Hand over Oracle licensing work from root account to modernisation platform

[davidkelliott]

User Story

There was a PoC completed in the root account to discover Oracle licenses across the MoJ estate. This work needs to be completed and moved in to production for all MP accounts.

See here for overview of solution - https://aws.amazon.com/blogs/mt/centrally-track-oracle-database-licenses-in-aws-organizations-using-aws-license-manager-and-aws-systems-manager/

See existing work here - https://github.com/ministryofjustice/aws-root-account/blob/main/organisation-security/terraform/license-manager.tf

This story is to hand over the PoC from @davidkelliott and take it into the MP.

Value / Purpose

Realise the value of the work already done and make sure it is updated and maintained.

Useful Contacts

@davidkelliott

Additional Information

No response

Definition of Done

• Hand over from David Elliott
• Update solution so that it is working and production ready
• Document solution for users

[markgov]

Had a Meeting with Dave Eto talk about the issue going to look at what is currently in place on the root account

[markgov]

Looked at the cloudformation and possible fix to implement it on example account on it's own just in the process of testing at the moment

[markgov]

After applying an update to the cloud formation the workflow failed with the following error
╷
│ Error: waiting for CloudFormation Stack (arn:aws:cloudformation:eu-west-2:***:stack/OracleDbLTS/e0b4ffe0-256f-11ee-ab44-0ac49305d196) update: timeout while waiting for state to become 'CREATE_COMPLETE, UPDATE_COMPLETE, UPDATE_ROLLBACK_COMPLETE, UPDATE_ROLLBACK_FAILED' (last state: 'UPDATE_IN_PROGRESS', timeout: 30m0s)
│
│ with aws_cloudformation_stack.oracleblts,
│ on license-manager.tf line 47, in resource "aws_cloudformation_stack" "oracleblts":
│ 47: resource "aws_cloudformation_stack" "oracleblts" {
│
╵
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.

i have created a new PR which increases the timeout for the cloud formation stack

[markgov]

ministryofjustice/aws-root-account#1026

[markgov]

created a PR which fixs the poc ssm association so that it runs on a schedule
ministryofjustice/aws-root-account#1027

[markgov]

Unfortunately there was an error in the cloud formation code from aws i am in the process of debugging there code to make a clean run

[markgov]

New Pr sent up to change the way the yaml file is processed
ministryofjustice/aws-root-account#1030

[markgov]

Still having issues with file name length created a new PR with a shortened file name but that has failed as well need to look into this more as i think it is the s3_object upload that is failed and it due to the source being more than 255 char long

[markgov]

Going to move to blocked until i can talk to Bhat, Praveen on the 2nd of december

[markgov]

After talking with AWS they helped me update the template to get it work, this was initially failing due to a missing script on the artifact bucket i uploaded the missing script and fired off the discovery again which turned all the failed job into successful jobs and i was able to find two new instances in Athena

[markgov]

ministryofjustice/aws-root-account#1057

[markgov]

Documentation PR created for this issue see PR #8705

[markgov]

documentation complete issue complete new issue raised for the addition of more accounts