cleanup

bcgov · Dec 13, 2024 · 257255a · 257255a
1 parent 5b0bf47
commit 257255a
Show file tree

Hide file tree

Showing 7 changed files with 101 additions and 264 deletions.
diff --git a/.github/workflows/aws-template-terraform.yml b/.github/workflows/aws-template-terraform.yml
diff --git a/.github/workflows/build-and-test-web.yml b/.github/workflows/build-and-test-web.yml
@@ -18,7 +18,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [12.x]
+        node-version: [18.x]
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4

diff --git a/.github/workflows/deploy-infra-sandbox.yml b/.github/workflows/deploy-infra-sandbox.yml
diff --git a/infrastructure/cloud/environments/dev/webapp.tf b/infrastructure/cloud/environments/dev/webapp.tf
@@ -1,16 +1,22 @@
-# This the rest of JASPER's infra resources.
-# Make sure that the "initial" stack has been deployed first.
+#
+# "initial" stack containing resources that main stack depends on (e.g. ECR, KMS, openshiftuser)
+#
+module "initial" {
+  source              = "../../modules/initial"
+  openshift_iam_user  = var.openshift_iam_user
+  iam_user_table_name = var.iam_user_table_name
+  test_s3_bucket_name = var.test_s3_bucket_name
+  region              = var.region
+  kms_key_name        = var.kms_key_name
+  app_name            = var.app_name
+  environment         = var.environment
+}
 
 #
-# Existing Resources
+# The "main" stack 
 #
 data "aws_caller_identity" "current" {}
 
-# KMS Key
-data "aws_kms_key" "kms_key" {
-  key_id = "alias/${var.kms_key_name}-${var.environment}"
-}
-
 # VPC
 data "aws_vpc" "vpc" {
   id = var.vpc_id
@@ -29,16 +35,6 @@ data "aws_security_group" "data_sg" {
   name = "Data_sg"
 }
 
-# App ECR Repo
-data "aws_ecr_repository" "app_ecr_repo" {
-  name = "${var.app_name}-app-repo-${var.environment}"
-}
-
-# Lambda ECR Repo
-data "aws_ecr_repository" "lambda_ecr_repo" {
-  name = "${var.app_name}-lambda-repo-${var.environment}"
-}
-
 #
 # Modules
 #
@@ -49,7 +45,7 @@ module "secrets_manager" {
   environment           = var.environment
   app_name              = var.app_name
   region                = var.region
-  kms_key_arn           = data.aws_kms_key.kms_key.arn
+  kms_key_arn           = module.initial.kms_key_arn
   rotate_key_lambda_arn = module.lambda.lambda_functions["rotate-key"].arn
 }
 
@@ -62,20 +58,23 @@ module "rds" {
   db_password    = module.secrets_manager.db_password
   data_sg_id     = data.aws_security_group.data_sg.id
   vpc_id         = data.aws_vpc.vpc.id
-  kms_key_arn    = data.aws_kms_key.kms_key.arn
+  kms_key_arn    = module.initial.kms_key_arn
   rds_db_ca_cert = var.rds_db_ca_cert
+  all_subnet_ids = module.subnets.all_subnet_ids
 }
 
 # Create IAM Roles/Policies
 module "iam" {
   source              = "../../modules/IAM"
   environment         = var.environment
   app_name            = var.app_name
-  kms_key_arn         = data.aws_kms_key.kms_key.arn
-  app_ecr_repo_arn    = data.aws_ecr_repository.app_ecr_repo.arn
+  kms_key_arn         = module.initial.kms_key_arn
+  app_ecr_repo_arn    = module.initial.app_ecr.ecr_repo_arn
   openshift_iam_user  = var.openshift_iam_user
   iam_user_table_name = var.iam_user_table_name
   secrets_arn_list    = module.secrets_manager.secrets_arn_list
+  account_id          = data.aws_caller_identity.current.account_id
+  kms_key_id          = module.initial.kms_key_arn
 }
 
 # Parse Subnets
@@ -128,7 +127,7 @@ module "lambda" {
   app_name            = var.app_name
   lambda_role_arn     = module.iam.lambda_role_arn
   apigw_execution_arn = module.apigw.apigw_execution_arn
-  lambda_ecr_repo_url = data.aws_ecr_repository.lambda_ecr_repo.repository_url
+  lambda_ecr_repo_url = module.initial.lambda_ecr.ecr_repo_url
   mtls_secret_name    = module.secrets_manager.mtls_secret_name
   lambda_memory_size  = var.lambda_memory_size
   functions = {
@@ -158,7 +157,7 @@ module "ecs_api_td_log_group" {
   source        = "../../modules/Cloudwatch/LogGroup"
   environment   = var.environment
   app_name      = var.app_name
-  kms_key_arn   = data.aws_kms_key.kms_key.arn
+  kms_key_arn   = module.initial.kms_key_arn
   resource_name = "ecs"
   name          = "api-td"
 }
@@ -167,7 +166,7 @@ module "ecs_web_td_log_group" {
   source        = "../../modules/Cloudwatch/LogGroup"
   environment   = var.environment
   app_name      = var.app_name
-  kms_key_arn   = data.aws_kms_key.kms_key.arn
+  kms_key_arn   = module.initial.kms_key_arn
   resource_name = "ecs"
   name          = "web-td"
 }
@@ -176,7 +175,7 @@ module "apigw_api_log_group" {
   source        = "../../modules/Cloudwatch/LogGroup"
   environment   = var.environment
   app_name      = var.app_name
-  kms_key_arn   = data.aws_kms_key.kms_key.arn
+  kms_key_arn   = module.initial.kms_key_arn
   resource_name = "apigateway"
   name          = "api"
 }
@@ -210,10 +209,10 @@ module "ecs_web_td" {
   name                   = "web"
   region                 = var.region
   ecs_execution_role_arn = module.iam.ecs_execution_role_arn
-  ecr_repository_url     = data.aws_ecr_repository.app_ecr_repo.repository_url
+  ecr_repository_url     = module.initial.app_ecr.ecr_repo_url
   port                   = 8080
   secret_env_variables   = module.secrets_manager.web_secrets
-  kms_key_arn            = data.aws_kms_key.kms_key.arn
+  kms_key_arn            = module.initial.kms_key_arn
   log_group_name         = module.ecs_web_td_log_group.log_group.name
 }
 
@@ -225,7 +224,7 @@ module "ecs_api_td" {
   name                   = "api"
   region                 = var.region
   ecs_execution_role_arn = module.iam.ecs_execution_role_arn
-  ecr_repository_url     = data.aws_ecr_repository.app_ecr_repo.repository_url
+  ecr_repository_url     = module.initial.app_ecr.ecr_repo_url
   port                   = 5000
   env_variables = [
     {
@@ -238,7 +237,7 @@ module "ecs_api_td" {
     }
   ]
   secret_env_variables = module.secrets_manager.api_secrets
-  kms_key_arn          = data.aws_kms_key.kms_key.arn
+  kms_key_arn          = module.initial.kms_key_arn
   log_group_name       = module.ecs_api_td_log_group.log_group.name
 }