diff --git a/terraform/environments/performance-hub/backend.tf b/terraform/environments/performance-hub/backend.tf new file mode 100644 index 00000000000..d2f764eb2c6 --- /dev/null +++ b/terraform/environments/performance-hub/backend.tf @@ -0,0 +1,13 @@ +# Backend +terraform { + # `backend` blocks do not support variables, so the following are hard-coded here: + # - S3 bucket name, which is created in modernisation-platform-account/s3.tf + backend "s3" { + acl = "bucket-owner-full-control" + bucket = "modernisation-platform-terraform-state" + encrypt = true + key = "terraform.tfstate" + region = "eu-west-2" + workspace_key_prefix = "environments/members/performance-hub" # This will store the object as environments/members/performance-hub/${workspace}/terraform.tfstate + } +} diff --git a/terraform/environments/performance-hub/base_variables.tf b/terraform/environments/performance-hub/base_variables.tf new file mode 100644 index 00000000000..d196e7a5f26 --- /dev/null +++ b/terraform/environments/performance-hub/base_variables.tf @@ -0,0 +1,5 @@ +variable "networking" { + + type = list(any) + +} \ No newline at end of file diff --git a/terraform/environments/performance-hub/locals.tf b/terraform/environments/performance-hub/locals.tf new file mode 100644 index 00000000000..8856f85d258 --- /dev/null +++ b/terraform/environments/performance-hub/locals.tf @@ -0,0 +1,32 @@ +# This data sources allows us to get the Modernisation Platform account information for use elsewhere +# (when we want to assume a role in the MP, for instance) +data "aws_organizations_organization" "root_account" {} + +locals { + + application_name = "performance-hub" + + environment_management = jsondecode(data.aws_secretsmanager_secret_version.environment_management.secret_string) + + # This takes the name of the Terraform workspace (e.g. core-vpc-production), strips out the application name (e.g. core-vpc), and checks if + # the string leftover is `-production`, if it isn't (e.g. core-vpc-non-production => -non-production) then it sets the var to false. + is-production = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-production" + is-preproduction = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-preproduction" + is-test = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-test" + is-development = substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-development" + + tags = { + business-unit = "Platforms" + application = "Modernisation Platform: ${terraform.workspace}" + is-production = local.is-production + owner = "Modernisation Platform: modernisation-platform@digital.justice.gov.uk" + } + + environment = trimprefix(terraform.workspace, "${var.networking[0].application}-") + vpc_name = var.networking[0].business-unit + subnet_set = var.networking[0].set + + is_live = [substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-production" || substr(terraform.workspace, length(local.application_name), length(terraform.workspace)) == "-preproduction" ? "live" : "non-live"] + provider_name = "core-vpc-${local.environment}" + +} diff --git a/terraform/environments/performance-hub/networking.auto.tfvars.json b/terraform/environments/performance-hub/networking.auto.tfvars.json new file mode 100644 index 00000000000..1db2d1daf94 --- /dev/null +++ b/terraform/environments/performance-hub/networking.auto.tfvars.json @@ -0,0 +1,9 @@ +{ + "networking": [ + { + "business-unit": "", + "set": "", + "application": "performance-hub" + } + ] +} diff --git a/terraform/environments/performance-hub/providers.tf b/terraform/environments/performance-hub/providers.tf new file mode 100644 index 00000000000..b29be0df0b3 --- /dev/null +++ b/terraform/environments/performance-hub/providers.tf @@ -0,0 +1,33 @@ +# AWS provider for the workspace you're working in (every resource will default to using this, unless otherwise specified) +provider "aws" { + region = "eu-west-2" + assume_role { + role_arn = "arn:aws:iam::${local.environment_management.account_ids[terraform.workspace]}:role/ModernisationPlatformAccess" + } +} + +# AWS provider for the Modernisation Platform, to get things from there if required +provider "aws" { + alias = "modernisation-platform" + region = "eu-west-2" +} + +# AWS provider for core-vpc-, to share VPCs into this account +provider "aws" { + alias = "core-vpc" + region = "eu-west-2" + + assume_role { + role_arn = "arn:aws:iam::${local.environment_management.account_ids[local.provider_name]}:role/ModernisationPlatformAccess" + } +} + +# AWS provider for core-network-services-production, to share VPCs into this account +provider "aws" { + alias = "core-network-services" + region = "eu-west-2" + + assume_role { + role_arn = "arn:aws:iam::${local.environment_management.account_ids["core-network-services-production"]}:role/ModernisationPlatformAccess" + } +} \ No newline at end of file diff --git a/terraform/environments/performance-hub/secrets.tf b/terraform/environments/performance-hub/secrets.tf new file mode 100644 index 00000000000..85befaa0642 --- /dev/null +++ b/terraform/environments/performance-hub/secrets.tf @@ -0,0 +1,11 @@ +# Get secret by name for environment management +data "aws_secretsmanager_secret" "environment_management" { + provider = aws.modernisation-platform + name = "environment_management" +} + +# Get latest secret value with ID from above. This secret stores account IDs for the Modernisation Platform sub-accounts +data "aws_secretsmanager_secret_version" "environment_management" { + provider = aws.modernisation-platform + secret_id = data.aws_secretsmanager_secret.environment_management.id +} diff --git a/terraform/environments/performance-hub/versions.tf b/terraform/environments/performance-hub/versions.tf new file mode 100644 index 00000000000..57a25e444a8 --- /dev/null +++ b/terraform/environments/performance-hub/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_providers { + aws = { + version = ">= 3.34.0" + source = "hashicorp/aws" + } + } + required_version = ">= 0.14.6" +}