UML-3119 Move ALBs to region module (#2368)

* UML-3119 Move ALBs to region module
ministryofjustice · Oct 12, 2023 · 007353d · 007353d
1 parent b0a11f8
commit 007353d
Show file tree

Hide file tree

Showing 19 changed files with 515 additions and 182 deletions.
diff --git a/terraform/environment/cloudwatch_alarms.tf b/terraform/environment/cloudwatch_alarms.tf
@@ -6,7 +6,7 @@ resource "aws_cloudwatch_metric_alarm" "viewer_5xx_errors" {
   comparison_operator = "GreaterThanThreshold"
   datapoints_to_alarm = 2
   dimensions = {
-    "LoadBalancer" = trimprefix(split(":", aws_lb.viewer.arn)[5], "loadbalancer/")
+    "LoadBalancer" = trimprefix(split(":", module.eu_west_1.albs.viewer.arn)[5], "loadbalancer/")
   }
   evaluation_periods        = 2
   insufficient_data_actions = []
@@ -28,7 +28,7 @@ resource "aws_cloudwatch_metric_alarm" "actor_5xx_errors" {
   comparison_operator = "GreaterThanThreshold"
   datapoints_to_alarm = 2
   dimensions = {
-    "LoadBalancer" = trimprefix(split(":", aws_lb.actor.arn)[5], "loadbalancer/")
+    "LoadBalancer" = trimprefix(split(":", module.eu_west_1.albs.actor.arn)[5], "loadbalancer/")
   }
   evaluation_periods        = 2
   insufficient_data_actions = []
@@ -86,7 +86,7 @@ resource "aws_cloudwatch_metric_alarm" "actor_ddos_attack_external" {
   treat_missing_data  = "notBreaching"
   alarm_actions       = [aws_sns_topic.cloudwatch_to_pagerduty.arn]
   dimensions = {
-    ResourceArn = aws_lb.actor.arn
+    ResourceArn = module.eu_west_1.albs.actor.arn
   }
 }
 
@@ -103,7 +103,7 @@ resource "aws_cloudwatch_metric_alarm" "viewer_ddos_attack_external" {
   treat_missing_data  = "notBreaching"
   alarm_actions       = [aws_sns_topic.cloudwatch_to_pagerduty.arn]
   dimensions = {
-    ResourceArn = aws_lb.viewer.arn
+    ResourceArn = module.eu_west_1.albs.viewer.arn
   }
 }
 
@@ -120,7 +120,7 @@ resource "aws_cloudwatch_metric_alarm" "admin_ddos_attack_external" {
   treat_missing_data  = "notBreaching"
   alarm_actions       = [aws_sns_topic.cloudwatch_to_pagerduty.arn]
   dimensions = {
-    ResourceArn = aws_lb.admin.arn
+    ResourceArn = module.eu_west_1.albs.admin.arn
   }
 }
 

diff --git a/terraform/environment/config_file.tf b/terraform/environment/config_file.tf
@@ -12,12 +12,13 @@ locals {
     viewer_codes_table                       = aws_dynamodb_table.viewer_codes_table.name
     user_lpa_actor_map                       = aws_dynamodb_table.user_lpa_actor_map.name
     stats_table                              = aws_dynamodb_table.stats_table.name
-    actor_fqdn                               = aws_route53_record.actor-use-my-lpa.fqdn
-    viewer_fqdn                              = aws_route53_record.viewer-use-my-lpa.fqdn
+    actor_fqdn                               = aws_route53_record.actor_use_my_lpa.fqdn
+    viewer_fqdn                              = aws_route53_record.viewer_use_my_lpa.fqdn
     admin_fqdn                               = aws_route53_record.admin_use_my_lpa.fqdn
     public_facing_use_fqdn                   = aws_route53_record.public_facing_use_lasting_power_of_attorney.fqdn
     public_facing_view_fqdn                  = aws_route53_record.public_facing_view_lasting_power_of_attorney.fqdn
-    viewer_load_balancer_security_group_name = aws_security_group.viewer_loadbalancer.name
-    actor_load_balancer_security_group_name  = aws_security_group.actor_loadbalancer.name
+    viewer_load_balancer_security_group_name = module.eu_west_1.security_group_names.viewer_loadbalancer
+    actor_load_balancer_security_group_name  = module.eu_west_1.security_group_names.actor_loadbalancer
+
   }
 }
diff --git a/terraform/environment/dns.tf b/terraform/environment/dns.tf
@@ -30,8 +30,8 @@ resource "aws_route53_record" "public_facing_view_lasting_power_of_attorney" {
 
   alias {
     evaluate_target_health = false
-    name                   = aws_lb.viewer.dns_name
-    zone_id                = aws_lb.viewer.zone_id
+    name                   = module.eu_west_1.albs.viewer.dns_name
+    zone_id                = module.eu_west_1.albs.viewer.zone_id
   }
 
   lifecycle {
@@ -43,7 +43,7 @@ output "public_facing_view_domain" {
   value = "https://${aws_route53_record.public_facing_view_lasting_power_of_attorney.fqdn}"
 }
 
-resource "aws_route53_record" "viewer-use-my-lpa" {
+resource "aws_route53_record" "viewer_use_my_lpa" {
   # view.lastingpowerofattorney.opg.service.justice.gov.uk
   provider = aws.management
   zone_id  = data.aws_route53_zone.opg_service_justice_gov_uk.zone_id
@@ -52,15 +52,19 @@ resource "aws_route53_record" "viewer-use-my-lpa" {
 
   alias {
     evaluate_target_health = false
-    name                   = aws_lb.viewer.dns_name
-    zone_id                = aws_lb.viewer.zone_id
+    name                   = module.eu_west_1.albs.viewer.dns_name
+    zone_id                = module.eu_west_1.albs.viewer.zone_id
   }
 
   lifecycle {
     create_before_destroy = true
   }
 }
 
+moved {
+  from = aws_route53_record.viewer-use-my-lpa
+  to   = aws_route53_record.viewer_use_my_lpa
+}
 
 //-------------------------------------------------------------
 // Use
@@ -74,8 +78,8 @@ resource "aws_route53_record" "public_facing_use_lasting_power_of_attorney" {
 
   alias {
     evaluate_target_health = false
-    name                   = aws_lb.actor.dns_name
-    zone_id                = aws_lb.actor.zone_id
+    name                   = module.eu_west_1.albs.actor.dns_name
+    zone_id                = module.eu_west_1.albs.actor.zone_id
   }
   lifecycle {
     create_before_destroy = true
@@ -86,7 +90,7 @@ output "public_facing_use_domain" {
   value = "https://${aws_route53_record.public_facing_use_lasting_power_of_attorney.fqdn}"
 }
 
-resource "aws_route53_record" "actor-use-my-lpa" {
+resource "aws_route53_record" "actor_use_my_lpa" {
   # use.lastingpowerofattorney.opg.service.justice.gov.uk
   provider = aws.management
   zone_id  = data.aws_route53_zone.opg_service_justice_gov_uk.zone_id
@@ -95,15 +99,19 @@ resource "aws_route53_record" "actor-use-my-lpa" {
 
   alias {
     evaluate_target_health = false
-    name                   = aws_lb.actor.dns_name
-    zone_id                = aws_lb.actor.zone_id
+    name                   = module.eu_west_1.albs.actor.dns_name
+    zone_id                = module.eu_west_1.albs.actor.zone_id
   }
 
   lifecycle {
     create_before_destroy = true
   }
 }
 
+moved {
+  from = aws_route53_record.actor-use-my-lpa
+  to   = aws_route53_record.actor_use_my_lpa
+}
 
 resource "aws_route53_record" "admin_use_my_lpa" {
   # admin.lastingpowerofattorney.opg.service.justice.gov.uk
@@ -114,8 +122,8 @@ resource "aws_route53_record" "admin_use_my_lpa" {
 
   alias {
     evaluate_target_health = false
-    name                   = aws_lb.admin.dns_name
-    zone_id                = aws_lb.admin.zone_id
+    name                   = module.eu_west_1.albs.admin.dns_name
+    zone_id                = module.eu_west_1.albs.admin.zone_id
   }
 
   lifecycle {

diff --git a/terraform/environment/dns_health_check.tf b/terraform/environment/dns_health_check.tf
@@ -18,7 +18,7 @@ resource "aws_cloudwatch_metric_alarm" "viewer_health_check_alarm" {
 }
 
 resource "aws_route53_health_check" "viewer_health_check" {
-  fqdn              = aws_route53_record.viewer-use-my-lpa.fqdn
+  fqdn              = aws_route53_record.viewer_use_my_lpa.fqdn
   reference_name    = "${substr(local.environment_name, 0, 20)}-viewer"
   port              = 443
   type              = "HTTPS"
@@ -49,7 +49,7 @@ resource "aws_cloudwatch_metric_alarm" "actor_health_check_alarm" {
 }
 
 resource "aws_route53_health_check" "actor_health_check" {
-  fqdn              = aws_route53_record.actor-use-my-lpa.fqdn
+  fqdn              = aws_route53_record.actor_use_my_lpa.fqdn
   reference_name    = "${substr(local.environment_name, 0, 20)}-actor"
   port              = 443
   type              = "HTTPS"

diff --git a/terraform/environment/refactor.tf b/terraform/environment/refactor.tf
@@ -177,3 +177,217 @@ moved {
   from = aws_service_discovery_service.pdf_ecs
   to   = module.eu_west_1.aws_service_discovery_service.pdf_ecs
 }
+
+moved {
+  from = aws_lb.actor
+  to   = module.eu_west_1.aws_lb.actor
+}
+
+moved {
+  from = aws_lb.admin
+  to   = module.eu_west_1.aws_lb.admin
+}
+
+moved {
+  from = aws_lb.viewer
+  to   = module.eu_west_1.aws_lb.viewer
+}
+
+moved {
+  from = aws_lb_listener.actor_loadbalancer
+  to   = module.eu_west_1.aws_lb_listener.actor_loadbalancer
+}
+
+moved {
+  from = aws_lb_listener.actor_loadbalancer_http_redirect
+  to   = module.eu_west_1.aws_lb_listener.actor_loadbalancer_http_redirect
+}
+
+moved {
+  from = aws_lb_listener.admin_loadbalancer
+  to   = module.eu_west_1.aws_lb_listener.admin_loadbalancer
+}
+moved {
+  from = aws_lb_listener.admin_loadbalancer_http_redirect
+  to   = module.eu_west_1.aws_lb_listener.admin_loadbalancer_http_redirect
+}
+
+moved {
+  from = aws_lb_listener.viewer_loadbalancer
+  to   = module.eu_west_1.aws_lb_listener.viewer_loadbalancer
+}
+
+moved {
+  from = aws_lb_listener.viewer_loadbalancer_http_redirect
+  to   = module.eu_west_1.aws_lb_listener.viewer_loadbalancer_http_redirect
+}
+
+moved {
+  from = aws_lb_listener_certificate.actor_loadbalancer_live_service_certificate
+  to   = module.eu_west_1.aws_lb_listener_certificate.actor_loadbalancer_live_service_certificate
+}
+
+moved {
+  from = aws_lb_listener_certificate.admin_loadbalancer_live_service_certificate
+  to   = module.eu_west_1.aws_lb_listener_certificate.admin_loadbalancer_live_service_certificate
+}
+
+moved {
+  from = aws_lb_listener_certificate.viewer_loadbalancer_live_service_certificate
+  to   = module.eu_west_1.aws_lb_listener_certificate.viewer_loadbalancer_live_service_certificate
+}
+
+moved {
+  from = aws_lb_listener_rule.actor_maintenance
+  to   = module.eu_west_1.aws_lb_listener_rule.actor_maintenance
+}
+
+moved {
+  from = aws_lb_listener_rule.actor_maintenance_welsh
+  to   = module.eu_west_1.aws_lb_listener_rule.actor_maintenance_welsh
+}
+
+moved {
+  from = aws_lb_listener_rule.redirect_use_root_to_gov
+  to   = module.eu_west_1.aws_lb_listener_rule.redirect_use_root_to_gov
+}
+
+moved {
+  from = aws_lb_listener_rule.redirect_view_root_to_gov
+  to   = module.eu_west_1.aws_lb_listener_rule.redirect_view_root_to_gov
+}
+
+moved {
+  from = aws_lb_listener_rule.rewrite_use_to_live_service_url
+  to   = module.eu_west_1.aws_lb_listener_rule.rewrite_use_to_live_service_url
+}
+
+moved {
+  from = aws_lb_listener_rule.rewrite_view_to_live_service_url
+  to   = module.eu_west_1.aws_lb_listener_rule.rewrite_view_to_live_service_url
+}
+
+moved {
+  from = aws_lb_listener_rule.viewer_maintenance
+  to   = module.eu_west_1.aws_lb_listener_rule.viewer_maintenance
+}
+
+moved {
+  from = aws_lb_listener_rule.viewer_maintenance_welsh
+  to   = module.eu_west_1.aws_lb_listener_rule.viewer_maintenance_welsh
+}
+
+moved {
+  from = aws_lb_target_group.actor
+  to   = module.eu_west_1.aws_lb_target_group.actor
+}
+
+moved {
+  from = aws_lb_target_group.admin
+  to   = module.eu_west_1.aws_lb_target_group.admin
+}
+
+moved {
+  from = aws_lb_target_group.viewer
+  to   = module.eu_west_1.aws_lb_target_group.viewer
+}
+
+moved {
+  from = aws_security_group.actor_loadbalancer
+  to   = module.eu_west_1.aws_security_group.actor_loadbalancer
+}
+
+moved {
+  from = aws_security_group.actor_loadbalancer_route53
+  to   = module.eu_west_1.aws_security_group.actor_loadbalancer_route53
+}
+
+moved {
+  from = aws_security_group.admin_loadbalancer
+  to   = module.eu_west_1.aws_security_group.admin_loadbalancer
+}
+
+moved {
+  from = aws_security_group.viewer_loadbalancer
+  to   = module.eu_west_1.aws_security_group.viewer_loadbalancer
+}
+
+moved {
+  from = aws_security_group.viewer_loadbalancer_route53
+  to   = module.eu_west_1.aws_security_group.viewer_loadbalancer_route53
+}
+
+moved {
+  from = aws_security_group_rule.actor_loadbalancer_egress
+  to   = module.eu_west_1.aws_security_group_rule.actor_loadbalancer_egress
+}
+
+moved {
+  from = aws_security_group_rule.actor_loadbalancer_ingress
+  to   = module.eu_west_1.aws_security_group_rule.actor_loadbalancer_ingress
+}
+
+moved {
+  from = aws_security_group_rule.actor_loadbalancer_ingress_http
+  to   = module.eu_west_1.aws_security_group_rule.actor_loadbalancer_ingress_http
+}
+
+moved {
+  from = aws_security_group_rule.actor_loadbalancer_ingress_route53_healthchecks
+  to   = module.eu_west_1.aws_security_group_rule.actor_loadbalancer_ingress_route53_healthchecks
+}
+
+moved {
+  from = aws_security_group_rule.admin_loadbalancer_egress
+  to   = module.eu_west_1.aws_security_group_rule.admin_loadbalancer_egress
+}
+
+moved {
+  from = aws_security_group_rule.admin_loadbalancer_ingress
+  to   = module.eu_west_1.aws_security_group_rule.admin_loadbalancer_ingress
+}
+
+moved {
+  from = aws_security_group_rule.admin_loadbalancer_port_80_redirect_ingress
+  to   = module.eu_west_1.aws_security_group_rule.admin_loadbalancer_port_80_redirect_ingress
+}
+
+moved {
+  from = aws_security_group_rule.viewer_loadbalancer_egress
+  to   = module.eu_west_1.aws_security_group_rule.viewer_loadbalancer_egress
+}
+
+moved {
+  from = aws_security_group_rule.viewer_loadbalancer_ingress
+  to   = module.eu_west_1.aws_security_group_rule.viewer_loadbalancer_ingress
+}
+
+moved {
+  from = aws_security_group_rule.viewer_loadbalancer_ingress_http
+  to   = module.eu_west_1.aws_security_group_rule.viewer_loadbalancer_ingress_http
+}
+
+moved {
+  from = aws_security_group_rule.viewer_loadbalancer_ingress_route53_healthchecks
+  to   = module.eu_west_1.aws_security_group_rule.viewer_loadbalancer_ingress_route53_healthchecks
+}
+
+moved {
+  from = aws_ssm_parameter.actor_maintenance_switch
+  to   = module.eu_west_1.aws_ssm_parameter.actor_maintenance_switch
+}
+
+moved {
+  from = aws_ssm_parameter.viewer_maintenance_switch
+  to   = module.eu_west_1.aws_ssm_parameter.viewer_maintenance_switch
+}
+
+moved {
+  from = aws_security_group_rule.actor_loadbalancer_ingress_production[0]
+  to   = module.eu_west_1.aws_security_group_rule.actor_loadbalancer_ingress_public_access[0]
+}
+
+moved {
+  from = aws_security_group_rule.viewer_loadbalancer_ingress_public_access[0]
+  to   = module.eu_west_1.aws_security_group_rule.viewer_loadbalancer_ingress_public_access[0]
+}