"]
security_groups = []
}
}

loadbalancer_egress_rules = {
"cluster_ec2_lb_egress" = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ resource "aws_instance" "app1" {
user_data_base64 = base64encode(local.app_userdata)
user_data_replace_on_change = true
metadata_options {
http_tokens = "optional"
http_tokens = "optional"
}

tags = merge(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@
"share_snapshot_id": "snap-0e4f93177b88c076f",
"app_snapshot_id": "snap-0713966f6fbd5d43c",
"concurrent_manager_snapshot_id": "snap-012a415b26337ede1"

},
"test": {
"example_var": "test-data"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@ resource "aws_instance" "concurrent_manager" {
user_data_base64 = base64encode(local.cm_userdata)
user_data_replace_on_change = true
metadata_options {
http_tokens = "optional"
http_tokens = "optional"
}

tags = merge(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ resource "aws_instance" "database" {
user_data_base64 = base64encode(local.db_userdata)
user_data_replace_on_change = true
metadata_options {
http_tokens = "optional"
http_tokens = "optional"
}

tags = merge(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ resource "aws_cloudwatch_metric_alarm" "ecs_warning_error_volume" {
}

resource "aws_cloudwatch_metric_alarm" "ecs_healthy_hosts_fatal_alarm" {
count = var.microservice_lb != null ? 1 : 0
count = var.microservice_lb != null ? 1 : 0
alarm_name = "${var.name}-${var.env_name}-healthy-hosts-fatal"
alarm_description = "All `${var.name}` instances stopped responding."
namespace = "AWS/ApplicationELB"
Expand All @@ -184,7 +184,7 @@ resource "aws_cloudwatch_metric_alarm" "ecs_healthy_hosts_fatal_alarm" {

# Response time alarms
resource "aws_cloudwatch_metric_alarm" "alb_response_time_critical_alarm" {
count = var.microservice_lb != null ? 1 : 0
count = var.microservice_lb != null ? 1 : 0
alarm_name = "${var.name}-${var.env_name}-response-time-critical"
alarm_description = "Average response time for the `${var.name}` service exceeded 5 seconds."
namespace = "AWS/ApplicationELB"
Expand All @@ -204,7 +204,7 @@ resource "aws_cloudwatch_metric_alarm" "alb_response_time_critical_alarm" {

# Response code alarms
resource "aws_cloudwatch_metric_alarm" "alb_response_code_5xx_warning_alarm" {
count = var.microservice_lb != null ? 1 : 0
count = var.microservice_lb != null ? 1 : 0
alarm_name = "${var.name}-${var.env_name}-5xx-response-warning"
alarm_description = "The `${var.name}` service responded with 5xx errors."
namespace = "AWS/ApplicationELB"
Expand All @@ -223,7 +223,7 @@ resource "aws_cloudwatch_metric_alarm" "alb_response_code_5xx_warning_alarm" {
}

resource "aws_cloudwatch_metric_alarm" "alb_response_code_5xx_critical_alarm" {
count = var.microservice_lb != null ? 1 : 0
count = var.microservice_lb != null ? 1 : 0
alarm_name = "${var.name}-${var.env_name}-5xx-response-critical"
alarm_description = "The `${var.name}` service responded with 5xx errors at an elevated rate (over 10/minute)."
namespace = "AWS/ApplicationELB"
Expand Down
6 changes: 3 additions & 3 deletions terraform/environments/delius-mis/locals.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,10 @@
locals {
delius_environments_per_account = {
# account = [env1, env2]
prod = [] # prod
prod = [] # prod
preprod = ["stage", "preprod"]
test = []
dev = ["dev"]
test = []
dev = ["dev"]
}

ordered_subnet_ids = [data.aws_subnets.shared-private-a.ids[0], data.aws_subnets.shared-private-b.ids[0], data.aws_subnets.shared-private-c.ids[0]]
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
locals {
nomis_host = jsondecode(data.aws_secretsmanager_secret_version.nomis.secret_string)["endpoint"]
nomis_service_name = jsondecode(data.aws_secretsmanager_secret_version.nomis.secret_string)["db_name"]
connection_string_nomis = "oracle://jdbc:oracle:thin:$${${aws_secretsmanager_secret.nomis.name}}@//${local.nomis_host}:1521/${local.nomis_service_name}"
nomis_host = jsondecode(data.aws_secretsmanager_secret_version.nomis.secret_string)["endpoint"]
nomis_service_name = jsondecode(data.aws_secretsmanager_secret_version.nomis.secret_string)["db_name"]
connection_string_nomis = "oracle://jdbc:oracle:thin:$${${aws_secretsmanager_secret.nomis.name}}@//${local.nomis_host}:1521/${local.nomis_service_name}"
bodmis_host = jsondecode(data.aws_secretsmanager_secret_version.bodmis.secret_string)["endpoint"]
bodmis_service_name = jsondecode(data.aws_secretsmanager_secret_version.bodmis.secret_string)["db_name"]
connection_string_bodmis = "oracle://jdbc:oracle:thin:$${${aws_secretsmanager_secret.bodmis.name}}@//${local.bodmis_host}:1522/${local.bodmis_service_name}"
Expand All @@ -25,7 +25,7 @@ module "athena_federated_query_connector_oracle" {

# A map that links catalog names to database connection strings
connection_strings = {
nomis = local.connection_string_nomis
nomis = local.connection_string_nomis
bodmis = local.connection_string_bodmis
}
}
Expand Down
2 changes: 0 additions & 2 deletions terraform/environments/edw/application_variables.json
Original file line number Diff line number Diff line change
Expand Up @@ -73,5 +73,3 @@
}
}
}


8 changes: 4 additions & 4 deletions terraform/environments/edw/bastion.tf
Original file line number Diff line number Diff line change
Expand Up @@ -9,19 +9,19 @@ module "bastion_linux" {
aws.share-host = aws.core-vpc # core-vpc-(environment) holds the networking for all accounts
aws.share-tenant = aws # The default provider (unaliased, `aws`) is the tenant
}

# s3 - used for logs and user ssh public keys
bucket_name = "bastion-${local.application_name}"

# public keys
public_key_data = local.public_key_data.keys[local.environment]

# logs
log_auto_clean = "Enabled"
log_standard_ia_days = 30 # days before moving to IA storage
log_glacier_days = 60 # days before moving to Glacier
log_expiry_days = 180 # days before log expiration

# bastion
allow_ssh_commands = false
app_name = var.networking[0].application
Expand Down
66 changes: 33 additions & 33 deletions terraform/environments/edw/cw.tf
Original file line number Diff line number Diff line change
Expand Up @@ -3,46 +3,46 @@
##### EC2 Log Group

resource "aws_cloudwatch_log_group" "EC2LogGoup" {
name = "${local.application_name}-EC2"
retention_in_days = 180
name = "${local.application_name}-EC2"
retention_in_days = 180
}

##### EC2 Cloudwatch Log Groups

resource "aws_cloudwatch_log_group" "EDWLogGroupCfnInit" {
name = "${local.application_name}-CfnInit"
retention_in_days = 180
name = "${local.application_name}-CfnInit"
retention_in_days = 180
}

resource "aws_cloudwatch_log_group" "EDWLogGroupOracleAlerts" {
name = "${local.application_name}-OracleAlerts"
retention_in_days = 180
name = "${local.application_name}-OracleAlerts"
retention_in_days = 180
}

resource "aws_cloudwatch_log_group" "EDWLogGroupRman" {
name = "${local.application_name}-RMan"
retention_in_days = 180
name = "${local.application_name}-RMan"
retention_in_days = 180

}

resource "aws_cloudwatch_log_group" "EDWLogGroupRmanArch" {
name = "${local.application_name}-RManArch"
retention_in_days = 180
name = "${local.application_name}-RManArch"
retention_in_days = 180
}

resource "aws_cloudwatch_log_group" "EDWLogGroupTBSFreespace" {
name = "${local.application_name}-TBSFreespace"
retention_in_days = 180
name = "${local.application_name}-TBSFreespace"
retention_in_days = 180
}

resource "aws_cloudwatch_log_group" "EDWLogGroupPMONstatus" {
name = "${local.application_name}-PMONstatus"
retention_in_days = 180
name = "${local.application_name}-PMONstatus"
retention_in_days = 180
}

resource "aws_cloudwatch_log_group" "EDWLogGroupCDCstatus" {
name = "${local.application_name}-CDCstatus"
retention_in_days = 180
name = "${local.application_name}-CDCstatus"
retention_in_days = 180
}


Expand Down Expand Up @@ -119,8 +119,8 @@ resource "aws_cloudwatch_metric_alarm" "EDWEc2MemoryOverThreshold" {
treat_missing_data = "breaching"

dimensions = {
ImageId = aws_instance.edw_db_instance.ami
InstanceId = aws_instance.edw_db_instance.id
ImageId = aws_instance.edw_db_instance.ami
InstanceId = aws_instance.edw_db_instance.id
InstanceType = aws_instance.edw_db_instance.instance_type
}

Expand All @@ -141,12 +141,12 @@ resource "aws_cloudwatch_metric_alarm" "EDWEbsDiskSpaceUsedOverThreshold" {
treat_missing_data = "breaching"

dimensions = {
path = local.application_data.accounts[local.environment].edw_disk_path
InstanceId = aws_instance.edw_db_instance.id
ImageId = aws_instance.edw_db_instance.ami
path = local.application_data.accounts[local.environment].edw_disk_path
InstanceId = aws_instance.edw_db_instance.id
ImageId = aws_instance.edw_db_instance.ami
InstanceType = aws_instance.edw_db_instance.instance_type
device = local.application_data.accounts[local.environment].edw_disk_device
fstype = local.application_data.accounts[local.environment].edw_disk_fs_type
device = local.application_data.accounts[local.environment].edw_disk_device
fstype = local.application_data.accounts[local.environment].edw_disk_fs_type
}

alarm_actions = [aws_sns_topic.edw_alerting_topic.arn]
Expand Down Expand Up @@ -184,14 +184,14 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmOracleAlerts" {
evaluation_periods = local.application_data.accounts[local.environment].edw_logstream_errors_detected_evaluation_periods
treat_missing_data = "notBreaching"

alarm_actions = [aws_sns_topic.edw_alerting_topic.arn]
ok_actions = [aws_sns_topic.edw_alerting_topic.arn]
alarm_actions = [aws_sns_topic.edw_alerting_topic.arn]
ok_actions = [aws_sns_topic.edw_alerting_topic.arn]
}

resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterOracleAlerts" {
name = "EDWLogsMetricFilterOracleAlerts"
log_group_name = aws_cloudwatch_log_group.EDWLogGroupOracleAlerts.name
pattern = "\"ORA-\""
pattern = "\"ORA-\""

metric_transformation {
name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metrics_oracle_alerts}"
Expand Down Expand Up @@ -219,7 +219,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmTBSFreespace" {
resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterTBSFreespace" {
name = "EDWLogsMetricFilterTBSFreespace"
log_group_name = aws_cloudwatch_log_group.EDWLogGroupTBSFreespace.name
pattern = "ALERT"
pattern = "ALERT"

metric_transformation {
name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metrics_tbs_freespace}"
Expand Down Expand Up @@ -247,7 +247,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmPMONstatus" {
resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterPMONstatus" {
name = "EDWLogsMetricFilterPMONstatus"
log_group_name = aws_cloudwatch_log_group.EDWLogGroupPMONstatus.name
pattern = "DOWN"
pattern = "DOWN"

metric_transformation {
name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_pmon_status}"
Expand Down Expand Up @@ -275,7 +275,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmCDCstatus" {
resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterCDCstatus" {
name = "EDWLogsMetricFilterCDCstatus"
log_group_name = aws_cloudwatch_log_group.EDWLogGroupCDCstatus.name
pattern = "[APPLY_NAME, STATUS=\"DISABLED\"]"
pattern = "[APPLY_NAME, STATUS=\"DISABLED\"]"

metric_transformation {
name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_cdc_status}"
Expand Down Expand Up @@ -303,7 +303,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmCDCstatus2" {
resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterCDCstatus2" {
name = "EDWLogsMetricFilterCDCstatus2"
log_group_name = aws_cloudwatch_log_group.EDWLogGroupCDCstatus.name
pattern = "[SOURCE_NAME ,SOURCE_ENABLED=\"N\"]"
pattern = "[SOURCE_NAME ,SOURCE_ENABLED=\"N\"]"

metric_transformation {
name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_cdc_status2}"
Expand Down Expand Up @@ -331,7 +331,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmRmanBackup" {
resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterRmanBackup" {
name = "EDWLogsMetricFilterRmanBackup"
log_group_name = aws_cloudwatch_log_group.EDWLogGroupRman.name
pattern = "?ERRORs ?Errors ?errors ?ERROR ?Error ?error"
pattern = "?ERRORs ?Errors ?errors ?ERROR ?Error ?error"

metric_transformation {
name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_name_rman_backup}"
Expand Down Expand Up @@ -359,7 +359,7 @@ resource "aws_cloudwatch_metric_alarm" "EDWLogStreamErrorsAlarmRmanArchBackup" {
resource "aws_cloudwatch_log_metric_filter" "EDWLogsMetricFilterRmanArchBackup" {
name = "EDWLogsMetricFilterRmanArchBackup"
log_group_name = aws_cloudwatch_log_group.EDWLogGroupRmanArch.name
pattern = "?FAILURE ?Failure ?failure"
pattern = "?FAILURE ?Failure ?failure"

metric_transformation {
name = "${local.application_name}_${local.application_data.accounts[local.environment].edw_log_metric_name_rman_arch_backup}"
Expand Down Expand Up @@ -543,7 +543,7 @@ EOF
# resource "aws_cloudformation_stack" "edw-cloudwatch-stack" {
# name = "${local.application_name}-cloudwatch-stack"
# capabilities = ["CAPABILITY_IAM"]

# tags = merge(
# local.tags,
# {
Expand Down
Loading

0 comments on commit 7cf7682

Please sign in to comment.