diff --git a/README.md b/README.md index 92d701d888..6385cc8185 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ then try again ### I cannot add LPA's locally, which are in the seeded data set -Ensure that the api-gateway container is running +Ensure that the api-gateway container is running: ```shell docker ps | grep opg-use-an-lpa-codes-gateway diff --git a/terraform/environment/cognito_client.tf b/terraform/environment/cognito_client.tf index 092c5a5b78..3054416403 100644 --- a/terraform/environment/cognito_client.tf +++ b/terraform/environment/cognito_client.tf @@ -41,8 +41,8 @@ resource "aws_cognito_user_pool_client" "use_a_lasting_power_of_attorney_admin" read_attributes = [] write_attributes = [] - callback_urls = ["https://${aws_route53_record.admin_use_my_lpa.fqdn}/oauth2/idpresponse"] - logout_urls = ["https://${aws_route53_record.admin_use_my_lpa.fqdn}/"] + callback_urls = ["https://${module.eu_west_1.route53_fqdns.admin}/oauth2/idpresponse"] + logout_urls = ["https://${module.eu_west_1.route53_fqdns.admin}/"] } moved { diff --git a/terraform/environment/config_file.tf b/terraform/environment/config_file.tf index ba6a6bf7ce..1b7a473822 100644 --- a/terraform/environment/config_file.tf +++ b/terraform/environment/config_file.tf @@ -12,11 +12,11 @@ locals { viewer_codes_table = aws_dynamodb_table.viewer_codes_table.name user_lpa_actor_map = aws_dynamodb_table.user_lpa_actor_map.name stats_table = aws_dynamodb_table.stats_table.name - actor_fqdn = aws_route53_record.actor_use_my_lpa.fqdn - viewer_fqdn = aws_route53_record.viewer_use_my_lpa.fqdn - admin_fqdn = aws_route53_record.admin_use_my_lpa.fqdn - public_facing_use_fqdn = aws_route53_record.public_facing_use_lasting_power_of_attorney.fqdn - public_facing_view_fqdn = aws_route53_record.public_facing_view_lasting_power_of_attorney.fqdn + actor_fqdn = module.eu_west_1.route53_fqdns.actor + viewer_fqdn = module.eu_west_1.route53_fqdns.viewer + admin_fqdn = module.eu_west_1.route53_fqdns.admin + public_facing_use_fqdn = module.eu_west_1.route53_fqdns.public_facing_use + public_facing_view_fqdn = module.eu_west_1.route53_fqdns.public_facing_view viewer_load_balancer_security_group_name = module.eu_west_1.security_group_names.viewer_loadbalancer actor_load_balancer_security_group_name = module.eu_west_1.security_group_names.actor_loadbalancer diff --git a/terraform/environment/dns.tf b/terraform/environment/dns.tf deleted file mode 100644 index c2fde94c55..0000000000 --- a/terraform/environment/dns.tf +++ /dev/null @@ -1,137 +0,0 @@ -data "aws_route53_zone" "opg_service_justice_gov_uk" { - provider = aws.management - name = "opg.service.justice.gov.uk" -} - -data "aws_route53_zone" "live_service_use_lasting_power_of_attorney" { - provider = aws.management - name = "use-lasting-power-of-attorney.service.gov.uk" -} - -data "aws_route53_zone" "live_service_view_lasting_power_of_attorney" { - provider = aws.management - name = "view-lasting-power-of-attorney.service.gov.uk" -} - -resource "aws_service_discovery_private_dns_namespace" "internal_ecs" { - name = "${local.environment_name}.ual.internal.ecs" - vpc = data.aws_vpc.default.id -} - -//------------------------------------------------------------- -// View - -resource "aws_route53_record" "public_facing_view_lasting_power_of_attorney" { - # view-lasting-power-of-attorney.service.gov.uk - provider = aws.management - zone_id = data.aws_route53_zone.live_service_view_lasting_power_of_attorney.zone_id - name = "${local.dns_namespace_env}${data.aws_route53_zone.live_service_view_lasting_power_of_attorney.name}" - type = "A" - - alias { - evaluate_target_health = false - name = module.eu_west_1.albs.viewer.dns_name - zone_id = module.eu_west_1.albs.viewer.zone_id - } - - lifecycle { - create_before_destroy = true - } -} - -output "public_facing_view_domain" { - value = "https://${aws_route53_record.public_facing_view_lasting_power_of_attorney.fqdn}" -} - -resource "aws_route53_record" "viewer_use_my_lpa" { - # view.lastingpowerofattorney.opg.service.justice.gov.uk - provider = aws.management - zone_id = data.aws_route53_zone.opg_service_justice_gov_uk.zone_id - name = "${local.dns_namespace_env}view.lastingpowerofattorney" - type = "A" - - alias { - evaluate_target_health = false - name = module.eu_west_1.albs.viewer.dns_name - zone_id = module.eu_west_1.albs.viewer.zone_id - } - - lifecycle { - create_before_destroy = true - } -} - -moved { - from = aws_route53_record.viewer-use-my-lpa - to = aws_route53_record.viewer_use_my_lpa -} - -//------------------------------------------------------------- -// Use - -resource "aws_route53_record" "public_facing_use_lasting_power_of_attorney" { - # use-lasting-power-of-attorney.service.gov.uk - provider = aws.management - zone_id = data.aws_route53_zone.live_service_use_lasting_power_of_attorney.zone_id - name = "${local.dns_namespace_env}${data.aws_route53_zone.live_service_use_lasting_power_of_attorney.name}" - type = "A" - - alias { - evaluate_target_health = false - name = module.eu_west_1.albs.actor.dns_name - zone_id = module.eu_west_1.albs.actor.zone_id - } - lifecycle { - create_before_destroy = true - } -} - -output "public_facing_use_domain" { - value = "https://${aws_route53_record.public_facing_use_lasting_power_of_attorney.fqdn}" -} - -resource "aws_route53_record" "actor_use_my_lpa" { - # use.lastingpowerofattorney.opg.service.justice.gov.uk - provider = aws.management - zone_id = data.aws_route53_zone.opg_service_justice_gov_uk.zone_id - name = "${local.dns_namespace_env}use.lastingpowerofattorney" - type = "A" - - alias { - evaluate_target_health = false - name = module.eu_west_1.albs.actor.dns_name - zone_id = module.eu_west_1.albs.actor.zone_id - } - - lifecycle { - create_before_destroy = true - } -} - -moved { - from = aws_route53_record.actor-use-my-lpa - to = aws_route53_record.actor_use_my_lpa -} - -resource "aws_route53_record" "admin_use_my_lpa" { - # admin.lastingpowerofattorney.opg.service.justice.gov.uk - provider = aws.management - zone_id = data.aws_route53_zone.opg_service_justice_gov_uk.zone_id - name = "${local.dns_namespace_env}admin.lastingpowerofattorney" - type = "A" - - alias { - evaluate_target_health = false - name = module.eu_west_1.albs.admin.dns_name - zone_id = module.eu_west_1.albs.admin.zone_id - } - - lifecycle { - create_before_destroy = true - } -} - -moved { - from = aws_route53_record.admin_use_my_lpa[0] - to = aws_route53_record.admin_use_my_lpa -} diff --git a/terraform/environment/dns_health_check.tf b/terraform/environment/dns_health_check.tf deleted file mode 100644 index 73b202fc80..0000000000 --- a/terraform/environment/dns_health_check.tf +++ /dev/null @@ -1,61 +0,0 @@ -resource "aws_cloudwatch_metric_alarm" "viewer_health_check_alarm" { - alarm_description = "${local.environment_name} viewer health check" - alarm_name = "${local.environment_name}-viewer-healthcheck-alarm" - actions_enabled = false - comparison_operator = "LessThanThreshold" - datapoints_to_alarm = 1 - evaluation_periods = 1 - metric_name = "HealthCheckStatus" - namespace = "AWS/Route53" - period = 60 - statistic = "Minimum" - threshold = 1 - dimensions = { - HealthCheckId = aws_route53_health_check.viewer_health_check.id - } - - provider = aws.us-east-1 -} - -resource "aws_route53_health_check" "viewer_health_check" { - fqdn = aws_route53_record.viewer_use_my_lpa.fqdn - reference_name = "${substr(local.environment_name, 0, 20)}-viewer" - port = 443 - type = "HTTPS" - failure_threshold = 1 - request_interval = 30 - measure_latency = true - regions = ["us-east-1", "us-west-1", "us-west-2", "eu-west-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "sa-east-1"] - provider = aws.us-east-1 -} - -resource "aws_cloudwatch_metric_alarm" "actor_health_check_alarm" { - alarm_description = "${local.environment_name} actor health check" - alarm_name = "${local.environment_name}-actor-healthcheck-alarm" - actions_enabled = false - comparison_operator = "LessThanThreshold" - datapoints_to_alarm = 1 - evaluation_periods = 1 - metric_name = "HealthCheckStatus" - namespace = "AWS/Route53" - period = 60 - statistic = "Minimum" - threshold = 1 - dimensions = { - HealthCheckId = aws_route53_health_check.actor_health_check.id - } - - provider = aws.us-east-1 -} - -resource "aws_route53_health_check" "actor_health_check" { - fqdn = aws_route53_record.actor_use_my_lpa.fqdn - reference_name = "${substr(local.environment_name, 0, 20)}-actor" - port = 443 - type = "HTTPS" - failure_threshold = 1 - request_interval = 30 - measure_latency = true - regions = ["us-east-1", "us-west-1", "us-west-2", "eu-west-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "sa-east-1"] - provider = aws.us-east-1 -} diff --git a/terraform/environment/outputs.tf b/terraform/environment/outputs.tf index 58d69732b3..95a2be1275 100644 --- a/terraform/environment/outputs.tf +++ b/terraform/environment/outputs.tf @@ -1,3 +1,11 @@ output "admin_domain" { - value = module.eu_west_1.admin_domain -} \ No newline at end of file + value = "https://${module.eu_west_1.route53_fqdns.admin}" +} + +output "public_facing_use_domain" { + value = "https://${module.eu_west_1.route53_fqdns.public_facing_use}" +} + +output "public_facing_view_domain" { + value = "https://${module.eu_west_1.route53_fqdns.public_facing_view}" +} diff --git a/terraform/environment/refactor.tf b/terraform/environment/refactor.tf index 0617a4984e..23caaf9937 100644 --- a/terraform/environment/refactor.tf +++ b/terraform/environment/refactor.tf @@ -861,3 +861,53 @@ moved { from = aws_lambda_permission.allow_cloudwatch to = module.eu_west_1.aws_lambda_permission.allow_cloudwatch } + +moved { + from = aws_cloudwatch_metric_alarm.actor_health_check_alarm + to = module.eu_west_1.module.actor_use_my_lpa.aws_cloudwatch_metric_alarm.this[0] +} + +moved { + from = aws_cloudwatch_metric_alarm.viewer_health_check_alarm + to = module.eu_west_1.module.viewer_use_my_lpa.aws_cloudwatch_metric_alarm.this[0] +} + +moved { + from = aws_route53_health_check.actor_health_check + to = module.eu_west_1.module.actor_use_my_lpa.aws_route53_health_check.this[0] +} + +moved { + from = aws_route53_health_check.viewer_health_check + to = module.eu_west_1.module.viewer_use_my_lpa.aws_route53_health_check.this[0] +} + +moved { + from = aws_route53_record.actor_use_my_lpa + to = module.eu_west_1.module.actor_use_my_lpa.aws_route53_record.this +} + +moved { + from = aws_route53_record.admin_use_my_lpa + to = module.eu_west_1.module.admin_use_my_lpa.aws_route53_record.this +} + +moved { + from = aws_route53_record.public_facing_use_lasting_power_of_attorney + to = module.eu_west_1.module.public_facing_use_lasting_power_of_attorney.aws_route53_record.this +} + +moved { + from = aws_route53_record.public_facing_view_lasting_power_of_attorney + to = module.eu_west_1.module.public_facing_view_lasting_power_of_attorney.aws_route53_record.this +} + +moved { + from = aws_route53_record.viewer_use_my_lpa + to = module.eu_west_1.module.viewer_use_my_lpa.aws_route53_record.this +} + +moved { + from = aws_service_discovery_private_dns_namespace.internal_ecs + to = module.eu_west_1.aws_service_discovery_private_dns_namespace.internal_ecs +} diff --git a/terraform/environment/region.tf b/terraform/environment/region.tf index 5e69355b83..27a65313c7 100644 --- a/terraform/environment/region.tf +++ b/terraform/environment/region.tf @@ -4,11 +4,11 @@ module "eu_west_1" { account_name = local.environment.account_name admin_container_version = var.admin_container_version autoscaling = local.environment.autoscaling - aws_service_discovery_service = aws_service_discovery_private_dns_namespace.internal_ecs capacity_provider = local.capacity_provider container_version = var.container_version cookie_expires_use = local.environment.cookie_expires_use cookie_expires_view = local.environment.cookie_expires_view + dns_namespace_env = local.dns_namespace_env ecs_execution_role = module.iam.ecs_execution_role ecs_task_roles = module.iam.ecs_task_roles environment_name = local.environment_name @@ -68,16 +68,9 @@ module "eu_west_1" { "delete_lpa_feature" = local.environment.application_flags.delete_lpa_feature } - route_53_fqdns = { - "public_view" = aws_route53_record.public_facing_view_lasting_power_of_attorney.fqdn - "public_use" = aws_route53_record.public_facing_use_lasting_power_of_attorney.fqdn - "admin" = aws_route53_record.admin_use_my_lpa.fqdn - "actor" = aws_route53_record.actor_use_my_lpa.fqdn - "viewer" = aws_route53_record.viewer_use_my_lpa.fqdn - } - providers = { aws.region = aws.eu_west_1 aws.management = aws.management + aws.us-east-1 = aws.us-east-1 } } diff --git a/terraform/environment/region/actor_ecs.tf b/terraform/environment/region/actor_ecs.tf index d0a4f9b715..3819bc0738 100644 --- a/terraform/environment/region/actor_ecs.tf +++ b/terraform/environment/region/actor_ecs.tf @@ -194,7 +194,7 @@ locals { environment = [ { name = "WEB_DOMAIN", - value = "https://${var.route_53_fqdns.public_use}" + value = "https://${local.route53_fqdns.public_facing_use}" }, { name = "APP_HOST", diff --git a/terraform/environment/region/actor_load_balancer.tf b/terraform/environment/region/actor_load_balancer.tf index 7040515bf5..5c4cd3dcf5 100644 --- a/terraform/environment/region/actor_load_balancer.tf +++ b/terraform/environment/region/actor_load_balancer.tf @@ -107,7 +107,7 @@ resource "aws_lb_listener_rule" "rewrite_use_to_live_service_url" { type = "redirect" redirect { - host = var.route_53_fqdns.public_use + host = local.route53_fqdns.public_facing_use path = "/#{path}" query = "#{query}" port = "443" @@ -118,7 +118,7 @@ resource "aws_lb_listener_rule" "rewrite_use_to_live_service_url" { condition { host_header { values = [ - var.route_53_fqdns.actor + local.route53_fqdns.actor ] } } diff --git a/terraform/environment/region/api_ecs.tf b/terraform/environment/region/api_ecs.tf index 457d3cf2c6..5dd84d64ae 100644 --- a/terraform/environment/region/api_ecs.tf +++ b/terraform/environment/region/api_ecs.tf @@ -49,7 +49,7 @@ resource "aws_service_discovery_service" "api_ecs" { name = "api" dns_config { - namespace_id = var.aws_service_discovery_service.id + namespace_id = aws_service_discovery_private_dns_namespace.internal_ecs.id dns_records { ttl = 10 @@ -68,7 +68,7 @@ resource "aws_service_discovery_service" "api_ecs" { // locals { - api_service_fqdn = "${aws_service_discovery_service.api_ecs.name}.${var.aws_service_discovery_service.name}" + api_service_fqdn = "${aws_service_discovery_service.api_ecs.name}.${aws_service_discovery_private_dns_namespace.internal_ecs.name}" } //---------------------------------- diff --git a/terraform/environment/region/dns.tf b/terraform/environment/region/dns.tf new file mode 100644 index 0000000000..e1e297451f --- /dev/null +++ b/terraform/environment/region/dns.tf @@ -0,0 +1,113 @@ +data "aws_route53_zone" "opg_service_justice_gov_uk" { + provider = aws.management + name = "opg.service.justice.gov.uk" +} + +data "aws_route53_zone" "live_service_use_lasting_power_of_attorney" { + provider = aws.management + name = "use-lasting-power-of-attorney.service.gov.uk" +} + +data "aws_route53_zone" "live_service_view_lasting_power_of_attorney" { + provider = aws.management + name = "view-lasting-power-of-attorney.service.gov.uk" +} + +resource "aws_service_discovery_private_dns_namespace" "internal_ecs" { + name = "${var.environment_name}.ual.internal.ecs" + vpc = data.aws_vpc.default.id + + provider = aws.region +} + +module "public_facing_view_lasting_power_of_attorney" { + source = "./modules/dns" + + dns_namespace_env = var.dns_namespace_env + is_active_region = local.is_active_region + current_region = data.aws_region.current.name + zone_id = data.aws_route53_zone.live_service_view_lasting_power_of_attorney.zone_id + loadbalancer = aws_lb.viewer + dns_name = data.aws_route53_zone.live_service_view_lasting_power_of_attorney.name + environment_name = var.environment_name + + providers = { + aws.us-east-1 = aws.us-east-1 + aws.management = aws.management + } +} + +module "viewer_use_my_lpa" { + source = "./modules/dns" + + dns_namespace_env = var.dns_namespace_env + is_active_region = local.is_active_region + current_region = data.aws_region.current.name + zone_id = data.aws_route53_zone.opg_service_justice_gov_uk.zone_id + loadbalancer = aws_lb.viewer + dns_name = "view.lastingpowerofattorney" + service_name = "viewer" + create_alarm = true + create_health_check = true + environment_name = var.environment_name + + providers = { + aws.us-east-1 = aws.us-east-1 + aws.management = aws.management + } +} + +module "public_facing_use_lasting_power_of_attorney" { + source = "./modules/dns" + + dns_namespace_env = var.dns_namespace_env + is_active_region = local.is_active_region + current_region = data.aws_region.current.name + zone_id = data.aws_route53_zone.live_service_use_lasting_power_of_attorney.zone_id + dns_name = data.aws_route53_zone.live_service_use_lasting_power_of_attorney.name + loadbalancer = aws_lb.actor + environment_name = var.environment_name + + providers = { + aws.us-east-1 = aws.us-east-1 + aws.management = aws.management + } +} + +module "actor_use_my_lpa" { + source = "./modules/dns" + + dns_namespace_env = var.dns_namespace_env + is_active_region = local.is_active_region + current_region = data.aws_region.current.name + zone_id = data.aws_route53_zone.opg_service_justice_gov_uk.zone_id + loadbalancer = aws_lb.actor + dns_name = "use.lastingpowerofattorney" + service_name = "actor" + create_alarm = true + create_health_check = true + environment_name = var.environment_name + + providers = { + aws.us-east-1 = aws.us-east-1 + aws.management = aws.management + } +} + +module "admin_use_my_lpa" { + source = "./modules/dns" + + dns_namespace_env = var.dns_namespace_env + is_active_region = local.is_active_region + current_region = data.aws_region.current.name + zone_id = data.aws_route53_zone.opg_service_justice_gov_uk.zone_id + loadbalancer = aws_lb.admin + service_name = "admin" + dns_name = "admin.lastingpowerofattorney" + environment_name = var.environment_name + + providers = { + aws.us-east-1 = aws.us-east-1 + aws.management = aws.management + } +} diff --git a/terraform/environment/region/locals.tf b/terraform/environment/region/locals.tf index ca9c6f5655..5417e94576 100644 --- a/terraform/environment/region/locals.tf +++ b/terraform/environment/region/locals.tf @@ -2,6 +2,7 @@ locals { policy_region_prefix = lower(replace(data.aws_region.current.name, "-", "")) # The primary region is the region where the DynamoDB tables are created and replicated to the secondary region. + # The active region is the region where the ECS services are running. primary_region = keys({ for region, region_data in var.regions : region => region_data if region_data.is_primary })[0] is_primary_region = local.primary_region == data.aws_region.current.name ? true : false is_active_region = var.regions[data.aws_region.current.name].is_active @@ -23,4 +24,12 @@ locals { viewer_activity_table_arn = replace(var.dynamodb_tables.viewer_activity_table.arn, local.primary_region, data.aws_region.current.name) user_lpa_actor_map_arn = replace(var.dynamodb_tables.user_lpa_actor_map.arn, local.primary_region, data.aws_region.current.name) } + + route53_fqdns = { + public_facing_view = local.is_active_region ? module.public_facing_view_lasting_power_of_attorney.fqdn : "" + public_facing_use = local.is_active_region ? module.public_facing_use_lasting_power_of_attorney.fqdn : "" + admin = local.is_active_region ? module.admin_use_my_lpa.fqdn : "" + actor = local.is_active_region ? module.actor_use_my_lpa.fqdn : "" + viewer = local.is_active_region ? module.viewer_use_my_lpa.fqdn : "" + } } diff --git a/terraform/environment/region/modules/dns/main.tf b/terraform/environment/region/modules/dns/main.tf new file mode 100644 index 0000000000..8753729307 --- /dev/null +++ b/terraform/environment/region/modules/dns/main.tf @@ -0,0 +1,61 @@ +locals { + create_alarm = var.create_alarm && var.create_health_check && var.is_active_region + route_weight = var.is_active_region ? 100 : 0 +} + +resource "aws_route53_record" "this" { + zone_id = var.zone_id + name = "${var.dns_namespace_env}${var.dns_name}" + type = "A" + + alias { + evaluate_target_health = false + name = var.loadbalancer.dns_name + zone_id = var.loadbalancer.zone_id + } + + weighted_routing_policy { + weight = local.route_weight + } + + lifecycle { + create_before_destroy = true + } + + set_identifier = "${var.current_region}-${var.environment_name}-${var.service_name}" + provider = aws.management +} + +resource "aws_route53_health_check" "this" { + count = var.create_health_check ? 1 : 0 + fqdn = aws_route53_record.this.fqdn + reference_name = "${substr(var.environment_name, 0, 20)}-${var.service_name}" + port = 443 + type = "HTTPS" + failure_threshold = 1 + request_interval = 30 + measure_latency = true + regions = ["us-east-1", "us-west-1", "us-west-2", "eu-west-1", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "sa-east-1"] + + provider = aws.us-east-1 +} + +resource "aws_cloudwatch_metric_alarm" "this" { + count = local.create_alarm ? 1 : 0 + alarm_description = "${var.environment_name} ${var.service_name} health check" + alarm_name = "${var.environment_name}-${var.service_name}-healthcheck-alarm" + actions_enabled = false + comparison_operator = "LessThanThreshold" + datapoints_to_alarm = 1 + evaluation_periods = 1 + metric_name = "HealthCheckStatus" + namespace = "AWS/Route53" + period = 60 + statistic = "Minimum" + threshold = 1 + dimensions = { + HealthCheckId = aws_route53_health_check.this[0].id + } + + provider = aws.us-east-1 +} diff --git a/terraform/environment/region/modules/dns/outputs.tf b/terraform/environment/region/modules/dns/outputs.tf new file mode 100644 index 0000000000..a8acfd38ea --- /dev/null +++ b/terraform/environment/region/modules/dns/outputs.tf @@ -0,0 +1,3 @@ +output "fqdn" { + value = aws_route53_record.this.fqdn +} diff --git a/terraform/environment/region/modules/dns/terraform.tf b/terraform/environment/region/modules/dns/terraform.tf new file mode 100644 index 0000000000..328f93031b --- /dev/null +++ b/terraform/environment/region/modules/dns/terraform.tf @@ -0,0 +1,13 @@ +terraform { + required_version = ">= 1.5.2" + + required_providers { + aws = { + source = "hashicorp/aws" + configuration_aliases = [ + aws.us-east-1, + aws.management, + ] + } + } +} diff --git a/terraform/environment/region/modules/dns/variables.tf b/terraform/environment/region/modules/dns/variables.tf new file mode 100644 index 0000000000..e93789e0b0 --- /dev/null +++ b/terraform/environment/region/modules/dns/variables.tf @@ -0,0 +1,53 @@ +variable "zone_id" { + description = "The zone id of the DNS zone" + type = string +} + +variable "dns_name" { + description = "The DNS name of the DNS record" + type = string +} + +variable "environment_name" { + description = "The environment name of the DNS record" + type = string +} + +variable "create_health_check" { + description = "Create a health check for the DNS record" + type = bool + default = false +} + +variable "create_alarm" { + description = "Create an alarm for the DNS record's health check" + type = bool + default = false +} + +variable "dns_namespace_env" { + description = "The environment name of the DNS namespace" + type = string +} + +variable "loadbalancer" { + description = "The loadbalancer to point the DNS record to" +} + +variable "service_name" { + description = "The service name of the DNS record" + type = string + default = "" +} + +variable "is_active_region" { + description = "Should traffic be routed to this region. Used to create a weighted record set" + type = bool + default = false +} + +variable "current_region" { + description = "The current region" + type = string + default = "eu-west-1" +} diff --git a/terraform/environment/region/outputs.tf b/terraform/environment/region/outputs.tf index 0b34f3fe23..abde4e4941 100644 --- a/terraform/environment/region/outputs.tf +++ b/terraform/environment/region/outputs.tf @@ -31,7 +31,13 @@ output "security_group_names" { } } -output "admin_domain" { - description = "The URL for the admin interface" - value = "https://${var.route_53_fqdns.admin}" +output "route53_fqdns" { + description = "The FQDNs for the various services" + value = { + public_facing_view = local.route53_fqdns.public_facing_view + public_facing_use = local.route53_fqdns.public_facing_use + admin = local.route53_fqdns.admin + actor = local.route53_fqdns.actor + viewer = local.route53_fqdns.viewer + } } diff --git a/terraform/environment/region/pdf_ecs.tf b/terraform/environment/region/pdf_ecs.tf index d8f4d575a6..02e274a3c3 100644 --- a/terraform/environment/region/pdf_ecs.tf +++ b/terraform/environment/region/pdf_ecs.tf @@ -48,7 +48,7 @@ resource "aws_service_discovery_service" "pdf_ecs" { name = "pdf" dns_config { - namespace_id = var.aws_service_discovery_service.id + namespace_id = aws_service_discovery_private_dns_namespace.internal_ecs.id dns_records { ttl = 10 @@ -67,7 +67,7 @@ resource "aws_service_discovery_service" "pdf_ecs" { // locals { - pdf_service_fqdn = "${aws_service_discovery_service.pdf_ecs.name}.${var.aws_service_discovery_service.name}" + pdf_service_fqdn = "${aws_service_discovery_service.pdf_ecs.name}.${aws_service_discovery_private_dns_namespace.internal_ecs.name}" } //---------------------------------- diff --git a/terraform/environment/region/terraform.tf b/terraform/environment/region/terraform.tf index 563f5790bd..1d2311fb2d 100644 --- a/terraform/environment/region/terraform.tf +++ b/terraform/environment/region/terraform.tf @@ -7,6 +7,7 @@ terraform { configuration_aliases = [ aws.region, aws.management, + aws.us-east-1, ] } pagerduty = { diff --git a/terraform/environment/region/variables.tf b/terraform/environment/region/variables.tf index dd63874082..64837f50ed 100644 --- a/terraform/environment/region/variables.tf +++ b/terraform/environment/region/variables.tf @@ -39,15 +39,6 @@ variable "autoscaling" { })) } -variable "aws_service_discovery_service" { - description = "The AWS Service Discovery service to use." - type = object({ - id = string - arn = string - name = string - }) -} - variable "capacity_provider" { description = "The capacity provider to use for the ECS services." type = string @@ -68,6 +59,11 @@ variable "cookie_expires_view" { type = number } +variable "dns_namespace_env" { + description = "The environment to use for the DNS namespace." + type = string +} + variable "dynamodb_tables" { description = "The DynamoDB tables to use." type = map(object({ @@ -189,12 +185,6 @@ variable "regions" { } } -variable "route_53_fqdns" { - description = "The FQDNs to use for the Route 53 records." - - type = map(string) -} - variable "session_expires_use" { description = "The number of seconds before the session expires for the use service." type = string diff --git a/terraform/environment/region/viewer_ecs.tf b/terraform/environment/region/viewer_ecs.tf index ffb70dd340..4db5d839cc 100644 --- a/terraform/environment/region/viewer_ecs.tf +++ b/terraform/environment/region/viewer_ecs.tf @@ -195,7 +195,7 @@ locals { environment = [ { name = "WEB_DOMAIN", - value = "https://${var.route_53_fqdns.public_view}" + value = "https://${local.route53_fqdns.public_facing_view}" }, { name = "APP_HOST", diff --git a/terraform/environment/region/viewer_load_balancer.tf b/terraform/environment/region/viewer_load_balancer.tf index 259f3eb484..3d8b9e78f1 100644 --- a/terraform/environment/region/viewer_load_balancer.tf +++ b/terraform/environment/region/viewer_load_balancer.tf @@ -108,7 +108,7 @@ resource "aws_lb_listener_rule" "rewrite_view_to_live_service_url" { type = "redirect" redirect { - host = var.route_53_fqdns.public_view + host = local.route53_fqdns.public_facing_view path = "/#{path}" query = "#{query}" port = "443" @@ -119,7 +119,7 @@ resource "aws_lb_listener_rule" "rewrite_view_to_live_service_url" { condition { host_header { values = [ - var.route_53_fqdns.viewer + local.route53_fqdns.viewer ] } }