Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DP-979 Add mechanism to switch DB connection per environment #1121

Merged
merged 4 commits into from
Jan 10, 2025
Merged

DP-979 Add mechanism to switch DB connection per environment #1121

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0d47dec
DP-979 Add mechanism to switch DB connection per environment
webit4me Jan 10, 2025
59bacbd
DP-979 Switch Staging to new Clusters
webit4me Jan 10, 2025
2fb1741
Merge branch 'main' into DP-979-switch-over
webit4me Jan 10, 2025
8c570ca
DP-979 Provision Staging clusters as prod-like account
webit4me Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions terragrunt/modules/database/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,6 @@ locals {
name_prefix = var.product.resource_name
sirsi_cluster_name = "${local.name_prefix}-cluster"
ev_cluster_name = "${local.name_prefix}-ev-cluster"

is_production = var.is_production || var.environment == "staging"
}
10 changes: 5 additions & 5 deletions terragrunt/modules/database/rds-entity-verification.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ module "rds_entity_verification" {
module "cluster_entity_verification" {
source = "../db-postgres-cluster"

backup_retention_period = var.is_production ? 35 : 1
backup_retention_period = local.is_production ? 35 : 1
db_name = local.ev_cluster_name
db_sg_id = var.db_postgres_sg_id
deletion_protection = var.is_production
deletion_protection = local.is_production
engine_version = var.aurora_postgres_engine_version
family = "aurora-postgresql${floor(var.aurora_postgres_engine_version)}"
monitoring_interval = var.is_production ? 30 : 0
monitoring_role_arn = var.is_production ? var.role_rds_cloudwatch_arn : ""
performance_insights_enabled = var.is_production
monitoring_interval = local.is_production ? 30 : 0
monitoring_role_arn = local.is_production ? var.role_rds_cloudwatch_arn : ""
performance_insights_enabled = local.is_production
instance_type = var.aurora_postgres_instance_type
private_subnet_ids = var.private_subnet_ids
role_terraform_arn = var.role_terraform_arn
Expand Down
10 changes: 5 additions & 5 deletions terragrunt/modules/database/rds-sirsi.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,15 @@ module "rds_sirsi" {
module "cluster_sirsi" {
source = "../db-postgres-cluster"

backup_retention_period = var.is_production ? 35 : 1
backup_retention_period = local.is_production ? 35 : 1
db_name = local.sirsi_cluster_name
db_sg_id = var.db_postgres_sg_id
deletion_protection = var.is_production
deletion_protection = local.is_production
engine_version = var.aurora_postgres_engine_version
family = "aurora-postgresql${floor(var.aurora_postgres_engine_version)}"
monitoring_interval = var.is_production ? 30 : 0
monitoring_role_arn = var.is_production ? var.role_rds_cloudwatch_arn : ""
performance_insights_enabled = var.is_production
monitoring_interval = local.is_production ? 30 : 0
monitoring_role_arn = local.is_production ? var.role_rds_cloudwatch_arn : ""
performance_insights_enabled = local.is_production
instance_type = var.aurora_postgres_instance_type
private_subnet_ids = var.private_subnet_ids
role_terraform_arn = var.role_terraform_arn
Expand Down
16 changes: 15 additions & 1 deletion terragrunt/modules/ecs/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,20 @@ locals {

aspcore_environment = "Aws${title(var.environment)}"

aurora_cluster_enabled = contains(["staging"], var.environment)

db_sirsi_secret_arn = local.aurora_cluster_enabled ? var.db_sirsi_cluster_credentials_arn : var.db_sirsi_credentials_arn
db_ev_secret_arn = local.aurora_cluster_enabled ? var.db_ev_cluster_credentials_arn : var.db_entity_verification_credentials_arn

db_sirsi_address = local.aurora_cluster_enabled ? var.db_sirsi_cluster_address : var.db_sirsi_address
db_sirsi_name = local.aurora_cluster_enabled ? var.db_sirsi_cluster_name : var.db_sirsi_name
db_sirsi_password = "${local.db_sirsi_secret_arn}:password::"
db_sirsi_username = "${local.db_sirsi_secret_arn}:username::"
db_ev_address = local.aurora_cluster_enabled ? var.db_ev_cluster_address : var.db_entity_verification_address
db_ev_name = local.aurora_cluster_enabled ? var.db_ev_cluster_name : var.db_entity_verification_name
db_ev_password = "${local.db_ev_secret_arn}:password::"
db_ev_username = "${local.db_ev_secret_arn}:username::"

ecr_urls = {
for task in local.tasks : task => "${local.orchestrator_account_id}.dkr.ecr.eu-west-2.amazonaws.com/cdp-${task}"
}
Expand All @@ -25,7 +39,7 @@ locals {

service_version = var.pinned_service_version == null ? data.aws_ssm_parameter.orchestrator_service_version.value : var.pinned_service_version

shared_sessions_enabled = var.environment == "development" ? true : false
shared_sessions_enabled = var.environment == "development" ? true : false
ssm_data_protection_prefix = "${local.name_prefix}-ec-sessions"

migrations = ["organisation-information-migrations", "entity-verification-migrations"]
Expand Down
8 changes: 4 additions & 4 deletions terragrunt/modules/ecs/service-authority.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,17 @@ module "ecs_service_authority" {
authority_private_key = "${data.aws_secretsmanager_secret.authority_keys.arn}:PRIVATE::"
container_port = var.service_configs.authority.port
cpu = var.service_configs.authority.cpu
db_address = local.db_sirsi_address
db_name = local.db_sirsi_name
db_password = local.db_sirsi_password
db_username = local.db_sirsi_username
host_port = var.service_configs.authority.port
image = local.ecr_urls[var.service_configs.authority.name]
lg_name = aws_cloudwatch_log_group.tasks[var.service_configs.authority.name].name
lg_prefix = "app"
lg_region = data.aws_region.current.name
memory = var.service_configs.authority.memory
name = var.service_configs.authority.name
oi_db_address = var.db_sirsi_address
oi_db_name = var.db_sirsi_name
oi_db_password = "${var.db_sirsi_credentials_arn}:username::"
oi_db_username = "${var.db_sirsi_credentials_arn}:password::"
onelogin_authority = local.one_loging.credential_locations.authority
onelogin_client_id = local.one_loging.credential_locations.client_id
onelogin_private_key = local.one_loging.credential_locations.private_key
Expand Down
8 changes: 4 additions & 4 deletions terragrunt/modules/ecs/service-data-sharing.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,17 @@ module "ecs_service_data_sharing" {
aspcore_environment = local.aspcore_environment
container_port = var.service_configs.data_sharing.port
cpu = var.service_configs.data_sharing.cpu
db_address = local.db_sirsi_address
db_name = local.db_sirsi_name
db_password = local.db_sirsi_password
db_username = local.db_sirsi_username
host_port = var.service_configs.data_sharing.port
image = local.ecr_urls[var.service_configs.data_sharing.name]
lg_name = aws_cloudwatch_log_group.tasks[var.service_configs.data_sharing.name].name
lg_prefix = "app"
lg_region = data.aws_region.current.name
memory = var.service_configs.data_sharing.memory
name = var.service_configs.data_sharing.name
oi_db_address = var.db_sirsi_address
oi_db_name = var.db_sirsi_name
oi_db_password = "${var.db_sirsi_credentials_arn}:username::"
oi_db_username = "${var.db_sirsi_credentials_arn}:password::"
public_domain = var.public_domain
s3_permanent_bucket = module.s3_bucket_permanent.bucket
s3_staging_bucket = module.s3_bucket_staging.bucket
Expand Down
8 changes: 4 additions & 4 deletions terragrunt/modules/ecs/service-entity-verification.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ module "ecs_service_entity_verification" {
aspcore_environment = local.aspcore_environment
container_port = var.service_configs.entity_verification.port
cpu = var.service_configs.entity_verification.cpu
ev_db_address = var.db_entity_verification_address
ev_db_name = var.db_entity_verification_name
ev_db_password = "${var.db_entity_verification_credentials_arn}:username::"
ev_db_username = "${var.db_entity_verification_credentials_arn}:password::"
db_address = local.db_ev_address
db_name = local.db_ev_name
db_password = local.db_ev_password
db_username = local.db_ev_username
host_port = var.service_configs.entity_verification.port
image = local.ecr_urls[var.service_configs.entity_verification.name]
lg_name = aws_cloudwatch_log_group.tasks[var.service_configs.entity_verification.name].name
Expand Down
8 changes: 4 additions & 4 deletions terragrunt/modules/ecs/service-forms.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,17 @@ module "ecs_service_forms" {
aspcore_environment = local.aspcore_environment
container_port = var.service_configs.forms.port
cpu = var.service_configs.forms.cpu
db_address = local.db_sirsi_address
db_name = local.db_sirsi_name
db_password = local.db_sirsi_password
db_username = local.db_sirsi_username
host_port = var.service_configs.forms.port
image = local.ecr_urls[var.service_configs.forms.name]
lg_name = aws_cloudwatch_log_group.tasks[var.service_configs.forms.name].name
lg_prefix = "app"
lg_region = data.aws_region.current.name
memory = var.service_configs.forms.memory
name = var.service_configs.forms.name
oi_db_address = var.db_sirsi_address
oi_db_name = var.db_sirsi_name
oi_db_password = "${var.db_sirsi_credentials_arn}:username::"
oi_db_username = "${var.db_sirsi_credentials_arn}:password::"
public_domain = var.public_domain
s3_permanent_bucket = module.s3_bucket_permanent.bucket
s3_staging_bucket = module.s3_bucket_staging.bucket
Expand Down
8 changes: 4 additions & 4 deletions terragrunt/modules/ecs/service-organisation.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ module "ecs_service_organisation" {
aspcore_environment = local.aspcore_environment
container_port = var.service_configs.organisation.port
cpu = var.service_configs.organisation.cpu
db_address = local.db_sirsi_address
db_name = local.db_sirsi_name
db_password = local.db_sirsi_password
db_username = local.db_sirsi_username
govuknotify_apikey = data.aws_secretsmanager_secret_version.govuknotify_apikey.arn
govuknotify_support_admin_email = data.aws_secretsmanager_secret_version.govuknotify_support_admin_email.arn
host_port = var.service_configs.organisation.port
Expand All @@ -16,10 +20,6 @@ module "ecs_service_organisation" {
lg_region = data.aws_region.current.name
memory = var.service_configs.organisation.memory
name = var.service_configs.organisation.name
oi_db_address = var.db_sirsi_address
oi_db_name = var.db_sirsi_name
oi_db_password = "${var.db_sirsi_credentials_arn}:username::"
oi_db_username = "${var.db_sirsi_credentials_arn}:password::"
public_domain = var.public_domain
queue_entity_verification_queue_url = var.queue_entity_verification_queue_url
queue_organisation_queue_url = var.queue_organisation_queue_url
Expand Down
8 changes: 4 additions & 4 deletions terragrunt/modules/ecs/service-person.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,17 @@ module "ecs_service_person" {
aspcore_environment = local.aspcore_environment
container_port = var.service_configs.person.port
cpu = var.service_configs.person.cpu
db_address = local.db_sirsi_address
db_name = local.db_sirsi_name
db_password = local.db_sirsi_password
db_username = local.db_sirsi_username
host_port = var.service_configs.person.port
image = local.ecr_urls[var.service_configs.person.name]
lg_name = aws_cloudwatch_log_group.tasks[var.service_configs.person.name].name
lg_prefix = "app"
lg_region = data.aws_region.current.name
memory = var.service_configs.person.memory
name = var.service_configs.person.name
oi_db_address = var.db_sirsi_address
oi_db_name = var.db_sirsi_name
oi_db_password = "${var.db_sirsi_credentials_arn}:username::"
oi_db_username = "${var.db_sirsi_credentials_arn}:password::"
public_domain = var.public_domain
service_version = local.service_version
vpc_cidr = var.vpc_cider
Expand Down
8 changes: 4 additions & 4 deletions terragrunt/modules/ecs/service-tenant.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,17 @@ module "ecs_service_tenant" {
aspcore_environment = local.aspcore_environment
container_port = var.service_configs.tenant.port
cpu = var.service_configs.tenant.cpu
db_address = local.db_sirsi_address
db_name = local.db_sirsi_name
db_password = local.db_sirsi_password
db_username = local.db_sirsi_username
host_port = var.service_configs.tenant.port
image = local.ecr_urls[var.service_configs.tenant.name]
lg_name = aws_cloudwatch_log_group.tasks[var.service_configs.tenant.name].name
lg_prefix = "app"
lg_region = data.aws_region.current.name
memory = var.service_configs.tenant.memory
name = var.service_configs.tenant.name
oi_db_address = var.db_sirsi_address
oi_db_name = var.db_sirsi_name
oi_db_password = "${var.db_sirsi_credentials_arn}:username::"
oi_db_username = "${var.db_sirsi_credentials_arn}:password::"
public_domain = var.public_domain
service_version = local.service_version
vpc_cidr = var.vpc_cider
Expand Down
8 changes: 4 additions & 4 deletions terragrunt/modules/ecs/task-migrations.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ module "ecs_migration_tasks" {
lg_region = data.aws_region.current.name
memory = each.value.memory
name = each.value.name
db_address = each.value.name == "entity-verification-migrations" ? var.db_entity_verification_address : var.db_sirsi_address
db_name = each.value.name == "entity-verification-migrations" ? var.db_entity_verification_name : var.db_sirsi_name
db_password = each.value.name == "entity-verification-migrations" ? "${var.db_entity_verification_credentials_arn}:username::" : "${var.db_sirsi_credentials_arn}:username::"
db_username = each.value.name == "entity-verification-migrations" ? "${var.db_entity_verification_credentials_arn}:password::" : "${var.db_sirsi_credentials_arn}:password::"
db_address = each.value.name == "entity-verification-migrations" ? local.db_ev_address : local.db_sirsi_address
db_name = each.value.name == "entity-verification-migrations" ? local.db_ev_name : local.db_sirsi_name
db_password = each.value.name == "entity-verification-migrations" ? local.db_ev_password : local.db_sirsi_password
db_username = each.value.name == "entity-verification-migrations" ? local.db_ev_username : local.db_sirsi_username
public_domain = var.public_domain
service_version = local.service_version
}
Expand Down
10 changes: 5 additions & 5 deletions terragrunt/modules/ecs/templates/task-definitions/authority.json.tftpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,15 @@
{"name": "Aws__CloudWatch__LogStream", "value": "${lg_prefix}-serilog"},
{"name": "ForwardedHeaders__KnownNetwork", "value": "${vpc_cidr}"},
{"name": "Issuer", "value": "https://authority.${public_domain}"},
{"name": "OrganisationInformationDatabase__Database", "value": "${oi_db_name}"},
{"name": "OrganisationInformationDatabase__Host", "value": "${oi_db_address}"},
{"name": "OrganisationInformationDatabase__Server", "value": "${oi_db_address}"}
{"name": "OrganisationInformationDatabase__Database", "value": "${db_name}"},
{"name": "OrganisationInformationDatabase__Host", "value": "${db_address}"},
{"name": "OrganisationInformationDatabase__Server", "value": "${db_address}"}
],
"secrets": [
{"name": "OneLogin__Authority", "valueFrom": "${onelogin_authority}"},
{"name": "OneLogin__ClientId", "valueFrom": "${onelogin_client_id}"},
{"name": "OrganisationInformationDatabase__Password", "valueFrom": "${oi_db_username}"},
{"name": "OrganisationInformationDatabase__Username", "valueFrom": "${oi_db_password}"},
{"name": "OrganisationInformationDatabase__Password", "valueFrom": "${db_password}"},
{"name": "OrganisationInformationDatabase__Username", "valueFrom": "${db_username}"},
{"name": "PrivateKey", "valueFrom": "${authority_private_key}"}
],
"volumesFrom": [],
Expand Down
10 changes: 5 additions & 5 deletions terragrunt/modules/ecs/templates/task-definitions/data-sharing.json.tftpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,14 +28,14 @@
{"name": "Aws__CloudWatch__LogStream", "value": "${lg_prefix}-serilog"},
{"name": "DataSharingApiUrl", "value": "https://data-sharing.${public_domain}"},
{"name": "ForwardedHeaders__KnownNetwork", "value": "${vpc_cidr}"},
{"name": "OrganisationInformationDatabase__Database", "value": "${oi_db_name}"},
{"name": "OrganisationInformationDatabase__Host", "value": "${oi_db_address}"},
{"name": "OrganisationInformationDatabase__Server", "value": "${oi_db_address}"},
{"name": "OrganisationInformationDatabase__Database", "value": "${db_name}"},
{"name": "OrganisationInformationDatabase__Host", "value": "${db_address}"},
{"name": "OrganisationInformationDatabase__Server", "value": "${db_address}"},
{"name": "Organisation__Authority", "value": "https://authority.${public_domain}"}
],
"secrets": [
{"name": "OrganisationInformationDatabase__Password", "valueFrom": "${oi_db_username}"},
{"name": "OrganisationInformationDatabase__Username", "valueFrom": "${oi_db_password}"}
{"name": "OrganisationInformationDatabase__Password", "valueFrom": "${db_password}"},
{"name": "OrganisationInformationDatabase__Username", "valueFrom": "${db_username}"}
],
"volumesFrom": [],
"mountPoints": [],
Expand Down
4 changes: 2 additions & 2 deletions terragrunt/modules/ecs/templates/task-definitions/entity-verification-migrations.json.tftpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@
{"name": "Organisation__Authority", "value": "https://authority.${public_domain}"}
],
"secrets": [
{"name": "EntityVerificationDatabase__Password", "valueFrom": "${db_username}"},
{"name": "EntityVerificationDatabase__Username", "valueFrom": "${db_password}"}
{"name": "EntityVerificationDatabase__Password", "valueFrom": "${db_password}"},
{"name": "EntityVerificationDatabase__Username", "valueFrom": "${db_username}"}
],
"volumesFrom": [],
"mountPoints": [],
Expand Down
10 changes: 5 additions & 5 deletions terragrunt/modules/ecs/templates/task-definitions/entity-verification.json.tftpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,15 @@
{"name": "Aws__SqsDispatcher__QueueUrl", "value": "${queue_organisation_queue_url}"},
{"name": "Aws__SqsPublisher__QueueUrl", "value": "${queue_entity_verification_queue_url}"},
{"name": "CdpApiKeys__0", "value": "a955a529-1433-4acf-92b2-342a3e5e8086"},
{"name": "EntityVerificationDatabase__Database", "value": "${ev_db_name}"},
{"name": "EntityVerificationDatabase__Host", "value": "${ev_db_address}"},
{"name": "EntityVerificationDatabase__Server", "value": "${ev_db_address}"},
{"name": "EntityVerificationDatabase__Database", "value": "${db_name}"},
{"name": "EntityVerificationDatabase__Host", "value": "${db_address}"},
{"name": "EntityVerificationDatabase__Server", "value": "${db_address}"},
{"name": "ForwardedHeaders__KnownNetwork", "value": "${vpc_cidr}"},
{"name": "Organisation__Authority", "value": "https://authority.${public_domain}"}
],
"secrets": [
{"name": "EntityVerificationDatabase__Password", "valueFrom": "${ev_db_username}"},
{"name": "EntityVerificationDatabase__Username", "valueFrom": "${ev_db_password}"}
{"name": "EntityVerificationDatabase__Password", "valueFrom": "${db_password}"},
{"name": "EntityVerificationDatabase__Username", "valueFrom": "${db_username}"}
],
"volumesFrom": [],
"mountPoints": [],
Expand Down
Loading
Loading