Skip to content

Commit

Permalink
Merge branch 'master' into TDRD-59-dirty-bucket-life-cycle-policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@TomJKing
TomJKing authored Jan 20, 2025
2 parents a5e6881 + f83728d commit c9c7d99
Show file tree
Hide file tree
Showing 9 changed files with 30 additions and 19 deletions.
2 changes: 1 addition & 1 deletion da-terraform-configurations
Submodule da-terraform-configurations updated from 1f027d to bb4d9d
2 changes: 1 addition & 1 deletion modules/database-migrations/lambda.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ resource "aws_lambda_function" "database_migration_function" {
function_name = "tdr-database-migrations-${var.environment}"
handler = "migration.Main::runMigration"
role = aws_iam_role.lambda_assume_role.arn
runtime = "java11"
runtime = "java17"
filename = "${path.module}/temp.zip"
memory_size = 512
timeout = 60
Expand Down
19 changes: 9 additions & 10 deletions root.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,15 +146,13 @@ module "upload_file_cloudfront_dirty_s3" {
}

module "upload_file_cloudfront_logs" {
source = "./tdr-terraform-modules/s3"
project = var.project
function = "upload-cloudfront-logs"
common_tags = local.common_tags
access_logs = false
canonical_user_grants = [
{ id = local.logs_delivery_canonical_user_id, permissions = ["FULL_CONTROL"] },
{ id = data.aws_canonical_user_id.canonical_user.id, permissions = ["FULL_CONTROL"] }
]
source = "./tdr-terraform-modules/s3"
project = var.project
function = "upload-cloudfront-logs"
common_tags = local.common_tags
bucket_policy = "upload_cloudfront_logs"
aws_logs_delivery_account_id = local.aws_logs_delivery_account_id
access_logs = false
}

module "cloudfront_upload" {
Expand Down Expand Up @@ -737,6 +735,7 @@ module "rotate_keycloak_secrets_lambda" {
vpc_id = module.shared_vpc.vpc_id
kms_key_arn = module.encryption_key.kms_key_arn
rotate_keycloak_secrets_event_arn = module.periodic_rotate_keycloak_secrets_event.event_arn
api_connection_arn = aws_cloudwatch_event_connection.consignment_api_connection.arn
}

module "periodic_rotate_keycloak_secrets_event" {
Expand Down Expand Up @@ -832,7 +831,7 @@ module "consignment_api_database" {
availability_zone = local.database_availability_zone
common_tags = local.common_tags
database_name = "consignmentapi"
database_version = "16.3"
database_version = "17.2"
environment = local.environment
kms_key_id = module.encryption_key.kms_key_arn
private_subnets = module.shared_vpc.private_subnets
Expand Down
6 changes: 3 additions & 3 deletions root_keycloak.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,11 +127,11 @@ module "tdr_keycloak_ecs" {
block_shared_pages = local.block_shared_keycloak_pages
})
container_name = "keycloak"
cpu = 1024
cpu = local.environment == "intg" ? 2048 : 1024
environment = local.environment
execution_role = module.keycloak_execution_role.role.arn
load_balancer_container_port = 8080
memory = 3072
memory = local.environment == "intg" ? 4096 : 3072
private_subnets = module.shared_vpc.private_backend_checks_subnets
security_groups = [module.keycloak_ecs_security_group.security_group_id]
service_name = "keycloak_service_${local.environment}"
Expand Down Expand Up @@ -166,7 +166,7 @@ module "keycloak_database_instance" {
availability_zone = local.database_availability_zone
common_tags = local.common_tags
database_name = "keycloak"
database_version = local.environment == "prod" ? "16.3" : "17.2"
database_version = "17.2"
environment = local.environment
kms_key_id = module.encryption_key.kms_key_arn
private_subnets = module.shared_vpc.private_subnets
Expand Down
2 changes: 2 additions & 0 deletions root_locals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,4 +151,6 @@ locals {
aws_guardduty_ecr_arn = module.tdr_configuration.terraform_config["aws_guardduty_ecr_arn"]

rds_retention_period_days = local.environment == "prod" ? 30 : 7

aws_logs_delivery_account_id = module.tdr_configuration.terraform_config["aws_logs_delivery_account_id"]
}
2 changes: 2 additions & 0 deletions root_transfer_service.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,8 @@ module "transfer_service_ecs_task" {
max_individual_file_size_mb = 2000
max_transfer_size_mb = 5000
transfer_service_client_secret_path = local.keycloak_tdr_transfer_service_secret_name
throttle_amount = 50
throttle_per_ms = 10
})
container_name = "transfer-service"
cpu = 512
Expand Down
2 changes: 1 addition & 1 deletion tdr-configurations
Submodule tdr-configurations updated from b4b25e to 17d55e
2 changes: 1 addition & 1 deletion tdr-terraform-modules
Submodule tdr-terraform-modules updated 10 files
+7 −0 lambda/notifications.tf
+13 −7 lambda/rotate_keycloak_secrets.tf
+13 −0 lambda/templates/rotate_keycloak_secrets_policy.json.tpl
+5 −0 lambda/variables.tf
+78 −53 s3/main.tf
+1 −1 s3/templates/cloudtrail.json.tpl
+1 −1 s3/templates/secure_transport.json.tpl
+43 −0 s3/templates/upload_cloudfront_logs.json.tpl
+7 −1 s3/variables.tf
+1 −1 vpc/main.tf
12 changes: 10 additions & 2 deletions templates/ecs_tasks/transfer_service.json.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
"value": "${transfer_service_api_port}"
},
{
"name": " MAX_NUMBER_RECORDS",
"name": "MAX_NUMBER_RECORDS",
"value": "${max_number_records}"
},
{
Expand All @@ -53,7 +53,15 @@
{
"name": "MAX_TRANSFER_SIZE_MB",
"value": "${max_transfer_size_mb}"
}
},
{
"name": "THROTTLE_AMOUNT",
"value": "${throttle_amount}"
},
{
"name": "THROTTLE_PER_MS",
"value": "${throttle_per_ms}"
}
],
"logConfiguration": {
"logDriver": "awslogs",
Expand Down

0 comments on commit c9c7d99

Please sign in to comment.