-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Sam Ainsworth
authored
Feb 27, 2024
1 parent
ec4b7ac
commit ac81a01
Showing
5 changed files
with
183 additions
and
171 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| variable "pagerduty_token" { | ||
| type = string | ||
| description = "Token for the PagerDuty API" | ||
| } | ||
|
|
||
| variable "account_mapping" { | ||
| type = map(string) | ||
| description = "Mapping of account names to account names. This is used so that development can be the default account name for ephemeral environments" | ||
| } | ||
|
|
||
| variable "lambda_container_version" { | ||
| description = "The version of the lambda container to use" | ||
| type = string | ||
| default = "latest" | ||
| } | ||
|
|
||
| variable "accounts" { | ||
| type = map( | ||
| object({ | ||
| account_id = string | ||
| shared_account_id = number | ||
| is_production = bool | ||
| retention_in_days = number | ||
| pagerduty_service_name = string | ||
| pagerduty_service_id = string | ||
| opg_metrics = object({ | ||
| enabled = bool | ||
| api_key_secretsmanager_name = string | ||
| endpoint_url = string | ||
| }) | ||
| dns_firewall = object({ | ||
| enabled = bool | ||
| domains_allowed = list(string) | ||
| domains_blocked = list(string) | ||
| }) | ||
| dynamodb_cloudtrail = object({ | ||
| enabled = bool | ||
| trail_name_suffix = string | ||
| bucket_name_suffix = string | ||
| }) | ||
| s3_access_log_bucket_name = string | ||
| regions = map( | ||
| object({ | ||
| enabled = bool | ||
| }) | ||
| ) | ||
| }) | ||
| ) | ||
| description = "Map of account names to account details" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,29 @@ | ||
| output "admin_domain" { | ||
| value = "https://${local.cluster_config.admin_fqdn}" | ||
| value = "https://${local.cluster_config.admin_fqdn}" | ||
| description = "The URL of the admin interface" | ||
| } | ||
|
|
||
| output "public_facing_use_domain" { | ||
| value = "https://${local.cluster_config.public_facing_use_fqdn}" | ||
| value = "https://${local.cluster_config.public_facing_use_fqdn}" | ||
| description = "The URL of the public facing use interface" | ||
| } | ||
|
|
||
| output "public_facing_view_domain" { | ||
| value = "https://${local.cluster_config.public_facing_view_fqdn}" | ||
| } | ||
| value = "https://${local.cluster_config.public_facing_view_fqdn}" | ||
| description = "The URL of the public facing view interface" | ||
| } | ||
|
|
||
| output "container_version" { | ||
| value = var.container_version | ||
| description = "The tag of the container image that has been deployed" | ||
| } | ||
|
|
||
| output "admin_container_version" { | ||
| value = var.admin_container_version | ||
| description = "The tag of the admin container image that has been deployed" | ||
| } | ||
|
|
||
| output "workspace_name" { | ||
| value = terraform.workspace | ||
| description = "The name of the Terraform workspace" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,111 @@ | ||
| variable "pagerduty_token" { | ||
| type = string | ||
| description = "PagerDuty API token" | ||
| } | ||
|
|
||
| variable "container_version" { | ||
| type = string | ||
| default = "latest" | ||
| description = "The version of the ECS container images to deploy" | ||
| } | ||
|
|
||
| variable "admin_container_version" { | ||
| type = string | ||
| default = "latest" | ||
| description = "The version of the admin container image to deploy" | ||
| } | ||
|
|
||
| variable "public_access_enabled" { | ||
| type = bool | ||
| default = false | ||
| description = "Whether to enable public access from the Internet to the front end via an ALB" | ||
| } | ||
|
|
||
| variable "environments" { | ||
| type = map( | ||
| object({ | ||
| account_id = string | ||
| account_name = string | ||
| autoscaling = object({ | ||
| use = object({ | ||
| minimum = number | ||
| maximum = number | ||
| }) | ||
| view = object({ | ||
| minimum = number | ||
| maximum = number | ||
| }) | ||
| api = object({ | ||
| minimum = number | ||
| maximum = number | ||
| }) | ||
| pdf = object({ | ||
| minimum = number | ||
| maximum = number | ||
| }) | ||
| }) | ||
| cookie_expires_use = number | ||
| cookie_expires_view = number | ||
| google_analytics_id_use = string | ||
| google_analytics_id_view = string | ||
| have_a_backup_plan = bool | ||
| is_production = bool | ||
| log_retention_in_days = number | ||
| logging_level = number | ||
| lpa_codes_endpoint = string | ||
| iap_images_endpoint = string | ||
| lpas_collection_endpoint = string | ||
| pagerduty_service_name = string | ||
| pagerduty_service_id = string | ||
| session_expires_use = number | ||
| session_expires_view = number | ||
| session_expires_admin = number | ||
| session_expiry_warning = number | ||
| ship_metrics_queue_enabled = bool | ||
| sirius_account_id = string | ||
| load_balancer_deletion_protection_enabled = bool | ||
| notify_key_secret_name = string | ||
| associate_alb_with_waf_web_acl_enabled = bool | ||
| pdf_container_version = string | ||
| deploy_opentelemetry_sidecar = bool | ||
| fargate_spot = bool | ||
| application_flags = object({ | ||
| allow_gov_one_login = bool | ||
| use_older_lpa_journey = bool | ||
| delete_lpa_feature = bool | ||
| allow_meris_lpas = bool | ||
| dont_send_lpas_registered_after_sep_2019_to_cleansing_team = bool | ||
| instructions_and_preferences = bool | ||
| }) | ||
| dynamodb_tables = object({ | ||
| actor_codes = object({ | ||
| name = string | ||
| }) | ||
| actor_users = object({ | ||
| name = string | ||
| }) | ||
| viewer_codes = object({ | ||
| name = string | ||
| }) | ||
| viewer_activity = object({ | ||
| name = string | ||
| }) | ||
| user_lpa_actor_map = object({ | ||
| name = string | ||
| }) | ||
| stats = object({ | ||
| name = string | ||
| }) | ||
| }), | ||
| regions = map( | ||
| object({ | ||
| enabled = bool // Are we creating resources other than DynamoDB tables in this region? (e.g. ECS services, ALBs, etc.) | ||
| name = string // The name of the region (e.g. eu-west-2) | ||
| is_active = bool // Is this the region that is currently receiving traffic? Only one region should be active at a time. | ||
| is_primary = bool // Is this the region where the primary DynamoDB tables are located? The primary region should not be changed once set. | ||
| }) | ||
| ) | ||
| }) | ||
| ) | ||
| description = "A map of environment names to environment configurations" | ||
| } |