CCM-5680 adding base amplify terraform

NHSDigital · Jul 18, 2024 · 3a9615c · 3a9615c
1 parent d3ad966
commit 3a9615c
Show file tree

Hide file tree

Showing 9 changed files with 239 additions and 6 deletions.
diff --git a/infrastructure/terraform/components/branch/locals_remote_state.tf b/infrastructure/terraform/components/branch/locals_remote_state.tf
@@ -0,0 +1,61 @@
+locals {
+  bootstrap = data.terraform_remote_state.bootstrap.outputs
+  acct      = data.terraform_remote_state.acct.outputs
+  iam      = data.terraform_remote_state.iam.outputs
+}
+
+data "terraform_remote_state" "bootstrap" {
+  backend = "s3"
+
+  config = {
+    bucket = local.terraform_state_bucket
+
+    key = format(
+      "%s/%s/%s/%s/bootstrap.tfstate",
+      var.project,
+      var.aws_account_id,
+      "eu-west-2",
+      "bootstrap"
+    )
+
+    region = "eu-west-2"
+  }
+}
+
+data "terraform_remote_state" "acct" {
+  backend = "s3"
+
+  config = {
+    bucket = local.terraform_state_bucket
+
+    key = format(
+      "%s/%s/%s/%s/acct.tfstate",
+      var.project,
+      var.aws_account_id,
+      "eu-west-2",
+      "main"
+    )
+
+    region = "eu-west-2"
+  }
+}
+
+data "terraform_remote_state" "iam" {
+  backend = "s3"
+
+  config = {
+    bucket = local.terraform_state_bucket
+
+    key = format(
+      "%s/%s/%s/%s/iam.tfstate",
+      var.project,
+      var.aws_account_id,
+      "eu-west-2",
+      var.parent_amplify_environment,
+    )
+
+    region = "eu-west-2"
+  }
+}
+
+
diff --git a/infrastructure/terraform/components/branch/locals_tfscaffold.tf b/infrastructure/terraform/components/branch/locals_tfscaffold.tf
@@ -0,0 +1,44 @@
+locals {
+  terraform_state_bucket = format(
+    "%s-tfscaffold-%s-%s",
+    var.project,
+    var.aws_account_id,
+    var.region,
+  )
+
+  csi = replace(
+    format(
+      "%s-%s-%s",
+      var.project,
+      var.environment,
+      var.component,
+    ),
+    "_",
+    "",
+  )
+
+  # CSI for use in resources with a global namespace, i.e. S3 Buckets
+  csi_global = replace(
+    format(
+      "%s-%s-%s-%s-%s",
+      var.project,
+      var.aws_account_id,
+      var.region,
+      var.environment,
+      var.component,
+    ),
+    "_",
+    "",
+  )
+
+  default_tags = merge(
+    var.default_tags,
+    {
+      Project     = var.project
+      Environment = var.environment
+      Component   = var.component
+      Group       = var.group
+      Name        = local.csi
+    },
+  )
+}
diff --git a/infrastructure/terraform/components/branch/module_amplify_branch.tf b/infrastructure/terraform/components/branch/module_amplify_branch.tf
@@ -0,0 +1,18 @@
+module "amplify_branch" {
+  source      = "../../modules/amp_branch"
+
+  name           = lower(substr(join("", regexall("[a-zA-Z0-9-]+",var.branch_name)),0,25))
+  aws_account_id = var.aws_account_id
+  component      = var.component
+  environment    = var.environment
+  project        = var.project
+  region         = var.region
+  group          = var.group
+
+  cognito_user_pool_client_id               = local.iam.cognito_user_pool["id"]
+  cognito_user_pool_identity_provider_names = local.iam.cognito_user_pool["identity_providers"]
+  amplify_app_id                            = local.iam.amplify["id"]
+  branch                                    = var.branch_name
+  domain_name                               = local.acct.dns_zone["name"]
+  subdomain                                 = var.environment
+}
diff --git a/infrastructure/terraform/components/branch/provider_aws.tf b/infrastructure/terraform/components/branch/provider_aws.tf
@@ -0,0 +1,24 @@
+provider "aws" {
+  region = var.region
+
+  allowed_account_ids = [
+    var.aws_account_id,
+  ]
+
+  default_tags {
+    tags = local.default_tags
+  }
+}
+
+provider "aws" {
+  alias  = "us-east-1"
+  region = "us-east-1"
+
+  default_tags {
+    tags = local.default_tags
+  }
+
+  allowed_account_ids = [
+    var.aws_account_id,
+  ]
+}
diff --git a/infrastructure/terraform/components/branch/variables.tf b/infrastructure/terraform/components/branch/variables.tf
@@ -0,0 +1,65 @@
+##
+# Basic Required Variables for tfscaffold Components
+##
+
+variable "project" {
+  type        = string
+  description = "The name of the tfscaffold project"
+}
+
+variable "environment" {
+  type        = string
+  description = "The name of the tfscaffold environment"
+}
+
+variable "aws_account_id" {
+  type        = string
+  description = "The AWS Account ID (numeric)"
+}
+
+variable "region" {
+  type        = string
+  description = "The AWS Region"
+}
+
+variable "group" {
+  type        = string
+  description = "The group variables are being inherited from (often synonmous with account short-name)"
+}
+
+##
+# tfscaffold variables specific to this component
+##
+
+# This is the only primary variable to have its value defined as
+# a default within its declaration in this file, because the variables
+# purpose is as an identifier unique to this component, rather
+# then to the environment from where all other variables come.
+variable "component" {
+  type        = string
+  description = "The variable encapsulating the name of this component"
+  default     = "branch"
+}
+
+variable "default_tags" {
+  type        = map(string)
+  description = "A map of default tags to apply to all taggable resources within the component"
+  default     = {}
+}
+
+##
+# Variables specific to the "dnsroot"component
+##
+
+variable "parent_amplify_environment" {
+  type        = string
+  description = "The name of the environment which deployed the parent Amplify resource. Used to identify the appropriate state file."
+  default     = "main"
+}
+
+variable "branch_name" {
+  type        = string
+  description = "The branch name to deploy"
+  default     = "branch"
+}
+
diff --git a/infrastructure/terraform/components/branch/versions.tf b/infrastructure/terraform/components/branch/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.50"
+    }
+  }
+
+   required_version = ">= 1.9.0"
+}
diff --git a/infrastructure/terraform/components/iam/amplify_app.tf b/infrastructure/terraform/components/iam/amplify_app.tf
@@ -16,7 +16,7 @@ resource "aws_amplify_app" "main" {
 
   environment_variables = {
     USER_POOL_ID        = aws_cognito_user_pool.main.id
-    HOSTED_LOGIN_DOMAIN = aws_cognito_user_pool.main.domain
+    # HOSTED_LOGIN_DOMAIN = "auth.${var.environment}.${local.acct.dns_zone["name"]}"
     NOTIFY_GROUP        = var.group
     NOTIFY_ENVIRONMENT  = var.environment
     NOTIFY_DOMAIN_NAME  = local.acct.dns_zone["name"]

diff --git a/infrastructure/terraform/components/iam/cognito_user_pool_domain.tf b/infrastructure/terraform/components/iam/cognito_user_pool_domain.tf
@@ -1,5 +1,4 @@
-# resource "aws_cognito_user_pool_domain" "domain" {
-#   user_pool_id = aws_cognito_user_pool.main.id
-#   domain       = local.acct.dns_zone["name"]
-#   certificate_arn = aws_acm_certificate.main.arn
-# }
+resource "aws_cognito_user_pool_domain" "main" {
+  user_pool_id = aws_cognito_user_pool.main.id
+  domain       = "nhsnotify"
+}
diff --git a/infrastructure/terraform/components/iam/outputs.tf b/infrastructure/terraform/components/iam/outputs.tf
@@ -0,0 +1,12 @@
+output "cognito_user_pool" {
+  value = {
+    id = aws_cognito_user_pool.main.id
+    identity_providers = aws_cognito_user_pool_client.main.supported_identity_providers
+  }
+}
+
+output "amplify" {
+  value = {
+    id = aws_amplify_app.main.id
+  }
+}