Merge pull request #436 from nationalarchives/terraform-housekeeping

Terraform housekeeping
nationalarchives · Apr 23, 2024 · 018dfa3 · 018dfa3
2 parents f073e7f + ca3e454
commit 018dfa3
Show file tree

Hide file tree

Showing 27 changed files with 114 additions and 558 deletions.
diff --git a/terraform/.terraform-docs.yml b/terraform/.terraform-docs.yml
@@ -0,0 +1,26 @@
+---
+formatter: "markdown table"
+version: "~> 0.16"
+settings:
+  anchor: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 2
+  lockfile: true
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true
+sort:
+  enabled: true
+  by: name
+output:
+  file: README.md
+  mode: inject
+  template: |-
+        <!-- BEGIN_TF_DOCS -->
+        {{ .Content }}
+        <!-- END_TF_DOCS -->
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -1,4 +1,3 @@
-
 terraform {
   required_version = ">=1.4"
   required_providers {
@@ -13,15 +12,15 @@ terraform {
   }
 
   backend "s3" {
-    # bucket = "${var.backend_bucket}"
     key    = "ds-infrastructure-enrichment-pipeline/backend.tfstate"
     region = "eu-west-2"
   }
 }
 
 module "lambda_s3" {
   source = "./modules/lambda_s3"
-  name   = "tna"
+
+  name = "tna"
 
   environment = var.app_env
 
@@ -32,9 +31,6 @@ module "lambda_s3" {
   postgress_master_password_secret_id = module.data.postgress_master_password
   postgress_hostname                  = module.data.postgress_hostname
 
-  # sparql_username = "${module.data.sparql_username}"
-  # sparql_password = "${module.data.sparql_password}"
-
   default_security_group_id = module.network.default_security_group_id
 
   aws_subnets_private_ids = module.data.aws_subnets_private_ids
@@ -48,7 +44,6 @@ module "network" {
   rds_security_group_id = module.data.rds_security_group_id
 }
 
-
 module "data" {
   source = "./modules/data"
 

diff --git a/terraform/modules/data/data.tf b/terraform/modules/data/data.tf
@@ -52,15 +52,3 @@ data "aws_subnet" "database" {
   for_each = toset(data.aws_subnets.database.ids)
   id       = each.value
 }
-
-# data "aws_subnets" "db" {
-#   filter {
-#     name   = "vpc-id"
-#     values = [var.vpc_id]
-#   }
-
-#   filter {
-#     name   = "tag:Name"
-#     values = ["*-db-*"]
-#   }
-# }
diff --git a/terraform/modules/data/local.tf b/terraform/modules/data/local.tf
diff --git a/terraform/modules/data/locals.tf b/terraform/modules/data/locals.tf
@@ -1,4 +1,8 @@
 locals {
+  name        = "tna"
+  region      = var.aws_region
+  environment = var.environment
+
   db = {
     staging = {
       deletion_protection = true
@@ -7,4 +11,9 @@ locals {
       deletion_protection = true
     }
   }
+
+  tags = {
+    Environment = var.environment
+    Project     = "TNA judgement enrichment"
+  }
 }
diff --git a/terraform/modules/data/outputs.tf b/terraform/modules/data/outputs.tf
@@ -1,33 +1,16 @@
-
 output "postgress_master_password" {
-  #   value = aws_secretsmanager_secret.postgress_master_password.secret_id
   value = aws_secretsmanager_secret_version.postgress_master_password.secret_id
 }
 
 output "postgress_hostname" {
   value = module.metadata-db.rds_cluster_endpoint
 }
 
-# output "sparql_username" {
-#   value = aws_secretsmanager_secret.sparql_username
-# }
-
-# output "sparql_password" {
-#   value = aws_secretsmanager_secret.sparql_password
-# }
-
 output "aws_vpc" {
   value = data.aws_vpc.vpc.id
 }
 
-# public_subnets = "${module.network.public_subnets}"
-# for_each = toset(module.data.data.aws_subnets.private.ids)
-# id       = each.value
-# subnet_ids = [each.value]
 output "aws_subnets_private_ids" {
-  # for_each = toset(data.aws_subnets.private.ids)
-  # value = [each.value]
-  # value = data.aws_subnet.private[each.key]
   value = toset(data.aws_subnets.private.ids)
 }
 

diff --git a/terraform/modules/data/providers.tf b/terraform/modules/data/providers.tf
diff --git a/terraform/modules/data/rds.tf b/terraform/modules/data/rds.tf
@@ -1,6 +1,6 @@
 module "metadata-db" {
   source  = "terraform-aws-modules/rds-aurora/aws"
-  version = ">=5.0.0,<6.0.0"
+  version = "5.3.0"
 
   name = "${local.name}-metadata-db-${local.environment}"
 
@@ -15,14 +15,8 @@ module "metadata-db" {
 
   deletion_protection = local.db[local.environment].deletion_protection
 
-  # create_random_password = true
-
-  # database_name   = jsondecode(data.aws_secretsmanager_secret_version.postgress_master_password.secret_string)["db_name"]
-  # master_username = jsondecode(data.aws_secretsmanager_secret_version.postgress_master_password.secret_string)["db_username"]
-  # password = jsondecode(aws_secretsmanager_secret_version.postgress_master_password.secret_string)["db_password"]
   password = aws_secretsmanager_secret_version.postgress_master_password.secret_string
 
-
   apply_immediately   = true
   skip_final_snapshot = true
 

diff --git a/terraform/modules/data/secrets.tf b/terraform/modules/data/secrets.tf
@@ -1,8 +1,6 @@
 resource "random_password" "password" {
   length  = 50
   special = true
-  # override_special = "_%@"
-  # override_special = "'/@\"_% "
   # Postgress passwords can't contain any of the following:
   # / (slash), '(single quote), "(double quote) and @ (at sign).
   override_special = "!#$%&*()-_=+[]"
@@ -17,44 +15,3 @@ resource "aws_secretsmanager_secret_version" "postgress_master_password" {
   secret_id     = aws_secretsmanager_secret.postgress_master_password.id
   secret_string = random_password.password.result
 }
-
-# resource "aws_secretsmanager_secret" "sparql_username" {
-#   name                    = "${local.name}-sparql-username-${local.environment}"
-#   recovery_window_in_days = 0
-# }
-
-# resource "aws_secretsmanager_secret_version" "sparql_username" {
-#   secret_id     = aws_secretsmanager_secret.sparql_username.id
-#   secret_string = ""
-# }
-
-# resource "aws_secretsmanager_secret" "sparql_password" {
-#   name                    = "${local.name}-sparql-password-${local.environment}"
-#   recovery_window_in_days = 0
-# }
-
-# resource "aws_secretsmanager_secret_version" "sparql_password" {
-#   secret_id     = aws_secretsmanager_secret.sparql_password.id
-#   secret_string = ""
-# }
-
-# resource "random_password" "app_secret" {
-#   length      = 32
-#   special     = true
-#   upper       = true
-#   lower       = true
-#   min_upper   = 3
-#   min_special = 2
-#   min_numeric = 3
-#   min_lower   = 3
-# }
-
-# module "secrets" {
-#   source      = "../secrets"
-#   name        = local.name
-#   environment = local.environment
-#   application-secrets = {
-#     "SECRET_KEY"              = random_password.app_secret.result
-#     "SQLALCHEMY_DATABASE_URI" = "postgres://${module.metadata-db.rds_cluster_master_username}:${module.metadata-db.rds_cluster_master_password}@${module.metadata-db.rds_cluster_endpoint}:${module.metadata-db.rds_cluster_port}/${module.metadata-db.rds_cluster_database_name}"
-#   }
-# }
diff --git a/terraform/modules/data/variables.tf b/terraform/modules/data/variables.tf
@@ -6,7 +6,6 @@ variable "aws_profile" {
 variable "aws_region" {
   type    = string
   default = "eu-west-2"
-  # default = "eu-west-1" #for testing
 }
 
 variable "vpc_id" {
@@ -18,8 +17,7 @@ variable "default_security_group_id" {
 }
 
 variable "environment" {
-  type = string
-  # default = "ucl"
+  type    = string
   default = "development"
 }
 

diff --git a/terraform/modules/lambda_s3/bucket.tf b/terraform/modules/lambda_s3/bucket.tf
@@ -1,4 +1,3 @@
-
 module "xml_original_bucket" {
   source = "../secure_bucket"
 

diff --git a/terraform/modules/lambda_s3/iam.tf b/terraform/modules/lambda_s3/iam.tf
Original file line number	Diff line number	Diff line change
		@@ -1,4 +1,3 @@

		module "xml_original_bucket" {
		source = "../secure_bucket"

Expand Down