diff --git a/src/domains/citizen-auth-app/04_fims.tf b/src/domains/citizen-auth-app/04_fims.tf index 32644128c..5d2890f91 100644 --- a/src/domains/citizen-auth-app/04_fims.tf +++ b/src/domains/citizen-auth-app/04_fims.tf @@ -74,11 +74,16 @@ locals { } } -module "fims_snet" { +data "azurerm_nat_gateway" "nat_gateway" { + name = "io-p-natgw" + resource_group_name = "io-p-rg-common" +} + +module "fims_plus_snet" { count = var.fims_enabled ? 1 : 0 source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v4.1.15" - name = "fims" - address_prefixes = var.cidr_subnet_fims + name = "fims-plus" + address_prefixes = var.cidr_subnet_fims_plus resource_group_name = data.azurerm_virtual_network.vnet_common.resource_group_name virtual_network_name = data.azurerm_virtual_network.vnet_common.name private_endpoint_network_policies_enabled = true @@ -96,17 +101,14 @@ module "fims_snet" { } } -data "azurerm_nat_gateway" "nat_gateway" { - name = "io-p-natgw" - resource_group_name = "io-p-rg-common" -} - -resource "azurerm_subnet_nat_gateway_association" "fims_snet" { +resource "azurerm_subnet_nat_gateway_association" "fims_plus_snet" { count = var.fims_enabled ? 1 : 0 nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id - subnet_id = module.fims_snet[0].id + subnet_id = module.fims_plus_snet[0].id } + + module "appservice_fims_plus" { count = var.fims_enabled ? 1 : 0 source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v4.1.15" @@ -141,7 +143,7 @@ module "appservice_fims_plus" { [], ) - subnet_id = module.fims_snet[0].id + subnet_id = module.fims_plus_snet[0].id vnet_integration = true tags = var.tags @@ -179,7 +181,7 @@ module "appservice_fims_plus_slot_staging" { [], ) - subnet_id = module.fims_snet[0].id + subnet_id = module.fims_plus_snet[0].id vnet_integration = true tags = var.tags @@ -332,6 +334,34 @@ resource "azurerm_monitor_metric_alert" "too_many_http_5xx" { # OLD FIMS TO REMOVE # ###################### +module "fims_snet" { + count = var.fims_enabled ? 1 : 0 + source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//subnet?ref=v4.1.15" + name = "fims" + address_prefixes = var.cidr_subnet_fims + resource_group_name = data.azurerm_virtual_network.vnet_common.resource_group_name + virtual_network_name = data.azurerm_virtual_network.vnet_common.name + private_endpoint_network_policies_enabled = true + + service_endpoints = [ + "Microsoft.Web", + ] + + delegation = { + name = "default" + service_delegation = { + name = "Microsoft.Web/serverFarms" + actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + } + } +} + +resource "azurerm_subnet_nat_gateway_association" "fims_snet" { + count = var.fims_enabled ? 1 : 0 + nat_gateway_id = data.azurerm_nat_gateway.nat_gateway.id + subnet_id = module.fims_snet[0].id +} + module "appservice_fims" { count = var.fims_enabled ? 1 : 0 source = "git::https://github.com/pagopa/terraform-azurerm-v3.git//app_service?ref=v4.1.15" diff --git a/src/domains/citizen-auth-app/99_variables.tf b/src/domains/citizen-auth-app/99_variables.tf index 9c4a994e1..8ac1cfa01 100644 --- a/src/domains/citizen-auth-app/99_variables.tf +++ b/src/domains/citizen-auth-app/99_variables.tf @@ -229,6 +229,11 @@ variable "cidr_subnet_fims" { description = "App service FIMS address space." } +variable "cidr_subnet_fims_plus" { + type = list(string) + description = "App service FIMS+ address space." +} + variable "fims_plan_sku_tier" { type = string description = "App service plan sku tier" diff --git a/src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars b/src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars index 660e8d2ec..74a321750 100644 --- a/src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars +++ b/src/domains/citizen-auth-app/env/weu-prod01/terraform.tfvars @@ -65,8 +65,9 @@ function_fastlogin_autoscale_default = 10 # FIMS App Service cidr_subnet_fims = ["10.0.18.0/26"] +cidr_subnet_fims_plus = ["10.0.18.64/26"] fims_plan_sku_tier = "PremiumV3" fims_plan_sku_size = "P1v3" fims_autoscale_minimum = 1 fims_autoscale_maximum = 3 -fims_autoscale_default = 1 \ No newline at end of file +fims_autoscale_default = 1