diff --git a/infra/terraform/environments/int/.terraform.lock.hcl b/infra/terraform/environments/int/.terraform.lock.hcl new file mode 100644 index 0000000000..361cefe845 --- /dev/null +++ b/infra/terraform/environments/int/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.60.0" + constraints = "~> 5.60.0" + hashes = [ + "h1:p9+40kdklLTJLQ/y7wxNjuKxUK8AVB4L9424NGNK4rY=", + "zh:08f49c9eb865e136a55dda3eb2b790f6d55cdac49f6638391dbea4b865cf307b", + "zh:090dd8b40ebf0f8e9ea05b9a142add9caeb7988d3d96c5c112e8c67c0edf566f", + "zh:30f336af1b4f0824fce2cc6e81af0986b325b135436c9d892d081e435aeed67e", + "zh:338195ca3b41249874110253412d8913f770c22294af05799ea1e343050906f5", + "zh:3a8a45b17750b01192a0fbeeed0d05c2c04840344d78d5e3233b3ecbeec17a1c", + "zh:486efe72d39f0736d9b7e00e5b889288264458a57aa0cff2d75688d6db372ee5", + "zh:5fdccc448a085fea8ecfae43ae326840abfcdf1a0aa8b8c79dd466392aa5cc3a", + "zh:9521639755cd07ec7efde86a534770e436e16a93692d070a00f6419c1038d59c", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:c2fb9240a069da9f51e7379e76c3dfaad15a97430c2e32708a7d18345434e310", + "zh:daba836b89537dfa72bb8c77e88850c20fda2a3d0f5b3803cd3d6da0ce283e3e", + "zh:db7e0755ed120ed8311f6663f49aa7157da5072b906727db3a6c47d64e0b82c6", + "zh:ea5e3fca5197639c4ad1415ca96de2924a351ecd1a885dd9184843d5eec18dbb", + "zh:f3f322951d311e45a47361f24790a90a0b8ba6d3829a00c4066a361960d2ecef", + "zh:f48b44f4887d4b51a1406057f15f1e2161cb02b271b2659349958904c678e91c", + ] +} diff --git a/infra/terraform/environments/int/backend.tf b/infra/terraform/environments/int/backend.tf new file mode 100644 index 0000000000..8435af7f87 --- /dev/null +++ b/infra/terraform/environments/int/backend.tf @@ -0,0 +1,9 @@ +terraform { + backend "s3" { + bucket = "vol-app-054614622558-terraform-state" + dynamodb_table = "vol-app-054614622558-int-terraform-state-lock" + encrypt = true + key = "int.tfstate" + region = "eu-west-1" + } +} \ No newline at end of file diff --git a/infra/terraform/environments/int/main.tf b/infra/terraform/environments/int/main.tf index e69de29bb2..37837f763e 100644 --- a/infra/terraform/environments/int/main.tf +++ b/infra/terraform/environments/int/main.tf @@ -0,0 +1,470 @@ +locals { + service_names = ["api", "selfserve", "internal", "cli"] + + legacy_service_names = ["API", "IUWEB", "SSWEB"] + + task_iam_role_statements = [ + { + effect = "Allow" + actions = [ + "secretsmanager:GetSecretValue" + ] + resources = [ + data.aws_secretsmanager_secret.this["api"].arn + ] + }, + { + effect = "Allow" + actions = [ + "ssm:GetParametersByPath" + ] + resources = [ + "arn:aws:ssm:eu-west-1:054614622558:parameter/applicationparams/qa/*" + ] + }, + { + effect = "Allow" + actions = [ + "sts:AssumeRole" + ] + resources = [ + "arn:aws:iam::000081644369:role/txc-int-consumer-role" + ] + }, + { + effect = "Allow" + actions = [ + "cognito-idp:AdminUpdateUserAttributes", + "cognito-idp:AdminSetUserPassword", + "cognito-idp:AdminRespondToAuthChallenge", + "cognito-idp:AdminResetUserPassword", + "cognito-idp:AdminInitiateAuth", + "cognito-idp:AdminGetUser", + "cognito-idp:AdminEnableUser", + "cognito-idp:AdminDisableUser", + "cognito-idp:AdminDeleteUser", + "cognito-idp:AdminCreateUser", + ] + resources = data.aws_cognito_user_pools.this.arns + }, + { + effect = "Allow" + actions = [ + "sqs:SendMessageBatch", + "sqs:SendMessage", + "sqs:ReceiveMessage", + "sqs:PurgeQueue", + "sqs:ListDeadLetterSourceQueues", + "sqs:GetQueueAttributes", + "sqs:DeleteMessageBatch", + "sqs:DeleteMessage" + ] + resources = [ + "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET-INSOLVENCY-DLQ", + "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET-INSOLVENCY", + "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET-DLQ", + "arn:aws:sqs:eu-west-1:054614622558:DEVAPPQA-OLCS-PRI-CHGET" + ] + }, + { + effect = "Allow" + actions = [ + "s3:PutObject", + ] + resources = [ + "arn:aws:s3:::devapp-olcs-pri-olcs-autotest-s3/*", + ] + }, + ] +} + +data "aws_ecr_repository" "this" { + for_each = toset(local.service_names) + + name = "vol-app/${each.key}" +} + +data "aws_security_group" "this" { + for_each = toset(local.legacy_service_names) + + name = "DEV/APP/QA-OLCS-PRI-${each.key}-SG" +} + +data "aws_subnets" "this" { + for_each = toset(setunion(local.legacy_service_names, ["BATCH"])) + + filter { + name = "tag:Name" + values = [ + "DEV/APP/QA-OLCS-PRI-${each.key}-1A", + "DEV/APP/QA-OLCS-PRI-${each.key}-1B", + "DEV/APP/QA-OLCS-PRI-${each.key}-1C" + ] + } +} + +data "aws_secretsmanager_secret" "this" { + for_each = toset(setsubtract(local.service_names, ["cli"])) + + name = "DEVAPPQA-BASE-SM-APPLICATION-${upper(each.key)}" +} + +data "aws_cognito_user_pools" "this" { + name = "DVSA-DEVAPPQA-COGNITO-USERS" +} + +data "aws_lb" "this" { + for_each = toset(local.legacy_service_names) + + name = "DEVAPPQA-OLCS-PRI-${(each.key == "API" ? "SVCS" : each.key)}-ALB" +} + +data "aws_lb_listener" "this" { + for_each = toset(local.legacy_service_names) + + load_balancer_arn = data.aws_lb.this[each.key].arn + port = each.key == "API" ? 80 : 443 +} + +data "aws_vpc" "this" { + filter { + name = "tag:Name" + values = [ + "DEV/APP-VPC" + ] + } +} + +module "service" { + source = "../../modules/service" + + environment = "qa" + + domain_name = "qa.olcs.dev-dvsacloud.uk" + assets_version = var.assets_version + + vpc_id = data.aws_vpc.this.id + + services = { + "api" = { + cpu = 1024 + memory = 4096 + + version = var.api_image_tag + repository = data.aws_ecr_repository.this["api"].repository_url + + task_iam_role_statements = local.task_iam_role_statements + + subnet_ids = data.aws_subnets.this["API"].ids + + security_group_ids = [ + data.aws_security_group.this["API"].id + ] + + lb_listener_arn = data.aws_lb_listener.this["API"].arn + listener_rule_host_header = "api.*" + } + + "internal" = { + cpu = 1024 + memory = 4096 + + version = var.internal_image_tag + repository = data.aws_ecr_repository.this["internal"].repository_url + + add_cdn_url_to_env = true + + task_iam_role_statements = [ + { + effect = "Allow" + actions = [ + "secretsmanager:GetSecretValue" + ] + resources = [ + data.aws_secretsmanager_secret.this["internal"].arn + ] + }, + { + effect = "Allow" + actions = [ + "ssm:GetParametersByPath" + ] + resources = [ + "arn:aws:ssm:eu-west-1:054614622558:parameter/applicationparams/qa/*" + ] + }, + ] + + subnet_ids = data.aws_subnets.this["IUWEB"].ids + + security_group_ids = [ + data.aws_security_group.this["IUWEB"].id + ] + + lb_listener_arn = data.aws_lb_listener.this["IUWEB"].arn + listener_rule_host_header = "iuweb.*" + } + + "selfserve" = { + cpu = 1024 + memory = 4096 + + version = var.selfserve_image_tag + repository = data.aws_ecr_repository.this["selfserve"].repository_url + + add_cdn_url_to_env = true + + task_iam_role_statements = [ + { + effect = "Allow" + actions = [ + "secretsmanager:GetSecretValue" + ] + resources = [ + data.aws_secretsmanager_secret.this["selfserve"].arn + ] + }, + { + effect = "Allow" + actions = [ + "ssm:GetParametersByPath" + ] + resources = [ + "arn:aws:ssm:eu-west-1:054614622558:parameter/applicationparams/qa/*" + ] + }, + ] + + subnet_ids = data.aws_subnets.this["SSWEB"].ids + + security_group_ids = [ + data.aws_security_group.this["SSWEB"].id + ] + + lb_listener_arn = data.aws_lb_listener.this["SSWEB"].arn + listener_rule_host_header = "ssweb.*" + } + } + + batch = { + version = var.cli_image_tag + repository = data.aws_ecr_repository.this["cli"].repository_url + + task_iam_role_statements = local.task_iam_role_statements + + subnet_ids = data.aws_subnets.this["BATCH"].ids + + jobs = [ + { + name = "ch-vs-olcs-diffs", + commands = ["batch:ch-vs-olcs-diffs"], + }, + { + name = "clean-up-variations", + commands = ["batch:clean-up-variations"], + timeout = 43200, + }, + { + name = "cns", + commands = ["batch:cns"], + timeout = 43200, + }, + { + name = "create-psv-licence-surrender-task", + commands = ["batch:create-psv-licence-surrender-task"], + timeout = 43200, + }, + { + name = "psv-operator-list-export", + commands = ["batch:data-gov-uk-export", "-v", "--report-name=psv-operator-list", "--path=/tmp/"], + timeout = 43200, + }, + { + name = "international-goods-export", + commands = ["batch:data-gov-uk-export", "-v", "--report-name=international-goods", "--path=/tmp/"], + timeout = 43200, + }, + { + name = "data-retention-populate", + commands = ["batch:data-retention", "--populate"], + }, + { + name = "data-retention-precheck", + commands = ["batch:data-retention", "--precheck"], + }, + { + name = "data-retention-delete", + commands = ["batch:data-retention", "--delete"], + }, + { + name = "data-retention-postcheck", + commands = ["batch:data-retention", "--postcheck"], + }, + { + name = "database-maintenance", + commands = ["batch:database-maintenance"], + }, + { + name = "digital-continuation-reminders", + commands = ["batch:digital-continuation-reminders"], + timeout = 43200, + }, + { + name = "duplicate-vehicle-warning", + commands = ["batch:duplicate-vehicle-warning"], + timeout = 43200, + }, + { + name = "enqueue-ch-compare", + commands = ["batch:enqueue-ch-compare"], + timeout = 1800, + }, + { + name = "expire-bus-registration", + commands = ["batch:expire-bus-registration"], + timeout = 43200, + }, + { + name = "flag-urgent-tasks", + commands = ["batch:flag-urgent-tasks"], + timeout = 1800, + }, + { + name = "import-users-from-csv", + commands = ["batch:import-users-from-csv"], + }, + { + name = "inspection-request-email", + commands = ["batch:inspection-request-email"], + timeout = 1800, + }, + { + name = "interim-end-date-enforcement", + commands = ["batch:interim-end-date-enforcement"], + timeout = 43200, + }, + { + name = "last-tm-letter", + commands = ["batch:last-tm-letter"], + timeout = 43200, + }, + { + name = "licence-status-rules", + commands = ["batch:licence-status-rules"], + timeout = 1800, + }, + { + name = "process-cl", + commands = ["batch:process-cl"], + }, + { + name = "process-inbox", + commands = ["batch:process-inbox"], + timeout = 43200, + }, + { + name = "process-ntu", + commands = ["batch:process-ntu"], + timeout = 43200, + }, + { + name = "remove-read-audit", + commands = ["batch:remove-read-audit"], + timeout = 43200, + }, + { + name = "resolve-payments", + commands = ["batch:resolve-payments"], + timeout = 150, + }, + { + name = "system-parameter", + commands = ["batch:system-parameter"], + }, + { + name = "cancel-unsubmitted-bilateral", + commands = ["permits:cancel-unsubmitted-bilateral"], + }, + { + name = "close-expired-windows", + commands = ["permits:close-expired-windows"], + timeout = 43200, + }, + { + name = "mark-expired-permits", + commands = ["permits:mark-expired-permits"], + timeout = 43200, + }, + { + name = "process-queue-general", + commands = ["queue:process-queue", "--exclude", "que_typ_ch_compare,que_typ_create_gds_vehicle_list,que_typ_create_psv_vehicle_list,que_typ_disc_printing,que_typ_print,que_typ_disc_printing_print,que_typ_create_com_lic,que_typ_remove_deleted_docs,que_typ_permit_generate,que_typ_permit_print,que_typ_run_ecmt_scoring,que_typ_accept_ecmt_scoring,que_typ_irhp_permits_allocate"], + timeout = 90, + }, + { + name = "process-queue-community-licences", + commands = ["queue:process-queue", "--type", "que_typ_create_com_lic"], + timeout = 90, + }, + { + name = "process-queue-disc-generation", + commands = ["queue:process-queue", "--type", "que_typ_create_gds_vehicle_list,que_typ_create_psv_vehicle_list,que_typ_disc_printing"], + timeout = 90, + }, + { + name = "process-queue-disc-print", + commands = ["queue:process-queue", "--type", "que_typ_disc_printing_print", "--queue-duration", "840"], + timeout = 850, + }, + { + name = "process-queue-ecmt-accept", + commands = ["queue:process-queue", "--type", "que_typ_accept_ecmt_scoring"], + timeout = 90, + }, + { + name = "process-queue-irhp-allocate", + commands = ["queue:process-queue", "--type", "que_typ_run_ecmt_scoring"], + timeout = 90, + }, + { + name = "process-queue-permit-generation", + commands = ["queue:process-queue", "--type", "que_typ_permit_generate"], + timeout = 90, + }, + { + name = "process-queue-permit-print", + commands = ["queue:process-queue", "--type", "que_typ_permit_print", "--queue-duration", "840"], + timeout = 850, + }, + { + name = "process-queue-print", + commands = ["queue:process-queue", "--type", "que_typ_print"], + timeout = 90, + }, + { + name = "process-company-profile", + commands = ["queue:process-company-profile"], + timeout = 150, + }, + { + name = "company-profile-dlq", + commands = ["queue:company-profile-dlq"], + timeout = 900, + }, + { + name = "process-insolvency", + commands = ["queue:process-insolvency"], + timeout = 900, + }, + { + name = "process-insolvency-dlq", + commands = ["queue:process-insolvency-dlq"], + timeout = 900, + }, + { + name = "transxchange-consumer", + commands = ["queue:transxchange-consumer"], + timeout = 90, + }, + ] + } +} \ No newline at end of file diff --git a/infra/terraform/environments/int/variables.tf b/infra/terraform/environments/int/variables.tf new file mode 100644 index 0000000000..bcce78d32e --- /dev/null +++ b/infra/terraform/environments/int/variables.tf @@ -0,0 +1,28 @@ +variable "assets_version" { + type = string + description = "The version of the assets" +} + +variable "api_image_tag" { + type = string + description = "The tag of the API image to deploy" + default = "latest" +} + +variable "selfserve_image_tag" { + type = string + description = "The tag of the selfserve image to deploy" + default = "latest" +} + +variable "internal_image_tag" { + type = string + description = "The tag of the internal image to deploy" + default = "latest" +} + +variable "cli_image_tag" { + type = string + description = "The tag of the cli image to deploy" + default = "latest" +}