From f4c3ada25b0e194608dc97132bdff4bc977f1cd0 Mon Sep 17 00:00:00 2001 From: Chuck Daniels Date: Thu, 19 Oct 2023 06:04:00 -0400 Subject: [PATCH] Set correct email address for ORCA DLQ subscription --- app/stacks/cumulus/ssm_parameters.tf | 41 +++++++++++++-------------- app/stacks/cumulus/tfvars/base.tfvars | 2 +- app/stacks/cumulus/tfvars/prod.tfvars | 2 -- 3 files changed, 20 insertions(+), 25 deletions(-) diff --git a/app/stacks/cumulus/ssm_parameters.tf b/app/stacks/cumulus/ssm_parameters.tf index ce571d8..270c068 100644 --- a/app/stacks/cumulus/ssm_parameters.tf +++ b/app/stacks/cumulus/ssm_parameters.tf @@ -54,6 +54,25 @@ data "aws_ssm_parameter" "csdap_client_password" { name = "/shared/cumulus/csdap-client-password" } +# ORCA Bucket Access +# +# Currently, the buckets must be setup in the Disaster Recovery (DR) AWS +# accounts. There are only DR AWS accounts for CBA UAT and CBA PROD. +# +# Unfortunately, this parameter must be refreshed every time these keys expire. +# To refresh, do the following: +# +# 1. Make new long-term access keys +# 2. For each environment, run the following +# +# DOTENV=<.env file for UAT or Prod> make bash +# aws ssm put-parameter --name ACCESS_NAME --overwrite --value NEW_ACCESS_KEY +# aws ssm put-parameter --name SECRET_NAME --overwrite --value NEW_SECRET_KEY +# +# where ACCESS_NAME and SECRET_NAME are the `name` values in the respective +# SSM parameters below, and NEW_ACCESS_KEY and NEW_SECRET_KEY are the new +# values, respectively. + data "aws_ssm_parameter" "orca_s3_access_key" { name = "/shared/cumulus/orca/dr/s3-access-key" } @@ -92,28 +111,6 @@ data "aws_ssm_parameter" "metrics_aws_account_id" { name = "/shared/cumulus/metrics-aws-account-id" } -# ORCA Bucket Access - Note: As of now, the Buckets must be setup on the DR AWS accounts -# There are only DR AWS accounts for CBA UAT and CBA PROD -# -# Unfortunately, This parameter must be refreshed everytime these keys expire. -# To refresh, do the following -# (1) Make new keys -# (2) For each environment, run the following commands -# (2a) make bash -# (2b) aws ssm put-parameter --type SecureString --name NAME --overwrite --value VALUE -# -# Note, for setting the FIRST time, the command is slightly different (no --overwrite) -# # aws ssm put-parameter --type SecureString --name NAME --value VALUE -# TODO - add some of the above stuff to the proper documentation - -#data "aws_ssm_parameter" "orca_s3_access_key" { -# name = "/shared/cumulus/orca/dr/s3-access-key" -#} - -#data "aws_ssm_parameter" "orca_s3_secret_key" { -# name = "/shared/cumulus/orca/dr/s3-secret-key" -#} - # <% end %> #------------------------------------------------------------------------------- diff --git a/app/stacks/cumulus/tfvars/base.tfvars b/app/stacks/cumulus/tfvars/base.tfvars index c19d876..54d2f07 100644 --- a/app/stacks/cumulus/tfvars/base.tfvars +++ b/app/stacks/cumulus/tfvars/base.tfvars @@ -15,7 +15,7 @@ #<% depends_on("rds-cluster") %> cmr_environment = "UAT" -orca_dlq_subscription_email = "pic8690@gmail.com" +orca_dlq_subscription_email = "csdap@uah.edu" system_bucket = "<%= bucket('internal') %>" diff --git a/app/stacks/cumulus/tfvars/prod.tfvars b/app/stacks/cumulus/tfvars/prod.tfvars index fd07562..0352275 100644 --- a/app/stacks/cumulus/tfvars/prod.tfvars +++ b/app/stacks/cumulus/tfvars/prod.tfvars @@ -17,8 +17,6 @@ cumulus_distribution_url = "https://data.csdap.earthdata.nasa.gov/" cumulus_distribution_url = "https://data.csda.earthdata.nasa.gov/" # <% end %> -#orca_dlq_subscription_email = "" - metrics_es_host = "https://d23fzndssjmbvi.cloudfront.net/" # <% if in_cba? then %>