Merge pull request #5998 from ministryofjustice/feature/cooker-macie.tf

Addition of macie.tf to add working macie change
ministryofjustice · May 15, 2024 · fa25ac7 · fa25ac7
2 parents b5ae102 + 8d01431
commit fa25ac7
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 5 deletions.
diff --git a/terraform/environments/cooker/application_variables.json b/terraform/environments/cooker/application_variables.json
@@ -3,13 +3,13 @@
     "sandbox": {
       "ecs_type": "FARGATE",
       "rds_storage": 5,
-      "rds_postgresql_version": "12.11",
+      "rds_postgresql_version": "16.3",
       "rds_instance_class": "db.t3.micro"
     },
     "production": {
       "ecs_type": "FARGATE",
       "rds_storage": 5,
-      "rds_postgresql_version": "12.11",
+      "rds_postgresql_version": "16.3",
       "rds_instance_class": "db.t3.micro"
     }
   }

diff --git a/terraform/environments/cooker/platform_providers.tf b/terraform/environments/cooker/platform_providers.tf
@@ -65,3 +65,4 @@ provider "aws" {
     role_arn = "arn:aws:iam::${local.environment_management.aws_organizations_root_account_id}:role/ModernisationPlatformSSOReadOnly"
   }
 }
+
diff --git a/terraform/environments/example/data.tf b/terraform/environments/example/data.tf
@@ -0,0 +1,14 @@
+#### This file can be used to store data specific to the member account ####
+
+# For macie code
+ data "aws_s3_bucket" "bucket1" {
+   bucket = "bastion-example-example-development-jxaebg"
+ }
+
+ data "aws_s3_bucket" "bucket2" {
+   bucket = "config-20220505080423816000000003"
+ }
+
+ data "aws_s3_bucket" "bucket3" {
+   bucket = "s3-bucket-example20240430100555519600000006"
+ }
diff --git a/terraform/environments/example/ecs.tf b/terraform/environments/example/ecs.tf
@@ -2,6 +2,7 @@
 #------------------------Comment out file if not required----------------------------------
 ###########################################################################################
 
+
 module "ecs-cluster" {
   source = "github.com/ministryofjustice/modernisation-platform-terraform-ecs-cluster//cluster?ref=v4.0.3"
 
@@ -17,11 +18,12 @@ module "ecs-cluster" {
   environment = local.environment
   name        = local.ecs_application_name
   namespace   = "platforms"
-  tags        = local.tags
+
+  tags = local.tags
 }
 
 module "service" {
-  source = "github.com/ministryofjustice/modernisation-platform-terraform-ecs-cluster//service?ref=v3.0.0"
+  source = "git::https://github.com/ministryofjustice/modernisation-platform-terraform-ecs-cluster//service?ref=v3.0.0"
 
   container_definition_json = templatefile("${path.module}/templates/task_definition.json.tftpl", {})
   ecs_cluster_arn           = module.ecs-cluster.ecs_cluster_arn
@@ -53,7 +55,8 @@ module "service" {
   ]
 
   ignore_changes_task_definition = false
-  tags                           = local.tags
+
+  tags = local.tags
 }
 
 locals {

diff --git a/terraform/environments/example/macie.tf b/terraform/environments/example/macie.tf
@@ -0,0 +1,24 @@
+# Create macie account
+
+resource "aws_macie2_account" "example" {
+  finding_publishing_frequency = "ONE_HOUR"
+  status                       = "ENABLED"
+}
+
+# Now create a job
+
+resource "aws_macie2_classification_job" "example" {
+  job_type = "ONE_TIME"
+  name     = "<an appropriate job name>"
+  s3_job_definition {
+    bucket_definitions {
+      account_id = local.environment_management.account_ids[terraform.workspace]
+      buckets    = [
+        data.aws_s3_bucket.bucket1.id,
+        data.aws_s3_bucket.bucket2.id,
+        data.aws_s3_bucket.bucket3.id,
+      ]
+    }
+  }
+  depends_on = [ aws_macie2_account.example ]
+}
Original file line number	Diff line number	Diff line change
Expand Up		@@ -65,3 +65,4 @@ provider "aws" {
		role_arn = "arn:aws:iam::${local.environment_management.aws_organizations_root_account_id}:role/ModernisationPlatformSSOReadOnly"
		}
		}