diff --git a/.github/workflows/ecr-publish.yml b/.github/workflows/ecr-publish.yml deleted file mode 100644 index 1df6c118f..000000000 --- a/.github/workflows/ecr-publish.yml +++ /dev/null @@ -1,281 +0,0 @@ -name: Deploy to Amazon ECS - -on: - push: - branches: - - ecr-deploy - -env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - -jobs: - - deploy: - - name: Build Docker image and deploy to AWS ECR - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 2 - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/qppsf-dev-githubactions-conversiontool-role - aws-region: ${{ secrets.AWS_REGION }} - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - name: Get certificates for Dev - env: - ENV_CT: dev - if: github.ref == 'refs/heads/develop' - run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }} - - - name: Dev - Build and deploy to Amazon ECR - id: build-image-dev - if: github.ref == 'refs/heads/develop' - env: - ECR_REPOSITORY: qppsf/conversion-tool/dev - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - IMAGE_TAG: ${{ github.sha }} - run: | - docker build -t $ECR_REPOSITORY:latest . - docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker build -t $ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT - - - name: Get task definition for dev - if: github.ref == 'refs/heads/develop' && success() - run: | - aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-dev --query taskDefinition > task-definition.json - - - name: Fill in image ID for ECS task-definition - id: task-def-dev - if: github.ref == 'refs/heads/develop' && success() - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: task-definition.json - container-name: conversion-tool - image: ${{ steps.build-image-dev.outputs.image }} - - - name: Deploy Amazon ECS task definition - if: github.ref == 'refs/heads/develop' && success() - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.task-def-dev.outputs.task-definition }} - service: conversion-tool-service-dev - cluster: qppsf-conversion-tool-dev - wait-for-service-stability: true - - - name: Dev - Notify slack success - if: github.ref == 'refs/heads/develop' && success() - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: p-qpp-sub-alerts - status: Conversion tools - Successful Docker build and AWS ECS deployment - color: good - - - name: Dev - Notify slack fail - if: github.ref == 'refs/heads/develop' && failure() - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: p-qpp-sub-alerts - status: Conversion tools - Failed Docker build or AWS ECS deployment - color: danger - - - name: Get certificates for Impl - env: - ENV_CT: impl - if: startsWith(github.ref,'refs/heads/release/') - run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }} - - - name: Impl - Build and deploy to Amazon ECR - id: build-image-impl - if: startsWith(github.ref,'refs/heads/release/') - env: - ECR_REPOSITORY: qppsf/conversion-tool/impl - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - IMAGE_TAG: ${{ github.sha }} - run: | - docker build -t $ECR_REPOSITORY:latest . - docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker build -t $ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT - - - name: Get task definition for Impl - if: startsWith(github.ref,'refs/heads/release/') && success() - run: | - aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-impl --query taskDefinition > task-definition.json - - - name: Fill in image ID for ECS task-definition - id: task-def-impl - if: startsWith(github.ref,'refs/heads/release/') && success() - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: task-definition.json - container-name: conversion-tool - image: ${{ steps.build-image-impl.outputs.image }} - - - name: Deploy Amazon ECS task definition - if: startsWith(github.ref,'refs/heads/release/') && success() - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.task-def-impl.outputs.task-definition }} - service: conversion-tool-service-impl - cluster: qppsf-conversion-tool-impl - wait-for-service-stability: true - - - name: Impl - Notify slack success - if: startsWith(github.ref,'refs/heads/release/') && success() - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: p-qpp-sub-alerts - status: Conversion tools - Successful Docker build and AWS ECS deployment - color: good - - - name: Impl - Notify slack fail - if: startsWith(github.ref,'refs/heads/release/') && failure() - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: p-qpp-sub-alerts - status: Conversion tools - Failed Docker build or AWS ECS deployment - color: danger - - - name: Get certificates for Prod - env: - ENV_CT: prod - if: github.ref == 'refs/heads/master' - run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }} - - - name: Prod - Build and deploy to Amazon ECR - id: build-image-prod - if: github.ref == 'refs/heads/master' - env: - ECR_REPOSITORY: qppsf/conversion-tool/prod - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - IMAGE_TAG: ${{ github.sha }} - run: | - docker build -t $ECR_REPOSITORY:latest . - docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker build -t $ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT - - - name: Get task definition for Prod - if: github.ref == 'refs/heads/master' && success() - run: | - aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-prod --query taskDefinition > task-definition.json - - - name: Fill in image ID for ECS task-definition - id: task-def-prod - if: github.ref == 'refs/heads/master' && success() - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: task-definition.json - container-name: conversion-tool - image: ${{ steps.build-image-prod.outputs.image }} - - - name: Deploy Amazon ECS task definition - if: github.ref == 'refs/heads/master' && success() - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.task-def-prod.outputs.task-definition }} - service: conversion-tool-service-prod - cluster: qppsf-conversion-tool-prod - wait-for-service-stability: true - - - name: Prod - Notify slack success - if: github.ref == 'refs/heads/master' && success() - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: p-qpp-sub-alerts - status: Conversion tools - Successful Docker build and AWS ECS deployment - color: good - - - name: Prod - Notify slack fail - if: github.ref == 'refs/heads/master' && failure() - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: p-qpp-sub-alerts - status: Conversion tools - Failed Docker build or AWS ECS deployment - color: danger - - - name: Get certificates for Devpre - env: - ENV_CT: devpre - if: github.ref == 'refs/heads/master' - run: bash ./qppsfct-copy-certs.sh ${{ env.ENV_CT }} ${{ secrets.AWS_REGION }} - - - name: DevPre - Build and deploy to Amazon ECR - id: build-image-devpre - if: github.ref == 'refs/heads/master' - env: - ECR_REPOSITORY: qppsf/conversion-tool/devpre - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - IMAGE_TAG: ${{ github.sha }} - run: | - docker build -t $ECR_REPOSITORY:latest . - docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest - docker build -t $ECR_REPOSITORY:$IMAGE_TAG . - docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - echo "image=${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_OUTPUT - - - name: Get task definition for DevPre - if: github.ref == 'refs/heads/master' && success() - run: | - aws ecs describe-task-definition --task-definition qppsf-conversion-tool-td-devpre --query taskDefinition > task-definition.json - - - name: Fill in image ID for ECS task-definition - id: task-def-devpre - if: github.ref == 'refs/heads/master' && success() - uses: aws-actions/amazon-ecs-render-task-definition@v1 - with: - task-definition: task-definition.json - container-name: conversion-tool - image: ${{ steps.build-image-devpre.outputs.image }} - - - name: Deploy Amazon ECS task definition - if: github.ref == 'refs/heads/master' && success() - uses: aws-actions/amazon-ecs-deploy-task-definition@v1 - with: - task-definition: ${{ steps.task-def-devpre.outputs.task-definition }} - service: conversion-tool-service-devpre - cluster: qppsf-conversion-tool-devpre - wait-for-service-stability: true - - - name: DevPre - Notify slack success - if: github.ref == 'refs/heads/master' && success() - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: p-qpp-sub-alerts - status: Conversion tools - Successful Docker build and AWS ECS deployment - color: good - - - name: DevPre - Notify slack fail - if: github.ref == 'refs/heads/master' && failure() - uses: voxmedia/github-action-slack-notify-build@v1 - with: - channel: p-qpp-sub-alerts - status: Conversion tools - Failed Docker build or AWS ECS deployment - color: danger - - - name: Logout of Amazon ECR - if: always() - run: docker logout ${{ steps.login-ecr.outputs.registry }} \ No newline at end of file diff --git a/buildspec.yml b/buildspec.yml deleted file mode 100644 index fac5b6744..000000000 --- a/buildspec.yml +++ /dev/null @@ -1,84 +0,0 @@ -version: 0.2 -env: - shell: bash - variables: - #SLACK_CHANNEL: "p-qpp-sub-alerts" - SLACK_API_URL: "https://slack.com/api/chat.postMessage" - parameter-store: - AWS_ACCOUNT_ID: "/qppar-sf/account_id" - DOCKERHUB_USERNAME: "/qppar-sf/DOCKERHUB_USERNAME" - DOCKERHUB_PASS: "/qppar-sf/DOCKERHUB_PASS" - #SLACK_WEBHOOK: "/qppar-sf/dev/conversion_tool/slack_hook_url" - SLACK_CHANNEL: "/qppar-sf/global/slack_channel" - SLACK_SECRET_TOKEN: "/qppar-sf/global/slack_token" - PART_FILE: "/qppar-sf/conversion_tool/CPC_PLUS_FILE_NAME" - PART_FILE_BUCKET: "/qppar-sf/$ENVIRONMENT/conversion_tool/CPC_PLUS_BUCKET_NAME" - OUTPUT_PART_FILE: "/qppar-sf/$ENVIRONMENT/conversion_tool/CPC_PLUS_VALIDATION_FILE" -phases: - install: - runtime-versions: - python: 3.8 - pre_build: - on-failure: ABORT - commands: - - echo ${CODEBUILD_SRC_DIR} - - echo ${AWS_DEFAULT_REGION} - - echo ${AWS_ACCOUNT_ID} - - echo ${ENVIRONMENT} - - echo ${CODEBUILD_RESOLVED_SOURCE_VERSION} - - echo ${CODEBUILD_BUILD_ID} - - echo ${CODEBUILD_BUILD_ARN} - - echo Getting Certificates for ${ENVIRONMENT} - - chmod +x ./qppsfct-copy-certs.sh - - ./qppsfct-copy-certs.sh $ENVIRONMENT $AWS_DEFAULT_REGION - - pip install openpyxl - - echo "Updating participation file" - - chmod +x ./upload-part-file.sh - - ./upload-part-file.sh $PART_FILE_BUCKET $PART_FILE $OUTPUT_PART_FILE $AWS_DEFAULT_REGION - - echo "Logging in to Amazon dockerHub ECR" - - docker login --username $DOCKERHUB_USERNAME --password $DOCKERHUB_PASS - - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com - - build: - on-failure: ABORT - commands: - - REPOSITORY_URI="${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/qppsf/conversion-tool/${ENVIRONMENT}" - - COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION) - - IMAGE_TAG=${COMMIT_HASH:=latest} - - ECR_IMAGE="${REPOSITORY_URI}:${IMAGE_TAG}" - - TASK_FAMILY="qppsf-conversion-tool-td-${ENVIRONMENT}" - - ECS_CLUSTER="qppsf-conversion-tool-${ENVIRONMENT}" - - SERVICE_NAME="conversion-tool-service-${ENVIRONMENT}" - - echo "Building Container Image for ConversionTool" - - docker build -t $REPOSITORY_URI:latest . - - docker tag $REPOSITORY_URI:latest ${ECR_IMAGE} - - echo Pushing the Docker image - - docker push $REPOSITORY_URI:latest - - docker push ${ECR_IMAGE} - - TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY} --query taskDefinition) - - NEW_TASK_DEFINITION=$(echo $TASK_DEFINITION | jq -r --arg IMAGE ${ECR_IMAGE} '.containerDefinitions[0].image=$IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities) | del(.registeredAt) | del(.registeredBy)') - - echo $NEW_TASK_DEFINITION > qppsf-conversion-tool-td-${ENVIRONMENT}.json - - aws ecs register-task-definition --family ${TASK_FAMILY} --region "$AWS_DEFAULT_REGION" --cli-input-json file://qppsf-conversion-tool-td-${ENVIRONMENT}.json - - LATEST_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition ${TASK_FAMILY} --query taskDefinition) - - NEW_REVISION=$(echo $LATEST_TASK_DEFINITION | jq '.revision') - - echo "Starting ECS Deployment" - - aws ecs update-service --cluster ${ECS_CLUSTER} --service ${SERVICE_NAME} --task-definition ${TASK_FAMILY}:${NEW_REVISION} --force-new-deployment - - aws ecs wait services-stable --cluster ${ECS_CLUSTER} --services ${SERVICE_NAME} - - post_build: - commands: - - | - SLACK_MSG="" - SLACK_EMOJI="" - if [[ $CODEBUILD_BUILD_SUCCEEDING -eq 1 ]] - then - SLACK_EMOJI=":ok:" - SLACK_MSG="${SLACK_EMOJI} BUILD SUCCEEDED for Conversion Tool ${ENVIRONMENT} Environment, ${CODEBUILD_BUILD_ARN}" - else - SLACK_EMOJI=":warning:" - SLACK_MSG="${SLACK_EMOJI} BUILD FAILED for Conversion Tool ${ENVIRONMENT} Environment, ${CODEBUILD_BUILD_ARN}" - fi - SLACK_HDR1="'Authorization:Bearer ${SLACK_SECRET_TOKEN}'" - SLACK_HDR2="'Content-type: application/json'" - SLACK_PAYLOAD="'"$(echo "{ \"channel\":\"${SLACK_CHANNEL}\", \"blocks\": [ { \"type\":\"section\", \"text\": { \"type\":\"mrkdwn\", \"text\":\"${SLACK_MSG}\" } } ] }" | jq -rc '.')"'" - eval $(echo curl -X POST -H ${SLACK_HDR1} -H ${SLACK_HDR2} -d ${SLACK_PAYLOAD} ${SLACK_API_URL} ) diff --git a/infrastructure/README.md b/infrastructure/README.md deleted file mode 100644 index e792c97fc..000000000 --- a/infrastructure/README.md +++ /dev/null @@ -1,13 +0,0 @@ -This contains the scripts and terraform to create the CT tool application's infastructure. - -Terraform for: - * ELB - * ECR Repository - * Fargate TD - * Fargate Service - -There is a terraform.tfvars file that defaults to the dev environment. For other environments you will need to provide an override. - -Standardized resource tagging has been implemented with support by AWS provider v3.38.0+ as documented https://developer.hashicorp.com/terraform/tutorials/aws/aws-default-tags?in=terraform%2Faws. - * see dev/main.tf and dev/variables.tf for baseline pattern - * see modules/kinesis.tf for implementation of merging defaults with resource-specific tags diff --git a/infrastructure/automate-ecs-restart/.terraform.lock.hcl b/infrastructure/automate-ecs-restart/.terraform.lock.hcl deleted file mode 100644 index 741f1edfb..000000000 --- a/infrastructure/automate-ecs-restart/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "3.70.0" - constraints = "3.70.0" - hashes = [ - "h1:jn4ImGMZJ9rQdaVSbcCBqUqnhRSpyaM1DivqaNuP+eg=", - "zh:0af710e528e21b930899f0ac295b0ceef8ad7b623dd8f38e92c8ec4bc7af0321", - "zh:4cabcd4519c0aae474d91ae67a8e3a4a8c39c3945c289a9cf7c1409f64409abe", - "zh:58da1a436facb4e4f95cd2870d211ed7bcb8cf721a4a61970aa8da191665f2aa", - "zh:6465339475c1cd3c16a5c8fee61304dcad2c4a27740687d29c6cdc90d2e6423d", - "zh:7a821ed053c355d70ebe33185590953fa5c364c1f3d66fe3f9b4aba3961646b1", - "zh:7c3656cc9cc1739dcb298e7930c9a76ccfce738d2070841d7e6c62fbdae74eef", - "zh:9d9da9e3c60a0c977e156da8590f36a219ae91994bb3df5a1208de2ab3ceeba7", - "zh:a3138817c86bf3e4dca7fd3a92e099cd1bf1d45ee7c7cc9e9773ba04fc3b315a", - "zh:a8603044e935dfb3cb9319a46d26276162c6aea75e02c4827232f9c6029a3182", - "zh:aef9482332bf43d0b73317f5909dec9e95b983c67b10d72e75eacc7c4f37d084", - "zh:fc3f3cad84f2eebe566dd0b65904c934093007323b9b85e73d9dd4535ceeb29d", - ] -} diff --git a/infrastructure/automate-ecs-restart/ecs-restart-automate.py b/infrastructure/automate-ecs-restart/ecs-restart-automate.py deleted file mode 100644 index dbddaeb1e..000000000 --- a/infrastructure/automate-ecs-restart/ecs-restart-automate.py +++ /dev/null @@ -1,11 +0,0 @@ -import boto3 -import os -client = boto3.client('ecs') -import logging -logger = logging.getLogger() - -def lambda_handler(event, context): - ecs_cluster = os.environ['ecs_cluster'] - ecs_service_name = os.environ['ecs_service'] - client.update_service(cluster=ecs_cluster, service=ecs_service_name, forceNewDeployment=True) - logger.info("Restarted ECS Service") \ No newline at end of file diff --git a/infrastructure/automate-ecs-restart/ecs-restart.tf b/infrastructure/automate-ecs-restart/ecs-restart.tf deleted file mode 100644 index 800302e84..000000000 --- a/infrastructure/automate-ecs-restart/ecs-restart.tf +++ /dev/null @@ -1,159 +0,0 @@ -terraform { - backend "s3" { - bucket = "qppsf-conversion-tool-tf-state" - key = "qppsf/qppsf-ct-ecs-restart-tf-state" - region = "us-east-1" - encrypt = "true" - } - - required_providers { - aws = { - source = "hashicorp/aws" - version = "=3.70.0" - } - } - required_version = "1.0.0" -} - -provider "aws" { - region = var.region -} - -data "aws_caller_identity" "current" {} - - -# Event bridge rule to Trigger ECS Restart on Weekends -resource "aws_cloudwatch_event_rule" "ecs-restart-cronjob" { - name = "ecsct-restart-${var.project_name}" - description = "This Event bridge rule runs on a Schedule" - schedule_expression = var.event_schedule -} - -# Event Bridge Target to invoke Lambda Function - -resource "aws_cloudwatch_event_target" "ecsevent-invoke-lambda" { - rule = aws_cloudwatch_event_rule.ecs-restart-cronjob.name - target_id = "ecs-cron-lambda" - arn = aws_lambda_function.ecs-automate-restart.arn -} - -# IAM Role permissions on Lambda Function -resource "aws_iam_role" "lambda_executionrole" { - name = "${var.project_name}-lambda_execrole" - path = "/delegatedadmin/developer/" - permissions_boundary = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/cms-cloud-admin/developer-boundary-policy" - assume_role_policy = <= timedelta(1): - payload = {'channel': 'SLACK_CHANNEL', 'text': '%s \n *Table Name*: %s \n *Backup Name*: %s \n *Backup Arn*: %s \n *Last Backup CreatedOn*: %s \n ' % ("*|Alert|* - _Dynamo DB Notification - Recent Backup is older than a day_",ddb_table_name,ddb_bkp_name,ddb_backup_arn, format_datetime_bkp_creation_datetime), 'channel': 'SLACK_CHANNEL' } - headers = {"content-type": "application/json"} - requests.put(SLACK_WEBHOOK_URL, data=json.dumps(payload), headers=headers) - else: - print("Backup is recent, nothing to do") - else: - print("No dynamodb backups have been found") diff --git a/infrastructure/dynamo-db-backp-notifier/terraform.tfvars b/infrastructure/dynamo-db-backp-notifier/terraform.tfvars deleted file mode 100644 index 31a44f582..000000000 --- a/infrastructure/dynamo-db-backp-notifier/terraform.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -project_name = "qppsf" -region = "us-east-1" -environment = "dev" -pagerduty_email = "qpp-final-scoring-devops@semanticbits.com" -owner = "qpp-final-scoring-devops@semanticbits.com" -git-origin = "https://github.com/CMSgov/qpp-conversion-tool.git" -application = "qpp-conversiontool" -sensitivity = "PII/PHI" \ No newline at end of file diff --git a/infrastructure/dynamo-db-backp-notifier/variables.tf b/infrastructure/dynamo-db-backp-notifier/variables.tf deleted file mode 100644 index 0411f5350..000000000 --- a/infrastructure/dynamo-db-backp-notifier/variables.tf +++ /dev/null @@ -1,35 +0,0 @@ -variable "project_name" { - description = "Name of the Project" - type = string - default = "qppsf" -} - -variable "region" { - type = string - default = "us-east-1" -} - -variable "environment" { - type = string - default = "dev" -} - -variable "pagerduty_email" { - type = string -} - -variable "owner" { - type = string -} - -variable "application" { - type = string -} - -variable "sensitivity" { - type = string -} - -variable "git-origin" { - type = string -} diff --git a/infrastructure/ecr-notification-lambda/.terraform.lock.hcl b/infrastructure/ecr-notification-lambda/.terraform.lock.hcl deleted file mode 100644 index 741f1edfb..000000000 --- a/infrastructure/ecr-notification-lambda/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "3.70.0" - constraints = "3.70.0" - hashes = [ - "h1:jn4ImGMZJ9rQdaVSbcCBqUqnhRSpyaM1DivqaNuP+eg=", - "zh:0af710e528e21b930899f0ac295b0ceef8ad7b623dd8f38e92c8ec4bc7af0321", - "zh:4cabcd4519c0aae474d91ae67a8e3a4a8c39c3945c289a9cf7c1409f64409abe", - "zh:58da1a436facb4e4f95cd2870d211ed7bcb8cf721a4a61970aa8da191665f2aa", - "zh:6465339475c1cd3c16a5c8fee61304dcad2c4a27740687d29c6cdc90d2e6423d", - "zh:7a821ed053c355d70ebe33185590953fa5c364c1f3d66fe3f9b4aba3961646b1", - "zh:7c3656cc9cc1739dcb298e7930c9a76ccfce738d2070841d7e6c62fbdae74eef", - "zh:9d9da9e3c60a0c977e156da8590f36a219ae91994bb3df5a1208de2ab3ceeba7", - "zh:a3138817c86bf3e4dca7fd3a92e099cd1bf1d45ee7c7cc9e9773ba04fc3b315a", - "zh:a8603044e935dfb3cb9319a46d26276162c6aea75e02c4827232f9c6029a3182", - "zh:aef9482332bf43d0b73317f5909dec9e95b983c67b10d72e75eacc7c4f37d084", - "zh:fc3f3cad84f2eebe566dd0b65904c934093007323b9b85e73d9dd4535ceeb29d", - ] -} diff --git a/infrastructure/ecr-notification-lambda/ecr-lambda-notification.py b/infrastructure/ecr-notification-lambda/ecr-lambda-notification.py deleted file mode 100644 index f4f4c0629..000000000 --- a/infrastructure/ecr-notification-lambda/ecr-lambda-notification.py +++ /dev/null @@ -1,41 +0,0 @@ -import boto3 -import json -import logging -import os -import time - -from base64 import b64decode -from urllib.request import Request, urlopen -from urllib.error import URLError, HTTPError - -logger = logging.getLogger() - -def lambda_handler(event, context): - - message = event['detail'] - result = event['detail']['scan-status'] - findings = event['detail']['finding-severity-counts'] - repo = event['detail']['repository-name'] - - response = f"An Image was pushed to ECR {repo} with {findings}" - slack_color = "GREEN" - - slack_message = { - 'channel': os.environ['channel'], - 'attachments': [ - { - 'color': slack_color, - 'text': response, - 'ts' : int(time.time()) - } - ] - } - req = Request(os.environ['hook_url'], json.dumps(slack_message).encode('utf-8')) - try: - response = urlopen(req) - response.read() - logger.info("Message posted to %s", slack_message['channel']) - except HTTPError as e: - logger.error("Request failed: %d %s", e.code, e.reason) - except URLError as e: - logger.error("Server connection failed: %s", e.reason) \ No newline at end of file diff --git a/infrastructure/ecr-notification-lambda/ecr-scan-notification.tf b/infrastructure/ecr-notification-lambda/ecr-scan-notification.tf deleted file mode 100644 index 9c222c3be..000000000 --- a/infrastructure/ecr-notification-lambda/ecr-scan-notification.tf +++ /dev/null @@ -1,166 +0,0 @@ -terraform { - backend "s3" { - bucket = "qppsf-conversion-tool-tf-state" - key = "qppsf/conversion-tool-ecr-notification.tfstate" - region = "us-east-1" - encrypt = "true" - } - - required_providers { - aws = { - source = "hashicorp/aws" - version = "=3.70.0" - } - } - required_version = "1.0.0" -} - -provider "aws" { - region = var.region -} - -data "aws_caller_identity" "current" { -} - -resource "aws_ssm_parameter" "slack_hook_url" { - name = "/qppar-sf/${var.environment}/conversion_tool/slack_hook_url" - description = "Slack Webhook Url for Scoring" - type = "SecureString" - value = var.slack_hook_url - overwrite = true - - lifecycle { - ignore_changes = [ - value - ] - } - tags = { - "Name" = "${var.project_name}-ssm-${var.environment}" - "qpp:owner" = var.owner - "qpp:pagerduty-email" = var.pagerduty_email - "qpp:application" = var.application - "qpp:project" = var.project_name - "qpp:environment" = var.environment - "qpp:layer" = "Application" - "qpp:sensitivity" = "Confidential" - "qpp:description" = "SSM Param for Conversiontool" - "qpp:iac-repo-url" = var.git-origin - } -} - -# Event Rule to monitor ECR imaage scan which is set to complete -resource "aws_cloudwatch_event_rule" "ecr-scan-notification" { - name = "ecr-scan-notification-${var.project_name}-${var.environment}" - description = "Triggers an event upon completition of ECR image scan" - - event_pattern = < --acl private --profile -``` - -The following should be exported: -```bash -AWS_SESSION_TOKEN -AWS_DEFAULT_REGION -AWS_SECRET_ACCESS_KEY -AWS_ACCESS_KEY_ID -``` - -The Converstion Tool Docker container requires a few dozen parameters passed to it on boot, look in the SSM terraform, S3 buckets and dynamodb: - -##S3 Buckets -### Parameter Buckets (legacy - the parameters are now stored in SSM) -aws-hhs-cms-ccsq-qpp-navadevops-prod-us-east-1 - /qpp-qrda3converter-prod -aws-hhs-cms-ccsq-qpp-navadevops-nonprod-us-east-1 - /qpp-qrda3converter-{env} (All non production environments: dev, impl, val) -### Application Data - stores encrypted QRDA-III and QPP json files - Bucket: aws-hhs-cms-ccsq-qpp-navadevops-pii-convrtr-audt-*$ENV*-us-east-1 - Key: qpp-qrda3converter-*$ENV*-kms_alias -### Encrypted PII - buckets that hold TIN/NPI/APM validation list - Bucket: aws-hhs-cms-ccsq-qpp-navadevops-pii-cnvrt-npicpc-*$ENV*-us-east-1 - Key: qpp-qrda3converter-*$ENV*-cpc-plus-kms_alias -## DynamoDb -All tables include DynamoDB encryption context with client-side encryption of values. - Table: qpp-qrda3converter-$ENV-metadata - Key: qpp-qrda3converter-$ENV-kms_alias -## SSM -The parameters in Terraform are specific to *dev*, we will need to overwrite them with the appropriate parameters for other environments. I set it up this way bcause we shouldn't be checking the secrets into IaC. These paramters should match what's in the (legacy) Parameter Buckets described above -## Backup: -- Dynamodb has backups ran via jenkins that backup data. Is schedule to run once a day and holds up to 5 backups. - -TODO: Bring in S3 & Dynamo tables. I think we can get rid of the parameter buckets. Add Jenkins URL for the backups diff --git a/infrastructure/terraform/common/.terraform.lock.hcl b/infrastructure/terraform/common/.terraform.lock.hcl deleted file mode 100644 index 741f1edfb..000000000 --- a/infrastructure/terraform/common/.terraform.lock.hcl +++ /dev/null @@ -1,21 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "3.70.0" - constraints = "3.70.0" - hashes = [ - "h1:jn4ImGMZJ9rQdaVSbcCBqUqnhRSpyaM1DivqaNuP+eg=", - "zh:0af710e528e21b930899f0ac295b0ceef8ad7b623dd8f38e92c8ec4bc7af0321", - "zh:4cabcd4519c0aae474d91ae67a8e3a4a8c39c3945c289a9cf7c1409f64409abe", - "zh:58da1a436facb4e4f95cd2870d211ed7bcb8cf721a4a61970aa8da191665f2aa", - "zh:6465339475c1cd3c16a5c8fee61304dcad2c4a27740687d29c6cdc90d2e6423d", - "zh:7a821ed053c355d70ebe33185590953fa5c364c1f3d66fe3f9b4aba3961646b1", - "zh:7c3656cc9cc1739dcb298e7930c9a76ccfce738d2070841d7e6c62fbdae74eef", - "zh:9d9da9e3c60a0c977e156da8590f36a219ae91994bb3df5a1208de2ab3ceeba7", - "zh:a3138817c86bf3e4dca7fd3a92e099cd1bf1d45ee7c7cc9e9773ba04fc3b315a", - "zh:a8603044e935dfb3cb9319a46d26276162c6aea75e02c4827232f9c6029a3182", - "zh:aef9482332bf43d0b73317f5909dec9e95b983c67b10d72e75eacc7c4f37d084", - "zh:fc3f3cad84f2eebe566dd0b65904c934093007323b9b85e73d9dd4535ceeb29d", - ] -} diff --git a/infrastructure/terraform/common/main.tf b/infrastructure/terraform/common/main.tf deleted file mode 100644 index 3ba957e3f..000000000 --- a/infrastructure/terraform/common/main.tf +++ /dev/null @@ -1,22 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "=3.70.0" - } - } - required_version = "1.0.0" -} - -provider "aws" { - region = "us-east-1" -} - -terraform { - backend "s3" { - bucket = "qppsf-conversion-tool-tf-state" - key = "qppsf/conversion-tool-codebuild_servicerole.tfstate" - region = "us-east-1" - encrypt = "true" - } -} \ No newline at end of file diff --git a/infrastructure/terraform/common/terraform.tfvars b/infrastructure/terraform/common/terraform.tfvars deleted file mode 100644 index 87563539c..000000000 --- a/infrastructure/terraform/common/terraform.tfvars +++ /dev/null @@ -1,8 +0,0 @@ -environment = "dev" -team = "qppsf" -git-org = "CMSgov" -git-repo = "qpp-conversion-tool" -application = "conversion-tool" -sensitivity = "PII/PHI" -owner = "qpp-final-scoring-devops@semanticbits.com" -pagerduty_email = "qpp-final-scoring-devops@semanticbits.com" \ No newline at end of file diff --git a/infrastructure/terraform/common/variables.tf b/infrastructure/terraform/common/variables.tf deleted file mode 100644 index 18bb1d72d..000000000 --- a/infrastructure/terraform/common/variables.tf +++ /dev/null @@ -1,40 +0,0 @@ -variable "region" { - description = "AWS region to provision" - type = string - default = "us-east-1" -} - -variable "environment" { - type = string - description = "Environment" -} - -variable "git-repo" { - type = string -} - -variable "git-org" { - type = string - description = "Git Organization" -} - -variable "team" { - type = string - description = "QPP Team" -} - -variable "pagerduty_email" { - type = string -} - -variable "owner" { - type = string -} - -variable "application" { - type = string -} - -variable "sensitivity" { - type = string -} \ No newline at end of file diff --git a/infrastructure/terraform/dev/.terraform.lock.hcl b/infrastructure/terraform/dev/.terraform.lock.hcl deleted file mode 100644 index d8d187a1d..000000000 --- a/infrastructure/terraform/dev/.terraform.lock.hcl +++ /dev/null @@ -1,52 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.55.0" - constraints = "4.55.0" - hashes = [ - "h1:vSVjfh4GIrca2Z3YPjWMaac5hOEBc1U3xOOwFmo7HZc=", - "h1:znXGcgeQe5QHI6n7XbGCd/o1uc9r5Z1H533+V520l8g=", - "zh:0866f25575bad3b9c313cd778c94fc65e79d335af2d20a3480f79d7731d93b7b", - "zh:2c05c16155cbc054622cf83e4b6614fef35935b00b238e4c21ee225e6c896770", - "zh:2efba66649fb12af0492c6cce4e2361fe9139df648734264f61a9a1ef754df53", - "zh:3c60bb53e3b65d7f86699fae0797a55a9aa41b8ba377aaff4daf23d1661393a9", - "zh:41f6dcd90b54b623d523df8fb4a30779cfe22e9ab59516bc05b29291a7af0946", - "zh:4b8330b154e9e2d035dd5488abcac25efec1fa6055d3a70894a8c0384f0579d6", - "zh:595f263706cf1fb6b8447e2ec343638de4360841a15e6bff6ccbb0ff86c7ce74", - "zh:5dfc5b858a43cf45fde5542eb673f6104c14cdc3d73843d1b87a9e44545cbad4", - "zh:7bbe05cf30521f0110603bb84995a4025ce7810626010276600e4b402143df27", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a490e68c63504d3301d6dcb700c95778d93bb2baa6632a46c5a1d62862a7067c", - "zh:c4f9f6659148528375c8a822163925c9aae490ccce2e6301cefbbab009531971", - "zh:ef66070f957408f1c924ddfd5dbd0d34bce16efd9e36ccecbf699de72beb131f", - "zh:f7ba5e3e62a2b51b24e326797a89fdd86bafaea7d1912738d514c9903c14d7f2", - "zh:ffc20b7d9f7bd331fb6451d0fc92c68196383d7115e69380de6566cc268cb9b9", - ] -} - -provider "registry.terraform.io/newrelic/newrelic" { - version = "3.25.2" - constraints = "3.25.2" - hashes = [ - "h1:La0S/OCpMHuDXh5uQI2Fj7MNGyDMT3Fvig9BPt271Tk=", - "zh:0ff5e19389b1d7897caa16703c71b7cb5e89bf7ba65b18fbb86169ca7882513d", - "zh:1353c8ec5412514ac3e311ab3a7d529be73ae2157e17c705f8cb83c9a7f718d2", - "zh:1b4a4e03ee4d192276a52d6a591f0879f4f96532832d5436a32d15833f5866e4", - "zh:201daaeeeb0db6dc695b9c4f1c291f3528848de2c88ce52f05c5a7aa088b41dd", - "zh:240ae4f4bcba246c2fa4f6dc4205097a2dbc423f4e73c8a9b62b0cdcba3b29ba", - "zh:2efa612deb1040a147b5e6d1cf54d0b4087f40842ef0186f7bd5e2016f82233c", - "zh:3288ee8ce37773d005baaafb2621e9e248c4606b69db508fdc57cb0af2666013", - "zh:4bc27526cf154b9d477e14210a76dd93ff680322bc65f46707f55ef34a0ea456", - "zh:57cb1f10f0000b200cfa3c106e76085b44c93704a8710de6beae9d63ce0a5ea3", - "zh:747bdb4a2e7be12391f44f9abce49a65c168a200659cd89a7b9dd94ea0bebee1", - "zh:8e44acefa2a7446996b7698dad912d2cace136c0a493ff2f85317a4c003dbbb5", - "zh:984ac9ced9006b7d8a549ae9c08f17ca21f2339668d7e85e663ca84e457677c4", - "zh:9b232b4ef7201d4fadeac51e2e6f1cca0fc4d4a152fbe303c951471954a10211", - "zh:9c6189a2741598ce62bbd6266aed62928c93f26a0bf5671b14fa8bc816b1aad0", - "zh:abeec8da33a03a5f51e5f5e652ebe2d95c02fdd23b6ec057378cdbe5e7c772de", - "zh:b103d9bc4ef6428bd41efcb70b6c128e4b1492df54082749993bd7f32db5997d", - "zh:bf0fedab9e0d0d7d3710d3184aae406ad3e7e55aae6c4df25fd40194472a8b04", - "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", - ] -} diff --git a/infrastructure/terraform/dev/main.tf b/infrastructure/terraform/dev/main.tf deleted file mode 100644 index b16af53c4..000000000 --- a/infrastructure/terraform/dev/main.tf +++ /dev/null @@ -1,60 +0,0 @@ -# Bucket must exist before running -# Ensure it's private and has versioning enabled - -terraform { - backend "s3" { - bucket = "qppsf-conversion-tool-tf-state" - key = "qppsf/conversion-tool-dev.tfstate" - region = "us-east-1" - encrypt = "true" - } - - required_providers { - aws = { - source = "hashicorp/aws" - version = "4.55.0" - } - } - required_version = "1.5.0" -} - -provider "aws" { - region = var.region - # QPPSE-1208 - default_tags { - tags = var.default_tags - } -} - -module "conversion-tool" { - source = "../modules" - - pagerduty_email = var.pagerduty_email - lb_security_group = var.lb_security_group - vpc_cidr = var.vpc_cidr - vpn_security_group = var.vpn_security_group - project_name = var.project_name - vpc_id = var.vpc_id - app_subnet2 = var.app_subnet2 - app_subnet3 = var.app_subnet3 - owner = var.owner - sensitivity = var.sensitivity - app_subnet1 = var.app_subnet1 - environment = var.environment - application = var.application - git-origin = var.git-origin - certificate_arn = var.certificate_arn - codebuild_branch_ref = var.codebuild_branch_ref - team = var.team - allow_kms_keys = var.allow_kms_keys - ## QPPSE-1208 - tags = var.default_tags -} - -module "conversion-tool-newrelic" { - source = "../modules/newrelic/" - - environment = var.environment - application = var.application - -} \ No newline at end of file diff --git a/infrastructure/terraform/dev/terraform.tfvars b/infrastructure/terraform/dev/terraform.tfvars deleted file mode 100644 index 714eefac6..000000000 --- a/infrastructure/terraform/dev/terraform.tfvars +++ /dev/null @@ -1,23 +0,0 @@ -#Currently will build in dev if not overwritten -project_name = "qppsf-ct" -team = "qppsf" -region = "us-east-1" -vpc_id = "vpc-0ef66577" -environment = "dev" -app_subnet1 = "subnet-913b76d9" -app_subnet2 = "subnet-2d23a177" -app_subnet3 = "subnet-d59f7ab1" -vpc_cidr = ["10.247.224.0/21", "10.232.36.0/24"] -vpn_security_group = "sg-15ab1d66" -lb_security_group = "sg-01f29f7f32a8789ef" -pagerduty_email = "893a0342-571a-43d4-ad5e-f4b0aef7654b+CT-routingkey-nonprod@alert.victorops.com" -owner = "qpp-final-scoring-devops@semanticbits.com" -git-origin = "https://github.com/CMSgov/qpp-conversion-tool.git" -application = "qpp-conversiontool" -sensitivity = "PII/PHI" -certificate_arn = "arn:aws:acm:us-east-1:003384571330:certificate/4e09608a-6e5f-4a30-a2aa-e0b4e257eeef" -codebuild_branch_ref = "refs/heads/develop" -allow_kms_keys = ["arn:aws:kms:us-east-1:003384571330:key/ff7fca93-2b54-402a-9734-73d5b8538943","arn:aws:kms:us-east-1:003384571330:key/ecc43cde-608b-488b-8295-41a8d9bee42d","arn:aws:kms:us-east-1:003384571330:key/eb29db32-6833-4a3c-b067-a55fcf0c48c6","arn:aws:kms:us-east-1:003384571330:key/1863d256-47dd-4875-ac19-b744853f3609","arn:aws:kms:us-east-1:003384571330:key/320a1f44-7ffd-4ede-817b-a738375514b6","arn:aws:kms:us-east-1:003384571330:key/3f32fbb4-f735-48fd-bb02-1804f3d8f45a","arn:aws:kms:us-east-1:003384571330:key/4d9c8e8f-eee7-410a-a325-7c6a79bdbc31","arn:aws:kms:us-east-1:003384571330:key/71ca03b3-d3f2-4b6b-a250-59d5af6804c6","arn:aws:kms:us-east-1:003384571330:key/79839ee5-a18c-40c3-9efa-71c488ad4589","arn:aws:kms:us-east-1:003384571330:key/7b57229b-8dfc-4121-8cb3-939acf91ac09","arn:aws:kms:us-east-1:003384571330:key/895c193a-b42d-4a66-96cd-136f2da62133","arn:aws:kms:us-east-1:003384571330:key/a4507982-fe74-4f96-845a-c7552dbf99cb","arn:aws:kms:us-east-1:003384571330:key/bc788e72-24df-447d-852c-47f1bb14e4a9","arn:aws:kms:us-east-1:003384571330:key/e8593690-f5bf-44a6-a30b-2cee79307a25"] - -# create above allow_kms_keys: -# $ aws kms list-keys --no-paginate --query 'Keys[].KeyArn' \ No newline at end of file diff --git a/infrastructure/terraform/dev/variables.tf b/infrastructure/terraform/dev/variables.tf deleted file mode 100644 index e95f05625..000000000 --- a/infrastructure/terraform/dev/variables.tf +++ /dev/null @@ -1,145 +0,0 @@ -variable "project_name" { - description = "Team or Project" - type = string -} - -variable "environment" { - type = string -} - -variable "region" { - type = string - default = "us-east-1" -} - -variable "vpc_id" { - type = string -} - -variable "app_subnet1" { - type = string -} - -variable "app_subnet2" { - type = string -} - -variable "app_subnet3" { - type = string -} - -variable "vpn_security_group" { - type = string -} - -variable "lb_security_group" { - type = string -} - -variable "vpc_cidr" { - type = list -} - -variable "pagerduty_email" { - type = string -} - -variable "owner" { - type = string -} - -variable "application" { - type = string -} - -variable "team" { - type = string - description = "QPP Team" -} - -variable "sensitivity" { - type = string -} - -variable "git-origin" { - type = string -} - -variable "certificate_arn" { - description = "SSL Certificate arn for the environment" - type = string -} - -variable "codebuild_branch_ref" { - type = string - description = "ConversionTool Branch Ref" -} - -variable "allow_kms_keys" { - description = "kms arns to be allowed" -} - -# QPPSE-1208 -variable "default_tags" { - description = "default project tags for compliance" - type = object ({ - Name = string - qpp_owner = string # email_addr - qpp_incident-response-email = string # email_addr - qpp_application = string - # one of: - # qpp-ar - # qpp-auth - # qpp-claims - # qpp-epcs - # qpp-frontend - # qpp-conversiontool - # qpp-eligibility - # qpp-scoring - # qpp-selfnomination - # qpp-sfui - # qpp-clinicians-api - # qpp-scoring-api - # qpp-submissions-api - # qpp-targetedreview - # qpp-webinterface - # qpp-qa - # qpp-secops - # cqr-ui - qpp_environment = string - # one of: - # dev - # test - # impl - # devpre - # prod - qpp_layer = string # primarily EC2 - qpp_distribution = optional(string) # optional, primarily EC2 - cpm-backup = optional(string) # optional, primarily EC2 + RDS - qpp_expiry-date = optional(number) # optional, Unix timestamp - qpp_source-ami = optional(string) # optional, primarily EC2 - qpp_sensitivity = string - # one of phi, pii, fti, confidential, public [default] - qpp_description = string - qpp_iac-repo-url = string - # starts with - # https://github.cms.gov/[repo-path] - # https://github.com/cmsgov - # or 'na' - }) - default = { - Name = "qppsf-ct project" - qpp_owner = "qpp-final-scoring-devops@semanticbits.com" # email_addr - qpp_incident-response-email = "893a0342-571a-43d4-ad5e-f4b0aef7654b+CT-routingkey-nonprod@alert.victorops.com" # email_addr - qpp_application = "qpp-conversiontool" - qpp_environment = "dev" - qpp_layer = "Application" # primarily EC2 - ###qpp_distribution = "" # optional, primarily EC2 - ###cpm-backup = "" # optional, primarily EC2 + RDS - ###qpp_expiry-date = 2147483647 # optional, Unix timestamp - ###qpp_source-ami = "" # optional, primarily EC2 - qpp_sensitivity = "Confidential" - qpp_description = "default tag set" - qpp_iac-repo-url = "https://github.com/CMSgov/qpp-conversion-tool.git" - } -} \ No newline at end of file diff --git a/infrastructure/terraform/devpre/.terraform.lock.hcl b/infrastructure/terraform/devpre/.terraform.lock.hcl deleted file mode 100644 index 19d675a9a..000000000 --- a/infrastructure/terraform/devpre/.terraform.lock.hcl +++ /dev/null @@ -1,51 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.55.0" - constraints = "4.55.0" - hashes = [ - "h1:znXGcgeQe5QHI6n7XbGCd/o1uc9r5Z1H533+V520l8g=", - "zh:0866f25575bad3b9c313cd778c94fc65e79d335af2d20a3480f79d7731d93b7b", - "zh:2c05c16155cbc054622cf83e4b6614fef35935b00b238e4c21ee225e6c896770", - "zh:2efba66649fb12af0492c6cce4e2361fe9139df648734264f61a9a1ef754df53", - "zh:3c60bb53e3b65d7f86699fae0797a55a9aa41b8ba377aaff4daf23d1661393a9", - "zh:41f6dcd90b54b623d523df8fb4a30779cfe22e9ab59516bc05b29291a7af0946", - "zh:4b8330b154e9e2d035dd5488abcac25efec1fa6055d3a70894a8c0384f0579d6", - "zh:595f263706cf1fb6b8447e2ec343638de4360841a15e6bff6ccbb0ff86c7ce74", - "zh:5dfc5b858a43cf45fde5542eb673f6104c14cdc3d73843d1b87a9e44545cbad4", - "zh:7bbe05cf30521f0110603bb84995a4025ce7810626010276600e4b402143df27", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a490e68c63504d3301d6dcb700c95778d93bb2baa6632a46c5a1d62862a7067c", - "zh:c4f9f6659148528375c8a822163925c9aae490ccce2e6301cefbbab009531971", - "zh:ef66070f957408f1c924ddfd5dbd0d34bce16efd9e36ccecbf699de72beb131f", - "zh:f7ba5e3e62a2b51b24e326797a89fdd86bafaea7d1912738d514c9903c14d7f2", - "zh:ffc20b7d9f7bd331fb6451d0fc92c68196383d7115e69380de6566cc268cb9b9", - ] -} - -provider "registry.terraform.io/newrelic/newrelic" { - version = "3.25.2" - constraints = "3.25.2" - hashes = [ - "h1:La0S/OCpMHuDXh5uQI2Fj7MNGyDMT3Fvig9BPt271Tk=", - "zh:0ff5e19389b1d7897caa16703c71b7cb5e89bf7ba65b18fbb86169ca7882513d", - "zh:1353c8ec5412514ac3e311ab3a7d529be73ae2157e17c705f8cb83c9a7f718d2", - "zh:1b4a4e03ee4d192276a52d6a591f0879f4f96532832d5436a32d15833f5866e4", - "zh:201daaeeeb0db6dc695b9c4f1c291f3528848de2c88ce52f05c5a7aa088b41dd", - "zh:240ae4f4bcba246c2fa4f6dc4205097a2dbc423f4e73c8a9b62b0cdcba3b29ba", - "zh:2efa612deb1040a147b5e6d1cf54d0b4087f40842ef0186f7bd5e2016f82233c", - "zh:3288ee8ce37773d005baaafb2621e9e248c4606b69db508fdc57cb0af2666013", - "zh:4bc27526cf154b9d477e14210a76dd93ff680322bc65f46707f55ef34a0ea456", - "zh:57cb1f10f0000b200cfa3c106e76085b44c93704a8710de6beae9d63ce0a5ea3", - "zh:747bdb4a2e7be12391f44f9abce49a65c168a200659cd89a7b9dd94ea0bebee1", - "zh:8e44acefa2a7446996b7698dad912d2cace136c0a493ff2f85317a4c003dbbb5", - "zh:984ac9ced9006b7d8a549ae9c08f17ca21f2339668d7e85e663ca84e457677c4", - "zh:9b232b4ef7201d4fadeac51e2e6f1cca0fc4d4a152fbe303c951471954a10211", - "zh:9c6189a2741598ce62bbd6266aed62928c93f26a0bf5671b14fa8bc816b1aad0", - "zh:abeec8da33a03a5f51e5f5e652ebe2d95c02fdd23b6ec057378cdbe5e7c772de", - "zh:b103d9bc4ef6428bd41efcb70b6c128e4b1492df54082749993bd7f32db5997d", - "zh:bf0fedab9e0d0d7d3710d3184aae406ad3e7e55aae6c4df25fd40194472a8b04", - "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", - ] -} diff --git a/infrastructure/terraform/devpre/main.tf b/infrastructure/terraform/devpre/main.tf deleted file mode 100644 index 9a631c46a..000000000 --- a/infrastructure/terraform/devpre/main.tf +++ /dev/null @@ -1,69 +0,0 @@ -# Bucket must exist before running -# Ensure it's private and has versioning enabled - -terraform { - backend "s3" { - bucket = "qppsf-conversion-tool-tf-state" - key = "qppsf/conversion-tool-devpre.tfstate" - region = "us-east-1" - encrypt = "true" - } - - required_providers { - aws = { - source = "hashicorp/aws" - version = "4.55.0" - } - } - required_version = "1.5.0" -} - -provider "aws" { - region = var.region - # QPPSE-1208 - default_tags { - tags = var.default_tags - } -} - -module "conversion-tool" { - source = "../modules" - - pagerduty_email = var.pagerduty_email - lb_security_group = var.lb_security_group - vpc_cidr = var.vpc_cidr - vpn_security_group = var.vpn_security_group - project_name = var.project_name - vpc_id = var.vpc_id - app_subnet2 = var.app_subnet2 - app_subnet3 = var.app_subnet3 - owner = var.owner - sensitivity = var.sensitivity - app_subnet1 = var.app_subnet1 - environment = var.environment - application = var.application - git-origin = var.git-origin - certificate_arn = var.certificate_arn - codebuild_branch_ref = var.codebuild_branch_ref - team = var.team - allow_kms_keys = var.allow_kms_keys - ## QPPSE-1208 - tags = var.default_tags -} - -module "conversion-tool-newrelic" { - source = "../modules/newrelic" - - environment = var.environment - application = var.application - -} - -module "conversion-tool-newrelic-synthetics" { - source = "../modules/newrelic-synthetics" - - environment = var.environment - application = var.application - ct_api_url = var.ct_api_url - -} \ No newline at end of file diff --git a/infrastructure/terraform/devpre/terraform.tfvars b/infrastructure/terraform/devpre/terraform.tfvars deleted file mode 100644 index 39ab43576..000000000 --- a/infrastructure/terraform/devpre/terraform.tfvars +++ /dev/null @@ -1,20 +0,0 @@ -project_name = "qppsf-ct" -region = "us-east-1" -vpc_id = "vpc-0c315d14e8fe5482a" -environment = "devpre" -team = "qppsf" -app_subnet1 = "subnet-09cd2f786f9bb8533" -app_subnet2 = "subnet-0385992d38126623d" -app_subnet3 = "subnet-0555e670ea8b3a3c9" -vpc_cidr = ["10.233.232.0/21", "10.232.36.0/24"] -vpn_security_group = "sg-0535b1c550ac2cc5c" -lb_security_group = "sg-021c06e58040a87ed" -pagerduty_email = "893a0342-571a-43d4-ad5e-f4b0aef7654b+CT-routingkey-prod@alert.victorops.com" -owner = "qpp-final-scoring-devops@semanticbits.com" -git-origin = "https://github.com/CMSgov/qpp-conversion-tool.git" -application = "qpp-conversiontool" -sensitivity = "PII/PHI" -certificate_arn = "arn:aws:acm:us-east-1:003384571330:certificate/11076543-8f28-4cbd-955b-d78db666e05a" -ct_api_url = "https://preview.qpp.cms.gov/api/submissions/converter/health" -codebuild_branch_ref = "refs/heads/master" -allow_kms_keys = ["arn:aws:kms:us-east-1:003384571330:key/ff7fca93-2b54-402a-9734-73d5b8538943","arn:aws:kms:us-east-1:003384571330:key/ecc43cde-608b-488b-8295-41a8d9bee42d","arn:aws:kms:us-east-1:003384571330:key/eb29db32-6833-4a3c-b067-a55fcf0c48c6","arn:aws:kms:us-east-1:003384571330:key/1863d256-47dd-4875-ac19-b744853f3609","arn:aws:kms:us-east-1:003384571330:key/320a1f44-7ffd-4ede-817b-a738375514b6","arn:aws:kms:us-east-1:003384571330:key/3f32fbb4-f735-48fd-bb02-1804f3d8f45a","arn:aws:kms:us-east-1:003384571330:key/4d9c8e8f-eee7-410a-a325-7c6a79bdbc31","arn:aws:kms:us-east-1:003384571330:key/71ca03b3-d3f2-4b6b-a250-59d5af6804c6","arn:aws:kms:us-east-1:003384571330:key/79839ee5-a18c-40c3-9efa-71c488ad4589","arn:aws:kms:us-east-1:003384571330:key/7b57229b-8dfc-4121-8cb3-939acf91ac09","arn:aws:kms:us-east-1:003384571330:key/895c193a-b42d-4a66-96cd-136f2da62133","arn:aws:kms:us-east-1:003384571330:key/a4507982-fe74-4f96-845a-c7552dbf99cb","arn:aws:kms:us-east-1:003384571330:key/bc788e72-24df-447d-852c-47f1bb14e4a9","arn:aws:kms:us-east-1:003384571330:key/e8593690-f5bf-44a6-a30b-2cee79307a25"] \ No newline at end of file diff --git a/infrastructure/terraform/devpre/variables.tf b/infrastructure/terraform/devpre/variables.tf deleted file mode 100644 index da88bda12..000000000 --- a/infrastructure/terraform/devpre/variables.tf +++ /dev/null @@ -1,119 +0,0 @@ -variable "project_name" { - description = "Team or Project" - type = string -} - -variable "environment" { - type = string -} - -variable "team" { - type = string - description = "QPP Team" -} - -variable "region" { - type = string - default = "us-east-1" -} - -variable "vpc_id" { - type = string -} - -variable "app_subnet1" { - type = string -} - -variable "app_subnet2" { - type = string -} - -variable "app_subnet3" { - type = string -} - -variable "vpn_security_group" { - type = string -} - -variable "lb_security_group" { - type = string -} - -variable "vpc_cidr" { - type = list -} - -variable "pagerduty_email" { - type = string -} - -variable "owner" { - type = string -} - -variable "application" { - type = string -} - -variable "sensitivity" { - type = string -} - -variable "git-origin" { - type = string -} - -variable "certificate_arn" { - description = "SSL Certificate arn for the environment" - type = string -} - -variable "ct_api_url" { - type = string - description = "ConversionTool HealthCheck URL" -} - -variable "codebuild_branch_ref" { - type = string - description = "ConversionTool Branch Ref" -} - -variable "allow_kms_keys" { - description = "kms arns to be allowed" -} -# QPPSE-1208 -variable "default_tags" { - description = "default project tags for compliance" - type = object ({ - Name = string - qpp_owner = string # email_addr - qpp_incident-response-email = string # email_addr - qpp_application = string - qpp_environment = string - qpp_layer = string # primarily EC2 - qpp_distribution = optional(string) # optional, primarily EC2 - cpm-backup = optional(string) # optional, primarily EC2 + RDS - qpp_expiry-date = optional(number) # optional, Unix timestamp - qpp_source-ami = optional(string) # optional, primarily EC2 - qpp_sensitivity = string - qpp_description = string - qpp_iac-repo-url = string - }) - default = { - Name = "qppsf-ct project" - qpp_owner = "qpp-final-scoring-devops@semanticbits.com" # email_addr - qpp_incident-response-email = "893a0342-571a-43d4-ad5e-f4b0aef7654b+CT-routingkey-prod@alert.victorops.com" # email_addr - qpp_application = "qpp-conversiontool" - qpp_environment = "devpre" - qpp_layer = "Application" # primarily EC2 - ###qpp_distribution = "" # optional, primarily EC2 - ###cpm-backup = "" # optional, primarily EC2 + RDS - ###qpp_expiry-date = 2147483647 # optional, Unix timestamp - ###qpp_source-ami = "" # optional, primarily EC2 - qpp_sensitivity = "Confidential" - qpp_description = "default tag set" - qpp_iac-repo-url = "https://github.com/CMSgov/qpp-conversion-tool.git" - } -} \ No newline at end of file diff --git a/infrastructure/terraform/impl/.terraform.lock.hcl b/infrastructure/terraform/impl/.terraform.lock.hcl deleted file mode 100644 index 19d675a9a..000000000 --- a/infrastructure/terraform/impl/.terraform.lock.hcl +++ /dev/null @@ -1,51 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.55.0" - constraints = "4.55.0" - hashes = [ - "h1:znXGcgeQe5QHI6n7XbGCd/o1uc9r5Z1H533+V520l8g=", - "zh:0866f25575bad3b9c313cd778c94fc65e79d335af2d20a3480f79d7731d93b7b", - "zh:2c05c16155cbc054622cf83e4b6614fef35935b00b238e4c21ee225e6c896770", - "zh:2efba66649fb12af0492c6cce4e2361fe9139df648734264f61a9a1ef754df53", - "zh:3c60bb53e3b65d7f86699fae0797a55a9aa41b8ba377aaff4daf23d1661393a9", - "zh:41f6dcd90b54b623d523df8fb4a30779cfe22e9ab59516bc05b29291a7af0946", - "zh:4b8330b154e9e2d035dd5488abcac25efec1fa6055d3a70894a8c0384f0579d6", - "zh:595f263706cf1fb6b8447e2ec343638de4360841a15e6bff6ccbb0ff86c7ce74", - "zh:5dfc5b858a43cf45fde5542eb673f6104c14cdc3d73843d1b87a9e44545cbad4", - "zh:7bbe05cf30521f0110603bb84995a4025ce7810626010276600e4b402143df27", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a490e68c63504d3301d6dcb700c95778d93bb2baa6632a46c5a1d62862a7067c", - "zh:c4f9f6659148528375c8a822163925c9aae490ccce2e6301cefbbab009531971", - "zh:ef66070f957408f1c924ddfd5dbd0d34bce16efd9e36ccecbf699de72beb131f", - "zh:f7ba5e3e62a2b51b24e326797a89fdd86bafaea7d1912738d514c9903c14d7f2", - "zh:ffc20b7d9f7bd331fb6451d0fc92c68196383d7115e69380de6566cc268cb9b9", - ] -} - -provider "registry.terraform.io/newrelic/newrelic" { - version = "3.25.2" - constraints = "3.25.2" - hashes = [ - "h1:La0S/OCpMHuDXh5uQI2Fj7MNGyDMT3Fvig9BPt271Tk=", - "zh:0ff5e19389b1d7897caa16703c71b7cb5e89bf7ba65b18fbb86169ca7882513d", - "zh:1353c8ec5412514ac3e311ab3a7d529be73ae2157e17c705f8cb83c9a7f718d2", - "zh:1b4a4e03ee4d192276a52d6a591f0879f4f96532832d5436a32d15833f5866e4", - "zh:201daaeeeb0db6dc695b9c4f1c291f3528848de2c88ce52f05c5a7aa088b41dd", - "zh:240ae4f4bcba246c2fa4f6dc4205097a2dbc423f4e73c8a9b62b0cdcba3b29ba", - "zh:2efa612deb1040a147b5e6d1cf54d0b4087f40842ef0186f7bd5e2016f82233c", - "zh:3288ee8ce37773d005baaafb2621e9e248c4606b69db508fdc57cb0af2666013", - "zh:4bc27526cf154b9d477e14210a76dd93ff680322bc65f46707f55ef34a0ea456", - "zh:57cb1f10f0000b200cfa3c106e76085b44c93704a8710de6beae9d63ce0a5ea3", - "zh:747bdb4a2e7be12391f44f9abce49a65c168a200659cd89a7b9dd94ea0bebee1", - "zh:8e44acefa2a7446996b7698dad912d2cace136c0a493ff2f85317a4c003dbbb5", - "zh:984ac9ced9006b7d8a549ae9c08f17ca21f2339668d7e85e663ca84e457677c4", - "zh:9b232b4ef7201d4fadeac51e2e6f1cca0fc4d4a152fbe303c951471954a10211", - "zh:9c6189a2741598ce62bbd6266aed62928c93f26a0bf5671b14fa8bc816b1aad0", - "zh:abeec8da33a03a5f51e5f5e652ebe2d95c02fdd23b6ec057378cdbe5e7c772de", - "zh:b103d9bc4ef6428bd41efcb70b6c128e4b1492df54082749993bd7f32db5997d", - "zh:bf0fedab9e0d0d7d3710d3184aae406ad3e7e55aae6c4df25fd40194472a8b04", - "zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25", - ] -} diff --git a/infrastructure/terraform/impl/main.tf b/infrastructure/terraform/impl/main.tf deleted file mode 100644 index 02fb4feb8..000000000 --- a/infrastructure/terraform/impl/main.tf +++ /dev/null @@ -1,60 +0,0 @@ -# Bucket must exist before running -# Ensure it's private and has versioning enabled - -terraform { - backend "s3" { - bucket = "qppsf-conversion-tool-tf-state" - key = "qppsf/conversion-tool-impl.tfstate" - region = "us-east-1" - encrypt = "true" - } - - required_providers { - aws = { - source = "hashicorp/aws" - version = "4.55.0" - } - } - required_version = "1.5.0" -} - -provider "aws" { - region = var.region - # QPPSE-1208 - default_tags { - tags = var.default_tags - } -} - -module "conversion-tool" { - source = "../modules" - - pagerduty_email = var.pagerduty_email - lb_security_group = var.lb_security_group - vpc_cidr = var.vpc_cidr - vpn_security_group = var.vpn_security_group - project_name = var.project_name - vpc_id = var.vpc_id - app_subnet2 = var.app_subnet2 - app_subnet3 = var.app_subnet3 - owner = var.owner - sensitivity = var.sensitivity - app_subnet1 = var.app_subnet1 - environment = var.environment - application = var.application - git-origin = var.git-origin - certificate_arn = var.certificate_arn - codebuild_branch_ref = var.codebuild_branch_ref - team = var.team - allow_kms_keys = var.allow_kms_keys - ## QPPSE-1208 - tags = var.default_tags -} - -module "conversion-tool-newrelic" { - source = "../modules/newrelic/" - - environment = var.environment - application = var.application - -} \ No newline at end of file diff --git a/infrastructure/terraform/impl/terraform.tfvars b/infrastructure/terraform/impl/terraform.tfvars deleted file mode 100644 index 5fd45c37c..000000000 --- a/infrastructure/terraform/impl/terraform.tfvars +++ /dev/null @@ -1,19 +0,0 @@ -project_name = "qppsf-ct" -region = "us-east-1" -vpc_id = "vpc-48f26131" -environment = "impl" -team = "qppsf" -app_subnet1 = "subnet-bd3f72f5" -app_subnet2 = "subnet-0f21a355" -app_subnet3 = "subnet-31957055" -vpc_cidr = ["10.138.168.0/21", "10.232.36.0/24"] -vpn_security_group = "sg-15086661" -lb_security_group = "sg-3cc0b34d" -pagerduty_email = "893a0342-571a-43d4-ad5e-f4b0aef7654b+CT-routingkey-nonprod@alert.victorops.com" -owner = "qpp-final-scoring-devops@semanticbits.com" -git-origin = "https://github.com/CMSgov/qpp-conversion-tool.git" -application = "qpp-conversiontool" -sensitivity = "PII/PHI" -certificate_arn = "arn:aws:acm:us-east-1:003384571330:certificate/de5868ca-f22d-4ea3-b9a0-346966b27a41" -codebuild_branch_ref = "refs/heads/release/" -allow_kms_keys = ["arn:aws:kms:us-east-1:003384571330:key/ff7fca93-2b54-402a-9734-73d5b8538943","arn:aws:kms:us-east-1:003384571330:key/ecc43cde-608b-488b-8295-41a8d9bee42d","arn:aws:kms:us-east-1:003384571330:key/eb29db32-6833-4a3c-b067-a55fcf0c48c6","arn:aws:kms:us-east-1:003384571330:key/1863d256-47dd-4875-ac19-b744853f3609","arn:aws:kms:us-east-1:003384571330:key/320a1f44-7ffd-4ede-817b-a738375514b6","arn:aws:kms:us-east-1:003384571330:key/3f32fbb4-f735-48fd-bb02-1804f3d8f45a","arn:aws:kms:us-east-1:003384571330:key/4d9c8e8f-eee7-410a-a325-7c6a79bdbc31","arn:aws:kms:us-east-1:003384571330:key/71ca03b3-d3f2-4b6b-a250-59d5af6804c6","arn:aws:kms:us-east-1:003384571330:key/79839ee5-a18c-40c3-9efa-71c488ad4589","arn:aws:kms:us-east-1:003384571330:key/7b57229b-8dfc-4121-8cb3-939acf91ac09","arn:aws:kms:us-east-1:003384571330:key/895c193a-b42d-4a66-96cd-136f2da62133","arn:aws:kms:us-east-1:003384571330:key/a4507982-fe74-4f96-845a-c7552dbf99cb","arn:aws:kms:us-east-1:003384571330:key/bc788e72-24df-447d-852c-47f1bb14e4a9","arn:aws:kms:us-east-1:003384571330:key/e8593690-f5bf-44a6-a30b-2cee79307a25"] \ No newline at end of file diff --git a/infrastructure/terraform/impl/variables.tf b/infrastructure/terraform/impl/variables.tf deleted file mode 100644 index cb816cbdf..000000000 --- a/infrastructure/terraform/impl/variables.tf +++ /dev/null @@ -1,115 +0,0 @@ -variable "project_name" { - description = "Team or Project" - type = string -} - -variable "environment" { - type = string -} - -variable "team" { - type = string - description = "QPP Team" -} - -variable "region" { - type = string - default = "us-east-1" -} - -variable "vpc_id" { - type = string -} - -variable "app_subnet1" { - type = string -} - -variable "app_subnet2" { - type = string -} - -variable "app_subnet3" { - type = string -} - -variable "vpn_security_group" { - type = string -} - -variable "lb_security_group" { - type = string -} - -variable "vpc_cidr" { - type = list -} - -variable "pagerduty_email" { - type = string -} - -variable "owner" { - type = string -} - -variable "application" { - type = string -} - -variable "sensitivity" { - type = string -} - -variable "git-origin" { - type = string -} - -variable "certificate_arn" { - description = "SSL Certificate arn for the environment" - type = string -} - -variable "codebuild_branch_ref" { - type = string - description = "ConversionTool Branch Ref" -} - -variable "allow_kms_keys" { - description = "kms arns to be allowed" -} - -# QPPSE-1208 -variable "default_tags" { - description = "default project tags for compliance" - type = object ({ - Name = string - qpp_owner = string # email_addr - qpp_incident-response-email = string # email_addr - qpp_application = string - qpp_environment = string - qpp_layer = string # primarily EC2 - qpp_distribution = optional(string) # optional, primarily EC2 - cpm-backup = optional(string) # optional, primarily EC2 + RDS - qpp_expiry-date = optional(number) # optional, Unix timestamp - qpp_source-ami = optional(string) # optional, primarily EC2 - qpp_sensitivity = string - qpp_description = string - qpp_iac-repo-url = string - }) - default = { - Name = "qppsf-ct project" - qpp_owner = "qpp-final-scoring-devops@semanticbits.com" # email_addr - qpp_incident-response-email = "893a0342-571a-43d4-ad5e-f4b0aef7654b+CT-routingkey-nonprod@alert.victorops.com" # email_addr - qpp_application = "qpp-conversiontool" - qpp_environment = "impl" - qpp_layer = "Application" # primarily EC2 - ###qpp_distribution = "" # optional, primarily EC2 - ###cpm-backup = "" # optional, primarily EC2 + RDS - ###qpp_expiry-date = 2147483647 # optional, Unix timestamp - ###qpp_source-ami = "" # optional, primarily EC2 - qpp_sensitivity = "Confidential" - qpp_description = "default tag set" - qpp_iac-repo-url = "https://github.com/CMSgov/qpp-conversion-tool.git" - } -} \ No newline at end of file diff --git a/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/README.md b/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/README.md deleted file mode 100644 index 4079dfacc..000000000 --- a/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/README.md +++ /dev/null @@ -1,3 +0,0 @@ -Kinesis Stream to capture Cloudwatch Log groups and Forward to Splunk - -Code Source: https://github.com/murikadan/Stream-AWS-CloudWatch-Logs-via-AWS-Lambda-into-Splunk \ No newline at end of file diff --git a/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/index.js b/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/index.js deleted file mode 100644 index c30e281c0..000000000 --- a/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/index.js +++ /dev/null @@ -1,80 +0,0 @@ -/** - * Stream events from AWS CloudWatch Logs to Splunk - * - * This function streams AWS CloudWatch Logs to Splunk using - * Splunk's HTTP event collector API. - * - * Define the following Environment Variables in the console below to configure - * this function to stream logs to your Splunk host: - * - * 1. SPLUNK_HEC_URL: URL address for your Splunk HTTP event collector endpoint. - * Default port for event collector is 8088. Example: https://host.com:8088/services/collector - * - * 2. SPLUNK_HEC_TOKEN: Token for your Splunk HTTP event collector. - * To create a new token for this Lambda function, refer to Splunk Docs: - * http://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#Create_an_Event_Collector_token - */ - -'use strict'; - -const loggerConfig = { - url: process.env.SPLUNK_URL, - token: process.env.SPLUNK_TOKEN, -}; - -const SplunkLogger = require('./lib/splunklogger'); -const zlib = require('zlib'); - -const logger = new SplunkLogger(loggerConfig); - -exports.handler = (event, context, callback) => { - console.log('Received event:', JSON.stringify(event, null, 2)); - - event.Records.forEach(function(record) { - // Kinesis data is base64 encoded so decode here - var payload = Buffer.from(record.kinesis.data, 'base64'); - console.log('Decoded payload:', payload); - zlib.gunzip(payload, (err, result) => { - if (err) { - callback(err); - } else { - const parsed = JSON.parse(result.toString('ascii')); - console.log('Decoded payload:', JSON.stringify(parsed, null, 2)); - let count = 0; - if (parsed.logEvents) { - parsed.logEvents.forEach((item) => { - /* Log event to Splunk with explicit event timestamp. - - Use optional 'context' argument to send Lambda metadata e.g. awsRequestId, functionName. - - Change "item.timestamp" below if time is specified in another field in the event. - - Change to "logger.log(item.message, context)" if no time field is present in event. */ - logger.logWithTime(item.timestamp, item.message, context); - - /* Alternatively, UNCOMMENT logger call below if you want to override Splunk input settings */ - /* Log event to Splunk with any combination of explicit timestamp, index, source, sourcetype, and host. - - Complete list of input settings available at http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector */ - // logger.logEvent({ - // time: new Date(item.timestamp).getTime() / 1000, - // host: 'serverless', - // source: `lambda:${context.functionName}`, - // sourcetype: 'httpevent', - // index: 'main', - // event: item.message, - // }); - - count += 1; - }); - } - // Send all the events in a single batch to Splunk - logger.flushAsync((error, response) => { - if (error) { - callback(error); - } else { - console.log(`Response from Splunk:\n${response}`); - console.log(`Successfully processed ${count} log event(s).`); - callback(null, count); // Return number of log events - } - }); - } - }); - }); -}; diff --git a/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/lib/splunklogger.js b/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/lib/splunklogger.js deleted file mode 100644 index c616fc752..000000000 --- a/infrastructure/terraform/modules/Kinesis-cloudwatch-splunk/lib/splunklogger.js +++ /dev/null @@ -1,92 +0,0 @@ -'use strict'; - -const url = require('url'); - -const Logger = function Logger(config) { - this.url = config.url; - this.token = config.token; - - this.addMetadata = true; - this.setSource = true; - - this.parsedUrl = url.parse(this.url); - // eslint-disable-next-line import/no-dynamic-require - this.requester = require(this.parsedUrl.protocol.substring(0, this.parsedUrl.protocol.length - 1)); - // Initialize request options which can be overridden & extended by consumer as needed - this.requestOptions = { - hostname: this.parsedUrl.hostname, - path: this.parsedUrl.path, - port: this.parsedUrl.port, - method: 'POST', - headers: { - Authorization: `Splunk ${this.token}`, - }, - rejectUnauthorized: false, - }; - - this.payloads = []; -}; - -// Simple logging API for Lambda functions -Logger.prototype.log = function log(message, context) { - this.logWithTime(Date.now(), message, context); -}; - -Logger.prototype.logWithTime = function logWithTime(time, message, context) { - const payload = {}; - - if (Object.prototype.toString.call(message) === '[object Array]') { - throw new Error('message argument must be a string or a JSON object.'); - } - payload.event = message; - - // Add Lambda metadata - if (typeof context !== 'undefined') { - if (this.addMetadata) { - // Enrich event only if it is an object - if (message === Object(message)) { - payload.event = JSON.parse(JSON.stringify(message)); // deep copy - payload.event.awsRequestId = context.awsRequestId; - } - } - if (this.setSource) { - payload.source = `CloudWatch:${context.functionName}`; - } - } - - payload.time = new Date(time).getTime() / 1000; - - this.logEvent(payload); -}; - -Logger.prototype.logEvent = function logEvent(payload) { - this.payloads.push(JSON.stringify(payload)); -}; - -Logger.prototype.flushAsync = function flushAsync(callback) { - callback = callback || (() => {}); // eslint-disable-line no-param-reassign - - console.log('Sending event(s)'); - const req = this.requester.request(this.requestOptions, (res) => { - res.setEncoding('utf8'); - - console.log('Response received'); - res.on('data', (data) => { - let error = null; - if (res.statusCode !== 200) { - error = new Error(`error: statusCode=${res.statusCode}\n\n${data}`); - console.error(error); - } - this.payloads.length = 0; - callback(error, data); - }); - }); - - req.on('error', (error) => { - callback(error); - }); - - req.end(this.payloads.join(''), 'utf8'); -}; - -module.exports = Logger; diff --git a/infrastructure/terraform/modules/alb.tf b/infrastructure/terraform/modules/alb.tf deleted file mode 100644 index c67a9775d..000000000 --- a/infrastructure/terraform/modules/alb.tf +++ /dev/null @@ -1,103 +0,0 @@ -# QPPSE-1208 -locals { - ctalb_tags = { - Name = "${var.project_name}-alb-${var.environment}" - qpp_owner = var.owner - qpp_incident-response-email = var.pagerduty_email - qpp_application = var.application - qpp_project = var.project_name - qpp_environment = var.environment - qpp_layer = "Application" - qpp_sensitivity = var.sensitivity - qpp_description = "Application Load Balancer for Conversiontool" - qpp_iac-repo-url = var.git-origin - } - ctalb_tgtgrp_tags = { - Name = "${var.project_name}-alb-targetgrp-${var.environment}" - qpp_owner = var.owner - qpp_incident-response-email = var.pagerduty_email - qpp_application = var.application - qpp_project = var.project_name - qpp_environment = var.environment - qpp_layer = "Application" - qpp_sensitivity = var.sensitivity - qpp_description = "Application Load Balancer Target Group for Conversiontool" - qpp_iac-repo-url = var.git-origin - } - ctlb_ssl_tags = { - Name = "${var.project_name}-lb-SSL-${var.environment}" - qpp_description = "Application Load Balancer with SSL for Conversiontool" - qpp_owner = var.owner - qpp_incident-response-email = var.pagerduty_email - qpp_application = var.application - qpp_project = var.project_name - qpp_environment = var.environment - qpp_layer = "Application" - qpp_sensitivity = var.sensitivity - } -} - -resource "aws_lb" "qppsf" { - name = "qppsf-conversion-tool-lb-${var.environment}" - internal = true - load_balancer_type = "application" - security_groups = [aws_security_group.ct_app.id, var.vpn_security_group, var.lb_security_group, aws_security_group.conversion-tool_alb.id] - subnets = [var.app_subnet1, var.app_subnet2, var.app_subnet3] - - enable_deletion_protection = true - -# QPPSE-1208 - tags = merge(var.tags,local.ctalb_tags) - - access_logs { - bucket = aws_s3_bucket.log_bucket.id - prefix = "conversion-tool/${var.environment}" - enabled = true - } - drop_invalid_header_fields = true -} - -#ALB Target group for HTTPS -resource "aws_lb_target_group" "conversion-tg-ssl" { - name = "conversion-tg-${var.environment}-ssl" - port = 8443 - protocol = "HTTPS" - vpc_id = var.vpc_id - target_type = "ip" - - depends_on = [aws_lb.qppsf] - - health_check { - protocol = "HTTPS" - path = "/health" - matcher = "200-499" - } - -# QPPSE-1208 - tags = merge(var.tags,local.ctalb_tgtgrp_tags) -} - -#ALB Listener for HTTPS -resource "aws_lb_listener" "conversion-tool-ssl" { - load_balancer_arn = aws_lb.qppsf.arn - port = "443" - protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-2016-08" - certificate_arn = var.certificate_arn - - default_action { - type = "forward" - target_group_arn = aws_lb_target_group.conversion-tg-ssl.arn - } - # QPPSE-1208 - tags = merge(var.tags,local.ctlb_ssl_tags) -} - -resource "aws_security_group_rule" "ct-ingress-from-https-elb-to-ui" { - from_port = 443 - to_port = 8443 - protocol = "tcp" - security_group_id = aws_security_group.ct_app.id - source_security_group_id = aws_security_group.conversion-tool_alb.id - type = "ingress" -} diff --git a/infrastructure/terraform/modules/codebuild.tf b/infrastructure/terraform/modules/codebuild.tf deleted file mode 100644 index c8be5b173..000000000 --- a/infrastructure/terraform/modules/codebuild.tf +++ /dev/null @@ -1,72 +0,0 @@ -############################################################# CodeBuild ############################################### -resource "aws_codebuild_webhook" "codebuild_webhook_event" { - project_name = aws_codebuild_project.conversion_tool_codebuild_project.name - build_type = "BUILD" - filter_group { - filter { - type = "EVENT" - pattern = "PUSH" - } - - filter { - type = "HEAD_REF" - pattern = var.codebuild_branch_ref - } - } -} - -resource "aws_codebuild_project" "conversion_tool_codebuild_project" { - name = "${var.team}-${var.environment}-conversiontool-codebuild-ecs-deploy" - description = "CodeBuild project for ConversionTool, ECR Publish and ECS Deploy" - build_timeout = "120" - service_role = "${aws_iam_role.conversiontool_codebuild_servicerole.arn}" - - - artifacts { - type = "NO_ARTIFACTS" - } - - - source { - type = "GITHUB" - location = var.git-origin - git_clone_depth = 1 - buildspec = "./buildspec.yml" - - git_submodules_config { - fetch_submodules = true - } - } - - environment { - image = "aws/codebuild/standard:5.0" - type = "LINUX_CONTAINER" - compute_type = "BUILD_GENERAL1_MEDIUM" - image_pull_credentials_type = "CODEBUILD" - privileged_mode = true - - environment_variable { - name = "ENVIRONMENT" - value = var.environment - } - environment_variable { - name = "CERT_CP_PATH" - value = "rest-api/src/main/resources/" - } - environment_variable { - name = "ecs_container_name" - value = "conversion-tool" - } - } - - logs_config { - cloudwatch_logs { - group_name = "${var.project_name}-conversiontool-codebuild-${var.environment}-log-group" - stream_name = "${var.project_name}-conversiontool-codebuild-${var.environment}-log-stream" - } - - s3_logs { - status = "DISABLED" - } - } -} \ No newline at end of file diff --git a/infrastructure/terraform/modules/ecr.tf b/infrastructure/terraform/modules/ecr.tf deleted file mode 100644 index d9d5dfef2..000000000 --- a/infrastructure/terraform/modules/ecr.tf +++ /dev/null @@ -1,79 +0,0 @@ -# QPPSE-1208 -locals { - ctecr_tags = { - Name = "${var.project_name}-ecr-${var.environment}" - qpp_owner = var.owner - qpp_incident-response-email = var.pagerduty_email - qpp_application = var.application - qpp_project = var.project_name - qpp_environment = var.environment - qpp_layer = "Application" - qpp_sensitivity = var.sensitivity - qpp_description = "ECR Repo for Conversiontool" - qpp_iac-repo-url = var.git-origin - } -} - -resource "aws_ecr_repository" "qpp-final-scoring-ct" { - name = "qppsf/conversion-tool/${var.environment}" - image_tag_mutability = "MUTABLE" - - image_scanning_configuration { - scan_on_push = true - } - -# QPPSE-1208 - tags = merge(var.tags,local.ctecr_tags) -} - -resource "aws_ecr_repository_policy" "qpp-ecr-repository" { - repository = aws_ecr_repository.qpp-final-scoring-ct.name - - policy = <