Skip to content

Commit

Permalink
Merge pull request #40 from companieshouse/linux-dev/adding-other-groups
Browse files Browse the repository at this point in the history 
added linux-dev-02
  • Loading branch information
@charris-CH
charris-CH authored Dec 12, 2024
2 parents d568cea + 5ebd59a commit 02c9391
Show file tree
Hide file tree
Showing 75 changed files with 708 additions and 3,268 deletions.
Binary file removed groups/.DS_Store
View file
Binary file not shown.
16 changes: 8 additions & 8 deletions groups/linux-dev-01/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# unix-dev-01 - UNIX dev/test server
# linux-dev-01 - linux dev/test server
Terraform for provisioning the E5 application's Late Filing Penalties Framework environment.

<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
Expand All @@ -20,12 +20,12 @@ Terraform for provisioning the E5 application's Late Filing Penalties Framework

| Name | Type |
|------|------|
| [aws_instance.unix-dev-01](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_route53_record.unix-dev-01](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_security_group.unix-dev-01](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_vpc_security_group_ingress_rule.unix-dev-01_ssh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
| [aws_vpc_security_group_egress_rule.unix-dev-01_all_out](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
| [aws_ami.unix-dev-01_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_instance.linux-dev-01](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance) | resource |
| [aws_route53_record.linux-dev-01](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
| [aws_security_group.linux-dev-01](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_vpc_security_group_ingress_rule.linux-dev-01_ssh](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule) | resource |
| [aws_vpc_security_group_egress_rule.linux-dev-01_all_out](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule) | resource |
| [aws_ami.linux-dev-01_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
| [aws_ec2_managed_prefix_list.shared_services_management](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_list) | data source |
| [aws_subnet.application](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
| [aws_subnets.application](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets) | data source |
Expand Down Expand Up @@ -85,7 +85,7 @@ This method is no longer in use, but used environment variables `VAULT_ADDR` and
| <a name="local_common_resource_name"></a> [common_resource_name](#local\_common_resource_name) | Common name format for resources |
| <a name="local_common_tags"></a> [common_tags](#local\_common_tags) | Common tags to be applied to all resources |
| <a name="local_dns_zone"></a> [dns_zone](#local\_dns_zone) | The DNS zone for the environment |
| <a name="local_unix-dev-01_ami_owner_id"></a> [unix-dev-01_ami_owner_id](#local\_unix-dev-01_ami_owner_id) | E5 lfp AMI owner ID |
| <a name="local_linux-dev-01_ami_owner_id"></a> [linux-dev-01_ami_owner_id](#local\_linux-dev-01_ami_owner_id) | E5 lfp AMI owner ID |
| <a name="local_security_kms_keys_data"></a> [security_kms_keys_data](#local\_security_kms_keys_data) | Security KMS keys data from Vault |
| <a name="local_security_s3_data"></a> [security_s3_data](#local\_security_s3_data) | Security S3 bucket data from Vault |
| <a name="local_session_manager_bucket_name"></a> [session_manager_bucket_name](#local\_session_manager_bucket_name) | Session Manager S3 bucket name |
Expand Down
40 changes: 20 additions & 20 deletions groups/linux-dev-01/cloudwatch.tf
View file
Original file line number Diff line number Diff line change
@@ -1,62 +1,62 @@
resource "aws_cloudwatch_metric_alarm" "uninx_dev_01_server_cpu95" {
alarm_name = "WARNING-unix-dev-01-CPUUtilization"
resource "aws_cloudwatch_metric_alarm" "linux_dev_01_server_cpu95" {
alarm_name = "WARNING-linux-dev-01-CPUUtilization"
evaluation_periods = "1"
comparison_operator = "GreaterThanOrEqualToThreshold"
metric_name = "CPUUtilization"
namespace = "UNIX-DEV-01/EC2"
namespace = "LINUX-DEV-01/EC2"
period = "60"
statistic = "Maximum"
threshold = "95"
alarm_description = "This metric monitors ec2 cpu utilization system"
insufficient_data_actions = []
alarm_actions = [aws_sns_topic.unix_dev_01.arn]
ok_actions = [aws_sns_topic.unix_dev_01.arn]
alarm_actions = [aws_sns_topic.linux_dev_01.arn]
ok_actions = [aws_sns_topic.linux_dev_01.arn]
}

resource "aws_cloudwatch_metric_alarm" "unix_dev_01_server_StatusCheckFailed" {
alarm_name = "CRITICAL-unxi-dev-01-StatusCheckFailed"
resource "aws_cloudwatch_metric_alarm" "linux_dev_01_server_StatusCheckFailed" {
alarm_name = "CRITICAL-linux-dev-01-StatusCheckFailed"
evaluation_periods = "1"
comparison_operator = "GreaterThanOrEqualToThreshold"
metric_name = "StatusCheckFailed"
namespace = "UNIX-DEV-01/EC2"
namespace = "LINUX-DEV-01/EC2"
period = "300"
statistic = "Maximum"
threshold = "1"
alarm_description = "This metric monitors StatusCheckFailed"
insufficient_data_actions = []
alarm_actions = [aws_sns_topic.unix_dev_01.arn]
ok_actions = [aws_sns_topic.unix_dev_01.arn]
alarm_actions = [aws_sns_topic.linux_dev_01.arn]
ok_actions = [aws_sns_topic.linux_dev_01.arn]
}

resource "aws_cloudwatch_metric_alarm" "unix_dev_01_server_disk_space" {
alarm_name = "CRITICAL-unix-dev-01-disk-space"
resource "aws_cloudwatch_metric_alarm" "linux_dev_01_server_disk_space" {
alarm_name = "CRITICAL-linux-dev-01-disk-space"
comparison_operator = "GreaterThanOrEqualToThreshold"
metric_name = "disk_used_percent"
namespace = "UNIX-DEV-01/EC2"
namespace = "LINUX-DEV-01/EC2"
period = "600"
evaluation_periods = "1"
statistic = "Average"
threshold = "90"
alarm_description = "The disk space average precetage is over 90% for the last 10 minutes"
alarm_actions = [aws_sns_topic.unix_dev_01.arn]
ok_actions = [aws_sns_topic.unix_dev_01.arn]
alarm_actions = [aws_sns_topic.linux_dev_01.arn]
ok_actions = [aws_sns_topic.linux_dev_01.arn]
dimensions = {
path = "*"
}
}

resource "aws_cloudwatch_metric_alarm" "unix_dev_01_server_root_disk_space" {
alarm_name = "WARNING-unix-dev-01-root-disk-space"
resource "aws_cloudwatch_metric_alarm" "linux_dev_01_server_root_disk_space" {
alarm_name = "WARNING-linux-dev-01-root-disk-space"
comparison_operator = "GreaterThanOrEqualToThreshold"
metric_name = "disk_used_percent"
namespace = "UNIX-DEV-01/EC2"
namespace = "LINUX-DEV-01/EC2"
period = "600"
evaluation_periods = "1"
statistic = "Average"
threshold = "80"
alarm_description = "The disk space average precetage is over 80% for the last 10 minutes"
alarm_actions = [aws_sns_topic.unix_dev_01.arn]
ok_actions = [aws_sns_topic.unix_dev_01.arn]
alarm_actions = [aws_sns_topic.linux_dev_01.arn]
ok_actions = [aws_sns_topic.linux_dev_01.arn]
dimensions = {
path = "/"
}
Expand Down
6 changes: 3 additions & 3 deletions groups/linux-dev-01/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ data "aws_vpc" "heritage-development" {
}
}

data "aws_route53_zone" "unix_dev_01" {
data "aws_route53_zone" "linux_dev_01" {
name = local.dns_zone
vpc_id = data.aws_vpc.heritage-development.id
}
Expand All @@ -43,7 +43,7 @@ data "aws_subnet" "application" {
id = tolist(data.aws_subnets.application.ids)[count.index]
}

data "aws_ami" "unix_dev_ami" {
data "aws_ami" "linux_dev_ami" {
most_recent = true
name_regex = "^rhel9-base-\\d.\\d.\\d"

Expand Down Expand Up @@ -98,6 +98,6 @@ data "template_file" "userdata" {
vars = {
ENVIRONMENT = title(var.environment)
APPLICATION_NAME = var.service_subtype
ANSIBLE_INPUTS = jsonencode(merge(local.ansible_inputs, { hostname = format("%s-%02d", var.service_subtype) }))
ANSIBLE_INPUTS = jsonencode(merge(local.ansible_inputs, { hostname = format("%s", var.service_subtype) }))
}
}
6 changes: 3 additions & 3 deletions groups/linux-dev-01/dns.tf
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
resource "aws_route53_record" "unix_dev_01" {
resource "aws_route53_record" "linux_dev_01" {
count = var.instance_count

zone_id = data.aws_route53_zone.unix_dev_01.zone_id
zone_id = data.aws_route53_zone.linux_dev_01.zone_id
name = "${var.service_subtype}"
type = "A"
ttl = 300
records = [aws_instance.unix_dev_01[0].private_ip]
records = [aws_instance.linux_dev_01[0].private_ip]
}
6 changes: 3 additions & 3 deletions groups/linux-dev-01/instance.tf
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
resource "aws_instance" "unix_dev_01" {
resource "aws_instance" "linux_dev_01" {
count = var.instance_count

ami = data.aws_ami.unix_dev_ami.id
ami = data.aws_ami.linux_dev_ami.id
instance_type = var.instance_type
subnet_id = element(local.application_subnet_ids_by_az, count.index) # use 'element' function for wrap-around behaviour

iam_instance_profile = module.instance_profile.aws_iam_instance_profile.name
vpc_security_group_ids = [aws_security_group.unix_dev_01.id]
vpc_security_group_ids = [aws_security_group.linux_dev_01.id]
tags = {
Name = "${local.common_resource_name}-${count.index + 1}"
Environment = var.environment
Expand Down
4 changes: 2 additions & 2 deletions groups/linux-dev-01/profiles/heritage-development-eu-west-2/development/vars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ dns_zone_suffix = "heritage.aws.internal"

instance_count = "1"
instance_type = "t2.medium"
root_volume_size = 20
root_volume_size = 40
data_volume_size_gib = 20
service = "unix-development"
service_subtype = "unix-dev-01"
service_subtype = "linux-dev-01"
application_subnet_pattern = "sub-application-*"
default_log_retention_in_days = "7"
10 changes: 5 additions & 5 deletions groups/linux-dev-01/security_groups.tf
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
resource "aws_security_group" "unix_dev_01" {
resource "aws_security_group" "linux_dev_01" {
name = local.common_resource_name
description = "Security group for the ${var.service_subtype} EC2 instances"
vpc_id = data.aws_vpc.heritage-development.id
Expand All @@ -8,18 +8,18 @@ resource "aws_security_group" "unix_dev_01" {
})
}

resource "aws_vpc_security_group_ingress_rule" "unix_dev_01_ssh" {
resource "aws_vpc_security_group_ingress_rule" "linux_dev_01_ssh" {
description = "Allow SSH connectivity for application deployments"
security_group_id = aws_security_group.unix_dev_01.id
security_group_id = aws_security_group.linux_dev_01.id
prefix_list_id = data.aws_ec2_managed_prefix_list.administration_cidr_ranges.id
ip_protocol = "tcp"
from_port = 22
to_port = 22
}

resource "aws_vpc_security_group_egress_rule" "unix_dev_01_all_out" {
resource "aws_vpc_security_group_egress_rule" "linux_dev_01_all_out" {
description = "Allow outbound traffic"
security_group_id = aws_security_group.unix_dev_01.id
security_group_id = aws_security_group.linux_dev_01.id
cidr_ipv4 = "0.0.0.0/0"
ip_protocol = "-1"
}
Expand Down
16 changes: 8 additions & 8 deletions groups/linux-dev-01/sns.tf
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,23 @@
resource "aws_sns_topic" "unix_dev_01" {
name = "unix-dev-01"
resource "aws_sns_topic" "linux_dev_01" {
name = "linux-dev-01"
}

resource "aws_sns_topic_subscription" "unix_dev_01_system_Subscription" {
topic_arn = aws_sns_topic.unix_dev_01.arn
resource "aws_sns_topic_subscription" "linux_dev_01_system_Subscription" {
topic_arn = aws_sns_topic.linux_dev_01.arn
protocol = "email"
endpoint = local.linux_sns_email

depends_on = [
aws_sns_topic.unix_dev_01
aws_sns_topic.linux_dev_01
]
}

resource "aws_sns_topic_subscription" "unix_dev_01_system_Subscriptionhttps" {
topic_arn = aws_sns_topic.unix_dev_01.arn
resource "aws_sns_topic_subscription" "linux_dev_01_system_Subscriptionhttps" {
topic_arn = aws_sns_topic.linux_dev_01.arn
protocol = "https"
endpoint = data.vault_generic_secret.sns_url.data["linux_url"]

depends_on = [
aws_sns_topic.unix_dev_01
aws_sns_topic.linux_dev_01
]
}
2 changes: 1 addition & 1 deletion groups/linux-dev-01/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ variable "instance_count" {
variable "root_volume_size" {
type = number
description = "The size of the root volume in gibibytes (GiB)."
default = 40
default = 20
}

variable "encrypt_root_block_device" {
Expand Down
Loading

0 comments on commit 02c9391

Please sign in to comment.