From fe11bd82bcd858c4543f5659706c8c3ed138503c Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Mon, 16 Oct 2023 12:02:03 +0100 Subject: [PATCH 01/92] LAWS-3514: added module for s3 bucket in apex --- terraform/environments/apex/module/s3/main.tf | 28 +++++++++++++++++++ .../environments/apex/module/s3/variables.tf | 23 +++++++++++++++ terraform/environments/apex/s3.tf | 12 ++++++++ 3 files changed, 63 insertions(+) create mode 100644 terraform/environments/apex/module/s3/main.tf create mode 100644 terraform/environments/apex/module/s3/variables.tf create mode 100644 terraform/environments/apex/s3.tf diff --git a/terraform/environments/apex/module/s3/main.tf b/terraform/environments/apex/module/s3/main.tf new file mode 100644 index 00000000000..82087a54475 --- /dev/null +++ b/terraform/environments/apex/module/s3/main.tf @@ -0,0 +1,28 @@ +resource "aws_s3_bucket" "laa-lambda-backup" { +bucket = var.bucket_name +tags = var.tags +} + +resource "aws_s3_bucket_ownership_controls" "default" { + bucket = aws_s3_bucket.default.id + rule { + object_ownership = var.ownership_controls + } +} + +resource "aws_s3_bucket_acl" "default" { + bucket = aws_s3_bucket.default.id + acl = var.acl + depends_on = [ + aws_s3_bucket_ownership_controls.default + ] +} + +resource "aws_s3_bucket_public_access_block" "default" { + bucket = aws_s3_bucket.default.bucket + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + diff --git a/terraform/environments/apex/module/s3/variables.tf b/terraform/environments/apex/module/s3/variables.tf new file mode 100644 index 00000000000..87948a4c854 --- /dev/null +++ b/terraform/environments/apex/module/s3/variables.tf @@ -0,0 +1,23 @@ +variable "bucket_name" { + type = string + description = "S3 bucket name" + default = null +} + +variable "tags" { + type = map(any) + description = "Tags to apply to resources, where applicable" +} + +variable "ownership_controls" { + type = string + description = "Bucket Ownership Controls - for use WITH acl var above options are 'BucketOwnerPreferred' or 'ObjectWriter'. To disable ACLs and use new AWS recommended controls set this to 'BucketOwnerEnforced' and which will disabled ACLs and ignore var.acl" + default = "ObjectWriter" +} + +variable "acl" { + type = string + description = "Use canned ACL on the bucket instead of BucketOwnerEnforced ownership controls. var.ownership_controls must be set to corresponding value below." + default = "private" +} + diff --git a/terraform/environments/apex/s3.tf b/terraform/environments/apex/s3.tf new file mode 100644 index 00000000000..f8f13e88935 --- /dev/null +++ b/terraform/environments/apex/s3.tf @@ -0,0 +1,12 @@ +module "s3_bucket_lambda" { + source = "./module/s3" + + bucket_name = "laa-${local.application_name}-${local.environment}-mp" # Added suffix -mp to the name as it must be unique from the existing bucket in LZ + # bucket_prefix not used in case bucket name get referenced as part of EC2 AMIs + + tags = merge( + local.tags, + { Name = "laa-${local.application_name}-${local.environment}-mp" } + ) + +} \ No newline at end of file From 26cf53237a04d4ddcb366b53b43df40ff17c0dab Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Mon, 16 Oct 2023 12:10:13 +0100 Subject: [PATCH 02/92] LAWS-3514: updated bucket name in s3 module --- terraform/environments/apex/module/s3/main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/environments/apex/module/s3/main.tf b/terraform/environments/apex/module/s3/main.tf index 82087a54475..302c985cad6 100644 --- a/terraform/environments/apex/module/s3/main.tf +++ b/terraform/environments/apex/module/s3/main.tf @@ -4,14 +4,14 @@ tags = var.tags } resource "aws_s3_bucket_ownership_controls" "default" { - bucket = aws_s3_bucket.default.id + bucket = aws_s3_bucket.laa-lambda-backup.id rule { object_ownership = var.ownership_controls } } resource "aws_s3_bucket_acl" "default" { - bucket = aws_s3_bucket.default.id + bucket = aws_s3_bucket.laa-lambda-backup.id acl = var.acl depends_on = [ aws_s3_bucket_ownership_controls.default @@ -19,7 +19,7 @@ resource "aws_s3_bucket_acl" "default" { } resource "aws_s3_bucket_public_access_block" "default" { - bucket = aws_s3_bucket.default.bucket + bucket = aws_s3_bucket.laa-lambda-backup.bucket block_public_acls = true block_public_policy = true ignore_public_acls = true From 8d4f4146d5e1aa53cc28769b109ebfd3d56e7045 Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Mon, 16 Oct 2023 15:50:26 +0100 Subject: [PATCH 03/92] LAWS-3514: added lambda for dbsnapshot --- terraform/environments/apex/dbsnapshot.js | 303 ++++++++++++++++++++++ terraform/environments/apex/lambda.tf | 103 ++++++++ 2 files changed, 406 insertions(+) create mode 100644 terraform/environments/apex/dbsnapshot.js create mode 100644 terraform/environments/apex/lambda.tf diff --git a/terraform/environments/apex/dbsnapshot.js b/terraform/environments/apex/dbsnapshot.js new file mode 100644 index 00000000000..68050df9637 --- /dev/null +++ b/terraform/environments/apex/dbsnapshot.js @@ -0,0 +1,303 @@ +///////////////////////////////////////////////////////////////////// +// Automated backup script +// - Calls dbconnect lambda to put DB in backup mode +// - Triggers volume snapshots for all volumes connected to instance +// +// version: 0.1 +// auth: phil h +///////////////////////////////////////////////////////////////////// + +const AWS = require("aws-sdk"); + +//Set date format +var date_ob = new Date(); +var day = ("0" + date_ob.getDate()).slice(-2); +var month = ("0" + (date_ob.getMonth() + 1)).slice(-2); +var year = date_ob.getFullYear(); + +var date = day + "/" + month + "/" + year; + +//lambda object +let lambda = new AWS.Lambda({ apiVersion: "2015-03-31" }); + +//EC2 object +let ec2 = new AWS.EC2({ apiVersion: "2014-10-31" }); + +async function invokeLambdaStart(appname) { + try { + console.log("[+] Putting DB into backup mode"); + + const lambdaInvokeStart = await lambda + .invoke({ + FunctionName: "connectDBFunction", + InvocationType: "RequestResponse", + Payload: JSON.stringify({ action: "begin", appname: appname }), + }) + .promise(); + + //Check lambda returns success + if (lambdaInvokeStart["StatusCode"] == "200"); + { + // Run the volume snapshots + console.log("[+] Creating volume snapshot"); + await handleSnapshot(appname); + } + } catch (e) { + console.log("[-] " + e); + } +} + +async function invokeLambdaStop(appname) { + try { + console.log("[+] Putting DB into normal operations mode"); + + setTimeout(() => { + console.log("[+] Waiting for DB....."); + }, 7000); + + const lambdaInvokeStop = await lambda + .invoke({ + FunctionName: "connectDBFunction", + InvocationType: "RequestResponse", + Payload: JSON.stringify({ action: "end", appname: appname }), + }) + .promise(); + + //Check lambda returns success + if (lambdaInvokeStop["StatusCode"] == "200"); + { + // Run the volume snapshots + console.log("[+] Datatbase is back in normal operations mode"); + } + } catch (e) { + console.log("[-] " + e); + } +} + +async function invokeLambdaFinal(appname) { + try { + console.log("Waiting for DB to be ready"); + await new Promise(resolve => setTimeout(resolve, 30000)); + console.log("[+] Taking final snapshots out of backup mode"); + await handleSnapshot2(appname); + } catch (e) { + console.log("[-]" + e); + } +} + + +// Grab volume id all volumes attached to the instance and snapshot + +async function handleSnapshot(appname) { + try { + // Get all instances of our app + const instances = await getInstanceId(appname); + + // Get all volumes on all instances of our app + var volumes_list = []; + var snapshot_list = []; + for (const instance of instances) { + const volumes = await listVolumes(instance); + volumes_list.push(volumes); + } + + // Loop over instance, if more than 1 instance returned + for (const instance_list of volumes_list) { + for (const volume of instance_list["Volumes"]) { + console.log("Taking snapshot of Volume: ", volume); + var volume_id = volume["VolumeId"]; + var volume_device = volume["Attachments"][0]["Device"]; + var volume_name = ''; + for(var tag of volume['Tags']){ + if(tag['Key'].includes('Name')){ + volume_name = tag['Value']; + } + } + // Trigger EBS snapshots + let snap = await ec2CreateSnapshot(volume_id, appname, volume_device, volume_name, date); + snapshot_list.push(snap.SnapshotId); + } + } + } catch (error) { + console.log(error); + } +} + +//Get instanceId for EC2 instances tagged with Name:{ appname } +// May return more than 1 instance if there are multiple instances with the same name +async function getInstance(appname) { + console.log("Getting all instances tagged with Name:", appname); + return ec2 + .describeInstances({ Filters: [{ Name: "tag:Name", Values: [appname] }] }) + .promise(); +} + +// Capture all app instance IPs in a list +async function getInstanceId(appname) { + var instance_id_list = []; + var instance_data = await getInstance(appname); + for (const res of instance_data["Reservations"]) { + for (const instance of res["Instances"]) { + instance_id_list.push(instance["InstanceId"]); + } + } + console.log("Found ", instance_id_list.length, " instances"); + return instance_id_list; +} + +// List all volumes for EC2 instance + +async function listVolumes(instance_id) { + console.log("getting volumes for ", instance_id); + return ec2 + .describeVolumes({ + Filters: [{ Name: "attachment.instance-id", Values: [instance_id] }], + }) + .promise(); +} + +// Create EC2 snapshot based on volume id + +async function ec2CreateSnapshot(volume, appname, volume_device, volume_name, date) { + console.log("Creating snapshot of volume:", volume, volume_device, volume_name, date); + let params = { + VolumeId: volume, + Description: + appname + " automatically created snapshot and resource volume id: " + volume, + TagSpecifications: [ + { + ResourceType: "snapshot", + Tags: [ + { + Key: "Name", + Value: appname + "-" + volume_name + "-" + volume_device + "-" + date + }, + { + Key: "Application", + Value: appname + }, + { + Key: "Date", + Value: date + }, + { + Key: "dlm:snapshot-with:volume-hourly-35-day-retention", + Value: "yes" + }, + { + Key: "Created_by", + Value: "Automated snapshot created by DBSnapshotFunction Lambda" + } + ], + }, + ], + }; + return ec2.createSnapshot(params).promise(); +} + +async function handleSnapshot2(appname) { + try { + // Get all instances of our app + const instances = await getInstanceId(appname); + + // Get all volumes on all instances of our app + var volumes_list = []; + for (const instance of instances) { + const volumes = await listVolumes(instance); + volumes_list.push(volumes); + } + + // Loop over instance, if more than 1 instance returned + for (const instance_list of volumes_list) { + for (const volume of instance_list["Volumes"]) { + var volume_id = volume["VolumeId"]; + var volume_device = volume["Attachments"][0]["Device"]; + var volume_name=''; + for(var tag of volume['Tags']){ + if(tag['Key'].includes('Name')){ + volume_name = tag['Value']; + } + } + // if the drive is oraarch/oraredo trigger an EBS snapsot + for(const tag of volume['Tags']){ + if (tag['Value'].includes('arch')){ + console.log(volume_id, "is oraarch volume"); + let snap = await ec2CreateSnapshot2(volume_id, appname, volume_device, volume_name, date); + console.log("[+] Taking snapshot " + snap.SnapshotId); + break; + }} + for(const tag of volume['Tags']){ + if (tag['Value'].includes('redo')){ + console.log(volume_id, "is oraredo volume"); + let snap = await ec2CreateSnapshot2(volume_id, appname, volume_device, volume_name, date); + console.log("[+] Taking snapshot " + snap.SnapshotId); + break; + } + } + } + } + } catch (error) { + console.log(error); + } +} + +async function ec2CreateSnapshot2(volume, appname, volume_device, volume_name, date) { + console.log("Creating snapshot of volume:", volume, volume_device, volume_name, date); + let params = { + VolumeId: volume, + Description: + appname + " automatically created snapshot OUT OF BACKUPMODE and resource volume id: " + volume, + TagSpecifications: [ + { + ResourceType: "snapshot", + Tags: [ + { + Key: "Name", + Value: appname + "-" + volume_name + "-" + volume_device + "-" + date + }, + { + Key: "Application", + Value: appname + }, + { + Key: "Date", + Value: date + }, + { + Key: "dlm:snapshot-with:volume-hourly-35-day-retention", + Value: "yes" + }, + { + Key: "Created_by", + Value: "Automated OUT OF BACKUPMODE snapshot created by DBSnapshotFunction Lambda" + } + ], + }, + ], + }; + return ec2.createSnapshot(params).promise(); +} + +exports.handler = async (event, context) => { + const appname = event.appname; + try { + console.log("Putting DB into Hotbackup mode and taking snapshot"); + await invokeLambdaStart(appname); + } + catch (error) { + console.error(error); + } + try{ + console.log("Taking DB out of Hotbackup mode"); + await invokeLambdaStop(appname); + } catch (error) { + console.error(error); + } + try{ + console.log("Operating outside of Hotbackup mode"); + await invokeLambdaFinal(appname); + console.log("Snapshots Complete"); + } catch (error) { + console.error(error); + } +}; \ No newline at end of file diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf new file mode 100644 index 00000000000..e61a51ec4f3 --- /dev/null +++ b/terraform/environments/apex/lambda.tf @@ -0,0 +1,103 @@ +data "aws_iam_policy_document" "assume_role" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["lambda.amazonaws.com","ssm.amazonaws.com"] + } + + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "backuplambdarole" { + name = "backuplambdarole" + assume_role_policy = data.aws_iam_policy_document.assume_role.json +} + +resource "aws_iam_policy" "backuplambdapolicy" { #tfsec:ignore:aws-iam-no-policy-wildcards + name = "${local.application_name}-lambda-instance-policy" + tags = merge( + local.tags, + { + Name = "${local.application_name}-lambda-instance-policy" + } + ) + policy = < Date: Mon, 16 Oct 2023 15:53:34 +0100 Subject: [PATCH 04/92] LAWS-3514: updated snapshotDBFunction with correct iam role name --- terraform/environments/apex/lambda.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index e61a51ec4f3..8b878c1e1a9 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -88,7 +88,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { # path.module in the filename. filename = "snapshotDBFunction.zip" function_name = "snapshotDBFunction" - role = aws_iam_role.iam_for_lambda.arn + role = aws_iam_role.backuplambdarole.arn handler = "snapshot/dbsnapshot.handler" source_code_hash = data.archive_file.lambda_dbsnapshot.output_base64sha256 From 317d1c75bc1bfd50084489a0d229fa75ad1db889 Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Mon, 16 Oct 2023 16:58:38 +0100 Subject: [PATCH 05/92] LAWS-3514: adding lambda funtion as a module - v1.00 --- terraform/environments/apex/lambda.tf | 108 ++---------------- .../environments/apex/module/lambda/main.tf | 100 ++++++++++++++++ .../apex/module/lambda/variables.tf | 40 +++++++ terraform/environments/apex/variables.tf | 5 + 4 files changed, 155 insertions(+), 98 deletions(-) create mode 100644 terraform/environments/apex/module/lambda/main.tf create mode 100644 terraform/environments/apex/module/lambda/variables.tf create mode 100644 terraform/environments/apex/variables.tf diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 8b878c1e1a9..ffb213d1095 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -1,103 +1,15 @@ -data "aws_iam_policy_document" "assume_role" { - statement { - effect = "Allow" +module "lambda_backup" { + source = "./module/lambda" - principals { - type = "Service" - identifiers = ["lambda.amazonaws.com","ssm.amazonaws.com"] - } +backup_policy_name = "${local.application_name}-lambda-instance-policy" +source_file = "" +output_path = "" +filename = "" +function_name = "" +handler = "" - actions = ["sts:AssumeRole"] - } -} - -resource "aws_iam_role" "backuplambdarole" { - name = "backuplambdarole" - assume_role_policy = data.aws_iam_policy_document.assume_role.json -} - -resource "aws_iam_policy" "backuplambdapolicy" { #tfsec:ignore:aws-iam-no-policy-wildcards - name = "${local.application_name}-lambda-instance-policy" - tags = merge( + tags = merge( local.tags, - { - Name = "${local.application_name}-lambda-instance-policy" - } + { Name = "laa-${local.application_name}-${local.environment}-mp" } ) - policy = < Date: Tue, 17 Oct 2023 10:15:44 +0100 Subject: [PATCH 06/92] create lambda module --- .../environments/apex/deletesnapshots.py | 27 +++++++++++++++++++ terraform/environments/apex/lambda.tf | 10 +++---- .../environments/apex/module/lambda/main.tf | 11 ++++---- .../apex/module/lambda/variables.tf | 26 +++++++++--------- terraform/environments/apex/variables.tf | 21 +++++++++++++-- 5 files changed, 71 insertions(+), 24 deletions(-) create mode 100644 terraform/environments/apex/deletesnapshots.py diff --git a/terraform/environments/apex/deletesnapshots.py b/terraform/environments/apex/deletesnapshots.py new file mode 100644 index 00000000000..e222aa8bed8 --- /dev/null +++ b/terraform/environments/apex/deletesnapshots.py @@ -0,0 +1,27 @@ +import boto3 +from datetime import datetime + +ec2 = boto3.client('ec2', 'eu-west-2') +paginator = ec2.get_paginator('describe_snapshots') +page_iterator = paginator.paginate(OwnerIds=['self']) + +def lambda_handler(event, context): + count = 0 + for page in page_iterator: + for snapshot in page['Snapshots']: + a = snapshot['StartTime'] + b = a.date() + c = datetime.now().date() + d = c-b + try: + if d.days > 35 and "automatically created snapshot" in snapshot['Description']: + id = snapshot['SnapshotId'] + print("Found an automatically created snapshot older than 35 days", id) + ec2.delete_snapshot(SnapshotId=id) + count += 1 + except Exception as e: + print(e) + if 'InvalidSnapshot.InUse' in str(e): + print("skipping this snapshot") + continue + print(f"Deleted a total of {count} snapshots") \ No newline at end of file diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index ffb213d1095..5e88b7c33b2 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -2,11 +2,11 @@ module "lambda_backup" { source = "./module/lambda" backup_policy_name = "${local.application_name}-lambda-instance-policy" -source_file = "" -output_path = "" -filename = "" -function_name = "" -handler = "" +source_file = var.source_file[count.index] +output_path = var.output_path[count.index] +filename = var.filename[count.index] +function_name = var.function_name[count.index] +handler = "snapshot/dbsnapshot.handler" tags = merge( local.tags, diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index 3b83fa44fa1..a1ccc0fcdf9 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -61,9 +61,10 @@ resource "aws_iam_role_policy_attachment" "backuppolicyattachment" { } data "archive_file" "lambda_dbsnapshot" { + count = 2 type = "zip" - source_file = var.source_file - output_path = var.output_path + source_file = var.source_file[count.index] + output_path = var.output_path[count.index] } # data "archive_file" "lambda_dbconnect" { @@ -82,9 +83,9 @@ resource "aws_lambda_function" "snapshotDBFunction" { # If the file is not in the current working directory you will need to include a # path.module in the filename. - count = - filename = var.filename - function_name = var.function_name + count = 2 + filename = var.filename[count.index] + function_name = var.function_name[count.index] role = aws_iam_role.backuplambdarole.arn handler = var.handler diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index ce11f22824e..3b60be5b786 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -10,27 +10,29 @@ variable "tags" { } variable "source_file" { - type = string + type = list(string) description = "source file for Function" - default = "" + default = [""] } -variable "output_path" { - type = string - description = "output path to zip file Function" - default = "" +variable "filename" { + type = list(string) + description = "Function filename" + default = [""] } -variable "filename" { - type = string +variable "output_path" { + type = list(string) description = "Function filename" - default = "" + default = [""] } + + variable "function_name" { - type = string - description = "Function function name" - default = "" + type = list(string) + description = "Function name" + default = [""] } variable "handler" { diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 146e983184c..e8937404c1b 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -1,5 +1,22 @@ -variable "sandboxes" { +variable "filename" { type = list(string) - default = ["sandbox_server_one", "sandbox_server_two", "sandbox_server_three"] + default = ["snapshotDBFunction", "deletesnapshotFunction"] } +variable "source_file" { + type = list(string) + description = "source file for Function" + default = ["dbsnapshot.js","deletesnapshots.py"] +} + +variable "output_path" { + type = list(string) + description = "source file for Function" + default = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] +} + +variable "function_name" { + type = list(string) + description = "Function name" + default = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] +} \ No newline at end of file From 8e5c50fae69ddc07585534b8d77020d1524c04a7 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 10:34:45 +0100 Subject: [PATCH 07/92] removed the variable file --- terraform/environments/apex/lambda.tf | 8 +++---- .../apex/module/lambda/variables.tf | 21 ++++++++----------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 5e88b7c33b2..22c21109645 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -2,10 +2,10 @@ module "lambda_backup" { source = "./module/lambda" backup_policy_name = "${local.application_name}-lambda-instance-policy" -source_file = var.source_file[count.index] -output_path = var.output_path[count.index] -filename = var.filename[count.index] -function_name = var.function_name[count.index] +source_file = ["dbsnapshot.js","deletesnapshots.py"] +output_path = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] +filename = ["snapshotDBFunction", "deletesnapshotFunction"] +function_name = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] handler = "snapshot/dbsnapshot.handler" tags = merge( diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index 3b60be5b786..f5eda4b87a2 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -9,30 +9,27 @@ variable "tags" { description = "Tags to apply to resources, where applicable" } -variable "source_file" { - type = list(string) - description = "source file for Function" - default = [""] +variable "filename" { + type = list(string) + default = ["snapshotDBFunction", "deletesnapshotFunction"] } -variable "filename" { +variable "source_file" { type = list(string) - description = "Function filename" - default = [""] + description = "source file for Function" + default = ["dbsnapshot.js","deletesnapshots.py"] } variable "output_path" { type = list(string) - description = "Function filename" - default = [""] + description = "source file for Function" + default = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] } - - variable "function_name" { type = list(string) description = "Function name" - default = [""] + default = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] } variable "handler" { From dd12e1fce1bac22d779cd983e8a892f01765f04f Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 10:36:53 +0100 Subject: [PATCH 08/92] forgot to add the count.index --- terraform/environments/apex/module/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index a1ccc0fcdf9..c53f27efa6f 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -89,7 +89,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { role = aws_iam_role.backuplambdarole.arn handler = var.handler - source_code_hash = data.archive_file.lambda_dbsnapshot.output_base64sha256 + source_code_hash = data.archive_file.lambda_dbsnapshot.output_base64sha256[count.index] runtime = "nodejs18.x" From 505e39ca214a3c3b4fa9836c07dabba28ee164b9 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 10:42:26 +0100 Subject: [PATCH 09/92] typo on count index --- terraform/environments/apex/module/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index c53f27efa6f..6fceebfa4dd 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -89,7 +89,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { role = aws_iam_role.backuplambdarole.arn handler = var.handler - source_code_hash = data.archive_file.lambda_dbsnapshot.output_base64sha256[count.index] + source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 runtime = "nodejs18.x" From 1620799cf567ad90db5e2d5e0d593ae8cc68c14a Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 10:49:55 +0100 Subject: [PATCH 10/92] wrong values --- terraform/environments/apex/module/lambda/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index f5eda4b87a2..d8e7c82dc89 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -11,7 +11,7 @@ variable "tags" { variable "filename" { type = list(string) - default = ["snapshotDBFunction", "deletesnapshotFunction"] + default = ["connectDBFunction.zip", "DeleteEBSPendingSnapshots.zip"] } variable "source_file" { @@ -29,7 +29,7 @@ variable "output_path" { variable "function_name" { type = list(string) description = "Function name" - default = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] + default = ["snapshotDBFunction","deletesnapshotFunction"] } variable "handler" { From 312139dd7ec8c985a7b6beec59550490b7aa79f7 Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Tue, 17 Oct 2023 11:49:59 +0100 Subject: [PATCH 11/92] LAWS-3514: adding 2 lambda funtions using variables --- terraform/environments/apex/dbconnect.js | 173 ++++++++++++++++++ terraform/environments/apex/lambda.tf | 6 +- .../environments/apex/module/lambda/main.tf | 2 +- .../apex/module/lambda/variables.tf | 24 ++- terraform/environments/apex/variables.tf | 22 --- 5 files changed, 194 insertions(+), 33 deletions(-) create mode 100644 terraform/environments/apex/dbconnect.js delete mode 100644 terraform/environments/apex/variables.tf diff --git a/terraform/environments/apex/dbconnect.js b/terraform/environments/apex/dbconnect.js new file mode 100644 index 00000000000..b88e8c5fe9b --- /dev/null +++ b/terraform/environments/apex/dbconnect.js @@ -0,0 +1,173 @@ +// Automated backup script +// - Makes call to lambda which connects to EC2 instance and put +// DB in backup mode +// - Runs Oracle SQL scripts as Oracle user +// +// version: 0.1 +// auth: phil h +///////////////////////////////////////////////////////////////////// + +const SSH = require("simple-ssh"); +const AWS = require("aws-sdk"); + +//SSM object with temp parms +const ssm = new AWS.SSM({ apiVersion: "2014-11-06" }); + +// Environment variables +const pem = "MGMT_EC2_KEY_DEFAULT"; +const username = "ec2-user"; + +//Set date format +var today = new Date(); +var dd = today.getDate(); +var mm = today.getMonth() + 1; +var yyyy = today.getFullYear(); + +if (dd < 10) { + dd = "0" + dd; +} + +if (mm < 10) { + mm = "0" + mm; +} +today = dd + "-" + mm + "-" + yyyy; + +//EC2 object +let ec2 = new AWS.EC2({ apiVersion: "2014-10-31" }); + +//Get private IP address for EC2 instances tagged with Name:{ appname } +// May return more than 1 instance if there are multiple instances with the same name +async function getInstances(appname) { + console.log("Getting all instances tagged with Name:", appname); + return ec2 + .describeInstances({ Filters: [{ Name: "tag:Name", Values: [appname] }] }) + .promise(); +} + +async function getIPaddress(appname) { + var instance_ip_list = []; + var instance_data = await getInstances(appname); + for (const res of instance_data["Reservations"]) { + for (const instance of res["Instances"]) { + instance_ip_list.push(instance["PrivateIpAddress"]); + } + } + console.log("Found ", instance_ip_list.length, " instances"); + return instance_ip_list; +} + + +// Get SSH key from param store + +async function getSSMparam() { + return await ssm.getParameter({ Name: pem, WithDecryption: true }).promise(); +} + +// Trigger SSH connection to the EC2 instance +// Run SSH command + +async function connSSH(action, appname) { + //get ssm key + const key = await getSSMparam(); + + const myKey = key["Parameter"]["Value"]; + + const addresses = await getIPaddress(appname); + // all this config could be passed in via the event + for(var address of addresses){ + const ssh = new SSH({ + host: address, + port: 22, + user: username, + key: myKey, + }); + + let prom = new Promise(function (resolve, reject) { + if (action == "begin") { + console.log("[+] Trying connecting to EC2 ==>> " + address); + console.log(`[+] Running "begin backup commands" as Oracle`); + + ssh + .exec( + 'sudo su - oracle -c "sqlplus / as sysdba <> ` + address); + console.log("[+] Returned response: " + response); + + ssh.end(); + + return response; + } catch (e) { + console.log(e); + context.fail(); + } + } +} + +exports.handler = async (event, context) => { + try { + console.log("[+} Received event:", JSON.stringify(event, null, 2)); + await connSSH(event.action, event.appname); + + context.done(); + } catch (error) { + console.error(error); + context.fail(); + } +}; \ No newline at end of file diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 22c21109645..61cf5684d78 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -3,10 +3,10 @@ module "lambda_backup" { backup_policy_name = "${local.application_name}-lambda-instance-policy" source_file = ["dbsnapshot.js","deletesnapshots.py"] -output_path = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] +output_path = ["snapshotDBFunction.zip","deletesnapshotFunction.zip"] filename = ["snapshotDBFunction", "deletesnapshotFunction"] -function_name = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] -handler = "snapshot/dbsnapshot.handler" +function_name = ["snapshotDBFunction","deletesnapshotFunction"] +handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler"] tags = merge( local.tags, diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index 6fceebfa4dd..90cae244a2e 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -87,7 +87,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { filename = var.filename[count.index] function_name = var.function_name[count.index] role = aws_iam_role.backuplambdarole.arn - handler = var.handler + handler = var.handler[count.index] source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index d8e7c82dc89..bedc0577ec6 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -11,29 +11,39 @@ variable "tags" { variable "filename" { type = list(string) - default = ["connectDBFunction.zip", "DeleteEBSPendingSnapshots.zip"] + default = ["snapshotDBFunction.zip", + "deletesnapshotFunction.zip" + ] } variable "source_file" { type = list(string) description = "source file for Function" - default = ["dbsnapshot.js","deletesnapshots.py"] + default = ["dbsnapshot.js", + "deletesnapshots.py" + ] } variable "output_path" { type = list(string) description = "source file for Function" - default = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] + default = ["snapshotDBFunction.zip", + "deletesnapshotFunction.zip" + ] } variable "function_name" { - type = list(string) + type = list(string) description = "Function name" - default = ["snapshotDBFunction","deletesnapshotFunction"] + default = ["snapshotDBFunction", + "deletesnapshotFunction" + ] } variable "handler" { - type = string + type = list(string) description = "Function handler" - default = "" + default = ["snapshot/dbsnapshot.handler", + "deletesnapshots.lambda_handler" + ] } \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf deleted file mode 100644 index e8937404c1b..00000000000 --- a/terraform/environments/apex/variables.tf +++ /dev/null @@ -1,22 +0,0 @@ -variable "filename" { - type = list(string) - default = ["snapshotDBFunction", "deletesnapshotFunction"] -} - -variable "source_file" { - type = list(string) - description = "source file for Function" - default = ["dbsnapshot.js","deletesnapshots.py"] -} - -variable "output_path" { - type = list(string) - description = "source file for Function" - default = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] -} - -variable "function_name" { - type = list(string) - description = "Function name" - default = ["connectDBFunction.zip","DeleteEBSPendingSnapshots.zip"] -} \ No newline at end of file From fce2b9da58c34eb6a90d5b2cfb8629acbf0570f4 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 12:15:23 +0100 Subject: [PATCH 12/92] added data function for iam roles --- terraform/environments/apex/module/lambda/main.tf | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index 90cae244a2e..0dac1137104 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -16,6 +16,10 @@ resource "aws_iam_role" "backuplambdarole" { assume_role_policy = data.aws_iam_policy_document.assume_role.json } +data "aws_iam_role" "existbackuplambdarole" { + name = aws_iam_role.backuplambdarole.arn +} + resource "aws_iam_policy" "backuplambdapolicy" { #tfsec:ignore:aws-iam-no-policy-wildcards name = var.backup_policy_name tags = var.tags @@ -54,10 +58,13 @@ resource "aws_iam_policy" "backuplambdapolicy" { #tfsec:ignore:aws-iam-no-policy } EOF } +data "aws_iam_policy" "exist-backuplambdapolicy" { + name = aws_iam_policy.backuplambdapolicy.arn +} resource "aws_iam_role_policy_attachment" "backuppolicyattachment" { role = aws_iam_role.backuplambdarole.name - policy_arn = aws_iam_policy.backuplambdapolicy.arn + policy_arn = data.aws_iam_policy.exist-backuplambdapolicy.name } data "archive_file" "lambda_dbsnapshot" { @@ -86,7 +93,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { count = 2 filename = var.filename[count.index] function_name = var.function_name[count.index] - role = aws_iam_role.backuplambdarole.arn + role = data.aws_iam_role.existbackuplambdarole.name handler = var.handler[count.index] source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 From a8bcbc398da1e21f569d1e91f91bd9fde6d0f931 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 13:06:46 +0100 Subject: [PATCH 13/92] create iam module --- terraform/environments/apex/lambda.tf | 11 +++ .../environments/apex/module/lambda/main.tf | 68 +----------------- .../apex/module/lambda_iamrole/main.tf | 69 +++++++++++++++++++ .../apex/module/lambda_iamrole/outputs.tf | 3 + .../apex/module/lambda_iamrole/variables.tf | 0 5 files changed, 86 insertions(+), 65 deletions(-) create mode 100644 terraform/environments/apex/module/lambda_iamrole/main.tf create mode 100644 terraform/environments/apex/module/lambda_iamrole/outputs.tf create mode 100644 terraform/environments/apex/module/lambda_iamrole/variables.tf diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 61cf5684d78..f23191cba57 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -1,3 +1,10 @@ +module "iambackup" { + source = "./lambda_iamrole" + +} + + + module "lambda_backup" { source = "./module/lambda" @@ -7,6 +14,10 @@ output_path = ["snapshotDBFunction.zip","deletesnapshotFunction.zip"] filename = ["snapshotDBFunction", "deletesnapshotFunction"] function_name = ["snapshotDBFunction","deletesnapshotFunction"] handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler"] +role = module.iambackup.backuprole + + + tags = merge( local.tags, diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index 0dac1137104..a1b30e3ba2b 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -1,71 +1,9 @@ -data "aws_iam_policy_document" "assume_role" { - statement { - effect = "Allow" - principals { - type = "Service" - identifiers = ["lambda.amazonaws.com","ssm.amazonaws.com"] - } +module "iambackup" { + source = "./lamdda_iamrole" - actions = ["sts:AssumeRole"] - } } -resource "aws_iam_role" "backuplambdarole" { - name = "backuplambdarole" - assume_role_policy = data.aws_iam_policy_document.assume_role.json -} - -data "aws_iam_role" "existbackuplambdarole" { - name = aws_iam_role.backuplambdarole.arn -} - -resource "aws_iam_policy" "backuplambdapolicy" { #tfsec:ignore:aws-iam-no-policy-wildcards - name = var.backup_policy_name - tags = var.tags - policy = < Date: Tue, 17 Oct 2023 13:15:47 +0100 Subject: [PATCH 14/92] typo on filename --- terraform/environments/apex/lambda.tf | 9 +++++---- .../apex/module/{lambda_iamrole => lambdarole}/main.tf | 0 .../module/{lambda_iamrole => lambdarole}/outputs.tf | 0 .../module/{lambda_iamrole => lambdarole}/variables.tf | 0 4 files changed, 5 insertions(+), 4 deletions(-) rename terraform/environments/apex/module/{lambda_iamrole => lambdarole}/main.tf (100%) rename terraform/environments/apex/module/{lambda_iamrole => lambdarole}/outputs.tf (100%) rename terraform/environments/apex/module/{lambda_iamrole => lambdarole}/variables.tf (100%) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index f23191cba57..13025c8f536 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -1,10 +1,11 @@ module "iambackup" { - source = "./lambda_iamrole" - + source = "./module/lambdarole" + tags = merge( + local.tags, + { Name = "laa-${local.application_name}-${local.environment}-mp" } + ) } - - module "lambda_backup" { source = "./module/lambda" diff --git a/terraform/environments/apex/module/lambda_iamrole/main.tf b/terraform/environments/apex/module/lambdarole/main.tf similarity index 100% rename from terraform/environments/apex/module/lambda_iamrole/main.tf rename to terraform/environments/apex/module/lambdarole/main.tf diff --git a/terraform/environments/apex/module/lambda_iamrole/outputs.tf b/terraform/environments/apex/module/lambdarole/outputs.tf similarity index 100% rename from terraform/environments/apex/module/lambda_iamrole/outputs.tf rename to terraform/environments/apex/module/lambdarole/outputs.tf diff --git a/terraform/environments/apex/module/lambda_iamrole/variables.tf b/terraform/environments/apex/module/lambdarole/variables.tf similarity index 100% rename from terraform/environments/apex/module/lambda_iamrole/variables.tf rename to terraform/environments/apex/module/lambdarole/variables.tf From 070311f9c49bd7394b8373045e28e6ea7735cdae Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 14:26:49 +0100 Subject: [PATCH 15/92] remove duplicate resource --- terraform/environments/apex/module/lambdarole/main.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/terraform/environments/apex/module/lambdarole/main.tf b/terraform/environments/apex/module/lambdarole/main.tf index 6e053f2844c..cb435e00040 100644 --- a/terraform/environments/apex/module/lambdarole/main.tf +++ b/terraform/environments/apex/module/lambdarole/main.tf @@ -63,7 +63,3 @@ resource "aws_iam_role_policy_attachment" "backuppolicyattachment" { policy_arn = aws_iam_policy.backuplambdapolicy.arn } -resource "aws_iam_role_policy_attachment" "backuppolicyattachment" { - role = aws_iam_role.backuplambdarole.name - policy_arn = aws_iam_policy.backuplambdapolicy.arn -} \ No newline at end of file From c0088dfdceedf2a5f2201ae9217802c674c2c390 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 14:32:56 +0100 Subject: [PATCH 16/92] file name error --- terraform/environments/apex/lambda.tf | 3 +-- .../apex/module/{lambdarole => lambdapolicy}/main.tf | 0 .../apex/module/{lambdarole => lambdapolicy}/outputs.tf | 0 .../apex/module/{lambdarole => lambdapolicy}/variables.tf | 0 4 files changed, 1 insertion(+), 2 deletions(-) rename terraform/environments/apex/module/{lambdarole => lambdapolicy}/main.tf (100%) rename terraform/environments/apex/module/{lambdarole => lambdapolicy}/outputs.tf (100%) rename terraform/environments/apex/module/{lambdarole => lambdapolicy}/variables.tf (100%) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 13025c8f536..19324b7922c 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -1,11 +1,10 @@ module "iambackup" { - source = "./module/lambdarole" + source = "./module/lambdapolicy" tags = merge( local.tags, { Name = "laa-${local.application_name}-${local.environment}-mp" } ) } - module "lambda_backup" { source = "./module/lambda" diff --git a/terraform/environments/apex/module/lambdarole/main.tf b/terraform/environments/apex/module/lambdapolicy/main.tf similarity index 100% rename from terraform/environments/apex/module/lambdarole/main.tf rename to terraform/environments/apex/module/lambdapolicy/main.tf diff --git a/terraform/environments/apex/module/lambdarole/outputs.tf b/terraform/environments/apex/module/lambdapolicy/outputs.tf similarity index 100% rename from terraform/environments/apex/module/lambdarole/outputs.tf rename to terraform/environments/apex/module/lambdapolicy/outputs.tf diff --git a/terraform/environments/apex/module/lambdarole/variables.tf b/terraform/environments/apex/module/lambdapolicy/variables.tf similarity index 100% rename from terraform/environments/apex/module/lambdarole/variables.tf rename to terraform/environments/apex/module/lambdapolicy/variables.tf From c6817972adefba09d3f887d28071ce48b8df1ae1 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 14:40:08 +0100 Subject: [PATCH 17/92] rename module --- terraform/environments/apex/module/lambda/main.tf | 5 +---- terraform/environments/apex/module/lambda/variables.tf | 6 ++++++ .../environments/apex/module/lambdapolicy/variables.tf | 10 ++++++++++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index a1b30e3ba2b..8b38c024d1e 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -1,8 +1,5 @@ -module "iambackup" { - source = "./lamdda_iamrole" -} data "archive_file" "lambda_dbsnapshot" { @@ -31,7 +28,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { count = 2 filename = var.filename[count.index] function_name = var.function_name[count.index] - role = m + role = var.role handler = var.handler[count.index] source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index bedc0577ec6..39f0864cda9 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -4,6 +4,12 @@ variable "backup_policy_name" { default = null } +variable "role" { + type = string + description = "role" + default = null +} + variable "tags" { type = map(any) description = "Tags to apply to resources, where applicable" diff --git a/terraform/environments/apex/module/lambdapolicy/variables.tf b/terraform/environments/apex/module/lambdapolicy/variables.tf index e69de29bb2d..10e94516ab2 100644 --- a/terraform/environments/apex/module/lambdapolicy/variables.tf +++ b/terraform/environments/apex/module/lambdapolicy/variables.tf @@ -0,0 +1,10 @@ +variable "backup_policy_name" { + type = string + description = "S3 bucket name" + default = null +} + +variable "tags" { + type = map(any) + description = "Tags to apply to resources, where applicable" +} \ No newline at end of file From d12c2dd2ff408ffa94a34988035aaba735569e3f Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 14:55:59 +0100 Subject: [PATCH 18/92] change backup role name --- terraform/environments/apex/module/lambdapolicy/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/module/lambdapolicy/main.tf b/terraform/environments/apex/module/lambdapolicy/main.tf index cb435e00040..2668042c4fd 100644 --- a/terraform/environments/apex/module/lambdapolicy/main.tf +++ b/terraform/environments/apex/module/lambdapolicy/main.tf @@ -12,7 +12,7 @@ data "aws_iam_policy_document" "assume_role" { } resource "aws_iam_role" "backuplambdarole" { - name = "backuplambdarole" + name = "apex-backuplambdarole" assume_role_policy = data.aws_iam_policy_document.assume_role.json } From 2e1d5778e8ea6e81188f1a484b4500474fc603be Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 15:21:40 +0100 Subject: [PATCH 19/92] rename the lambda functions --- terraform/environments/apex/lambda.tf | 2 +- terraform/environments/apex/module/lambda/variables.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 19324b7922c..9d991a7696b 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -11,7 +11,7 @@ module "lambda_backup" { backup_policy_name = "${local.application_name}-lambda-instance-policy" source_file = ["dbsnapshot.js","deletesnapshots.py"] output_path = ["snapshotDBFunction.zip","deletesnapshotFunction.zip"] -filename = ["snapshotDBFunction", "deletesnapshotFunction"] +filename = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip"] function_name = ["snapshotDBFunction","deletesnapshotFunction"] handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler"] role = module.iambackup.backuprole diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index 39f0864cda9..5a3f0b7c934 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -1,13 +1,13 @@ variable "backup_policy_name" { type = string description = "backup iam policy name" - default = null + default = "" } variable "role" { type = string description = "role" - default = null + default = "" } variable "tags" { From 695449573607e3bcc825780da2265786ee25af64 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 15:34:27 +0100 Subject: [PATCH 20/92] change runtime --- terraform/environments/apex/lambda.tf | 1 + terraform/environments/apex/module/lambda/variables.tf | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 9d991a7696b..27c5dfb93a4 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -15,6 +15,7 @@ filename = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip"] function_name = ["snapshotDBFunction","deletesnapshotFunction"] handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler"] role = module.iambackup.backuprole +runtime = [ "nodejs18.x","Python3.8" ] diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index 5a3f0b7c934..63310564165 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -51,5 +51,13 @@ variable "handler" { description = "Function handler" default = ["snapshot/dbsnapshot.handler", "deletesnapshots.lambda_handler" + ] +} + +variable "runtime" { + type = list(string) + description = "Function handler" + default = ["" + ] } \ No newline at end of file From 7bde4379a264fc0dfc0cdf689bf9c022f0d4ce5e Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 15:39:30 +0100 Subject: [PATCH 21/92] adding extra vars --- terraform/environments/apex/module/lambda/variables.tf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index 63310564165..86b100c139b 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -57,7 +57,8 @@ variable "handler" { variable "runtime" { type = list(string) description = "Function handler" - default = ["" - + default = [ "nodejs18.x", + "Python3.8" ] + } \ No newline at end of file From 8b575cb76b179d274c4d93030391c0fd981086e5 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 15:42:42 +0100 Subject: [PATCH 22/92] adding extra vars v1 --- terraform/environments/apex/module/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index 8b38c024d1e..66616d69647 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -33,7 +33,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 - runtime = "nodejs18.x" + runtime = var.runtime[count.index] # environment { # variables = { From 3e8ca1e7573edd6e07c5d06bd84a09974bca33b5 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 15:45:18 +0100 Subject: [PATCH 23/92] change runtime --- terraform/environments/apex/lambda.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 27c5dfb93a4..4f62154fb71 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -15,7 +15,7 @@ filename = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip"] function_name = ["snapshotDBFunction","deletesnapshotFunction"] handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler"] role = module.iambackup.backuprole -runtime = [ "nodejs18.x","Python3.8" ] +runtime = [ "nodejs18.x","python3.8" ] From 38bc11c0b16c98336306fbb4420f22a2e206d488 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 15:59:46 +0100 Subject: [PATCH 24/92] add 3rd function --- terraform/environments/apex/dbconnect.js | 6 ++-- terraform/environments/apex/lambda.tf | 12 +++---- .../environments/apex/module/lambda/main.tf | 17 ++-------- .../apex/module/lambda/variables.tf | 33 ++++--------------- .../apex/module/lambdapolicy/variables.tf | 2 -- 5 files changed, 17 insertions(+), 53 deletions(-) diff --git a/terraform/environments/apex/dbconnect.js b/terraform/environments/apex/dbconnect.js index b88e8c5fe9b..20c95c528cd 100644 --- a/terraform/environments/apex/dbconnect.js +++ b/terraform/environments/apex/dbconnect.js @@ -1,7 +1,7 @@ -// Automated backup script +// CWA automated backup script // - Makes call to lambda which connects to EC2 instance and put // DB in backup mode -// - Runs Oracle SQL scripts as Oracle user +// - Call Oracle SQL scripts as Oracle user // // version: 0.1 // auth: phil h @@ -170,4 +170,4 @@ exports.handler = async (event, context) => { console.error(error); context.fail(); } -}; \ No newline at end of file +}; diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 4f62154fb71..ae106551e12 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -9,13 +9,13 @@ module "lambda_backup" { source = "./module/lambda" backup_policy_name = "${local.application_name}-lambda-instance-policy" -source_file = ["dbsnapshot.js","deletesnapshots.py"] -output_path = ["snapshotDBFunction.zip","deletesnapshotFunction.zip"] -filename = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip"] -function_name = ["snapshotDBFunction","deletesnapshotFunction"] -handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler"] +source_file = ["dbsnapshot.js","deletesnapshots.py","dbconnect.js"] +output_path = ["snapshotDBFunction.zip","deletesnapshotFunction.zip","connectDBFunction.zip”"] +filename = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip","connectDBFunction.zip"] +function_name = ["snapshotDBFunction","deletesnapshotFunction", "connectDBFunction"] +handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler","ssh/dbconnect.handler"] role = module.iambackup.backuprole -runtime = [ "nodejs18.x","python3.8" ] +runtime = [ "nodejs18.x","python3.8","nodejs18.x"] diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index 66616d69647..d18ec6aabc8 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -1,31 +1,18 @@ - - data "archive_file" "lambda_dbsnapshot" { - count = 2 + count = 3 type = "zip" source_file = var.source_file[count.index] output_path = var.output_path[count.index] } -# data "archive_file" "lambda_dbconnect" { -# type = "zip" -# source_file = "dbconnect.js" -# output_path = "connectDBFunction.zip" -# } - -# data "archive_file" "lambda_delete_deletesnapshots" { -# type = "zip" -# source_file = "deletesnapshots.py" -# output_path = "DeleteEBSPendingSnapshots.zip" -# } resource "aws_lambda_function" "snapshotDBFunction" { # If the file is not in the current working directory you will need to include a # path.module in the filename. - count = 2 + count = 3 filename = var.filename[count.index] function_name = var.function_name[count.index] role = var.role diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf index 86b100c139b..987d7ed5ebe 100644 --- a/terraform/environments/apex/module/lambda/variables.tf +++ b/terraform/environments/apex/module/lambda/variables.tf @@ -1,64 +1,43 @@ variable "backup_policy_name" { type = string - description = "backup iam policy name" default = "" } variable "role" { type = string - description = "role" default = "" } variable "tags" { type = map(any) - description = "Tags to apply to resources, where applicable" } variable "filename" { type = list(string) - default = ["snapshotDBFunction.zip", - "deletesnapshotFunction.zip" - ] + default = [""] } variable "source_file" { type = list(string) - description = "source file for Function" - default = ["dbsnapshot.js", - "deletesnapshots.py" - ] + default = [""] } variable "output_path" { type = list(string) - description = "source file for Function" - default = ["snapshotDBFunction.zip", - "deletesnapshotFunction.zip" - ] + default = [""] } variable "function_name" { type = list(string) - description = "Function name" - default = ["snapshotDBFunction", - "deletesnapshotFunction" - ] + default = [""] } variable "handler" { type = list(string) - description = "Function handler" - default = ["snapshot/dbsnapshot.handler", - "deletesnapshots.lambda_handler" - ] + default = [""] } variable "runtime" { type = list(string) - description = "Function handler" - default = [ "nodejs18.x", - "Python3.8" - ] - + default = [ ""] } \ No newline at end of file diff --git a/terraform/environments/apex/module/lambdapolicy/variables.tf b/terraform/environments/apex/module/lambdapolicy/variables.tf index 10e94516ab2..d9bbb35b279 100644 --- a/terraform/environments/apex/module/lambdapolicy/variables.tf +++ b/terraform/environments/apex/module/lambdapolicy/variables.tf @@ -1,10 +1,8 @@ variable "backup_policy_name" { type = string - description = "S3 bucket name" default = null } variable "tags" { type = map(any) - description = "Tags to apply to resources, where applicable" } \ No newline at end of file From ca5a4c31c4bc5a639c7dab736f810913d6e09177 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 17 Oct 2023 16:19:38 +0100 Subject: [PATCH 25/92] remove double quotes --- terraform/environments/apex/lambda.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index ae106551e12..be43b4c52f8 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -10,9 +10,9 @@ module "lambda_backup" { backup_policy_name = "${local.application_name}-lambda-instance-policy" source_file = ["dbsnapshot.js","deletesnapshots.py","dbconnect.js"] -output_path = ["snapshotDBFunction.zip","deletesnapshotFunction.zip","connectDBFunction.zip”"] +output_path = ["snapshotDBFunction.zip","deletesnapshotFunction.zip","connectDBFunction.zip"] filename = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip","connectDBFunction.zip"] -function_name = ["snapshotDBFunction","deletesnapshotFunction", "connectDBFunction"] +function_name = ["snapshotDBFunction","deletesnapshotFunction","connectDBFunction"] handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler","ssh/dbconnect.handler"] role = module.iambackup.backuprole runtime = [ "nodejs18.x","python3.8","nodejs18.x"] From 73638eff0e54f339f98a7054927b0433c5ce9fa4 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Wed, 18 Oct 2023 12:09:00 +0100 Subject: [PATCH 26/92] tidy up --- terraform/environments/apex/lambda.tf | 12 ++++++------ terraform/environments/apex/locals.tf | 24 ++++++++++++++++++++++++ terraform/environments/apex/variables.tf | 19 +++++++++++++++++++ 3 files changed, 49 insertions(+), 6 deletions(-) create mode 100644 terraform/environments/apex/variables.tf diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index be43b4c52f8..4b43c2a869a 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -9,13 +9,13 @@ module "lambda_backup" { source = "./module/lambda" backup_policy_name = "${local.application_name}-lambda-instance-policy" -source_file = ["dbsnapshot.js","deletesnapshots.py","dbconnect.js"] -output_path = ["snapshotDBFunction.zip","deletesnapshotFunction.zip","connectDBFunction.zip"] -filename = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip","connectDBFunction.zip"] -function_name = ["snapshotDBFunction","deletesnapshotFunction","connectDBFunction"] -handler = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler","ssh/dbconnect.handler"] +source_file = local.dbsourcefiles +output_path = local.zipfiles +filename = local.zipfiles +function_name = local.functions +handler = [local.local.dbsnaphandler, local.local.deletesnaphandler, local.local.connecthandler] role = module.iambackup.backuprole -runtime = [ "nodejs18.x","python3.8","nodejs18.x"] +runtime = [ local.nodejsversion, local.local.pythonversion, local.local.nodejsversion ] diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index a7454414911..2e9ec147427 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -1 +1,25 @@ #### This file can be used to store locals specific to the member account #### +locals { + #js FIles + dbsourcefiles = var.source_file + + + #ZIP FILES Below + zipfiles = var.output_path + + #Functions + functions = var.function_name + + #Handlers + dbsnaphandler= "snapshot/dbsnapshot.handler" + deletesnaphandler= "deletesnapshots.lambda_handler" + connecthandler= "ssh/dbconnect.handler" + + #Runtime + nodejsversion= "nodejs18.x" + pythonversion= "python3.8" + + + + +} \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf new file mode 100644 index 00000000000..e5a9ead4a99 --- /dev/null +++ b/terraform/environments/apex/variables.tf @@ -0,0 +1,19 @@ +variable "source_file" { + type = list(any) + default = ["dbsnapshot.js","deletesnapshots.py","dbconnect.js"] +} + +variable "output_path" { + type = list(any) + default = ["snapshotDBFunction.zip","deletesnapshotFunction.zip","connectDBFunction.zip"] +} + +variable "filename" { + type = list(any) + default = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip","connectDBFunction.zip"] +} + +variable "function_name" { + type = list(string) + default = ["snapshotDBFunction","deletesnapshotFunction","connectDBFunction"] +} \ No newline at end of file From 0ba836f949ed90505a57f797149c1ae8f6d91f80 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Wed, 18 Oct 2023 12:15:08 +0100 Subject: [PATCH 27/92] re-tidy v1 --- terraform/environments/apex/lambda.tf | 4 ++-- terraform/environments/apex/locals.tf | 7 ++----- terraform/environments/apex/variables.tf | 10 ++++++++++ 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 4b43c2a869a..eb28aae25a0 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -13,9 +13,9 @@ source_file = local.dbsourcefiles output_path = local.zipfiles filename = local.zipfiles function_name = local.functions -handler = [local.local.dbsnaphandler, local.local.deletesnaphandler, local.local.connecthandler] +handler = local.handlers role = module.iambackup.backuprole -runtime = [ local.nodejsversion, local.local.pythonversion, local.local.nodejsversion ] +runtime = local.runtime diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index 2e9ec147427..e3e287ff493 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -11,13 +11,10 @@ locals { functions = var.function_name #Handlers - dbsnaphandler= "snapshot/dbsnapshot.handler" - deletesnaphandler= "deletesnapshots.lambda_handler" - connecthandler= "ssh/dbconnect.handler" + handlers = var.handler #Runtime - nodejsversion= "nodejs18.x" - pythonversion= "python3.8" + runtime = var.runtime diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index e5a9ead4a99..1e8c9eab892 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -16,4 +16,14 @@ variable "filename" { variable "function_name" { type = list(string) default = ["snapshotDBFunction","deletesnapshotFunction","connectDBFunction"] +} + +variable "handler" { + type = list(string) + default = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler","ssh/dbconnect.handler"] +} + +variable "runtime" { + type = list(string) + default = [ "nodejs18.x","python3.8","nodejs18.x"] } \ No newline at end of file From 5edd77009f94208fac8534e76a0e475842ed1594 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Wed, 18 Oct 2023 15:02:57 +0100 Subject: [PATCH 28/92] event rules --- terraform/environments/apex/lambda.tf | 21 +++++++++++++++++++ .../apex/module/lambda/outputs.tf | 7 +++++++ terraform/environments/apex/variables.tf | 6 +++--- 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 terraform/environments/apex/module/lambda/outputs.tf diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index eb28aae25a0..50923287bf9 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -1,5 +1,6 @@ module "iambackup" { source = "./module/lambdapolicy" + backup_policy_name = "laa-${local.application_name}-${local.environment}-policy" tags = merge( local.tags, { Name = "laa-${local.application_name}-${local.environment}-mp" } @@ -25,3 +26,23 @@ runtime = local.runtime { Name = "laa-${local.application_name}-${local.environment}-mp" } ) } + + +resource "aws_cloudwatch_event_rule" "mon_sun" { + name = "${local.application_name}-createSnapshotRule-LWN8E1LNHFJR" + description = "Fires every five minutes" + schedule_expression = "0 2 ? * MON-SUN *" +} + +resource "aws_cloudwatch_event_target" "check_mon_sun" { + rule = aws_cloudwatch_event_rule.mon_sun.name + arn = module.lambda_backup.lambda_function +} + +resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { + statement_id = "AllowExecutionFromCloudWatch" + action = "lambda:InvokeFunction" + function_name = module.lambda_backup.lambda_function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.mon_sun.arn +} \ No newline at end of file diff --git a/terraform/environments/apex/module/lambda/outputs.tf b/terraform/environments/apex/module/lambda/outputs.tf new file mode 100644 index 00000000000..aa785489f3c --- /dev/null +++ b/terraform/environments/apex/module/lambda/outputs.tf @@ -0,0 +1,7 @@ +output "lambda_function" { + value = aws_lambda_function.snapshotDBFunction.*.arn +} + +output "lambda_function_name" { + value = aws_lambda_function.snapshotDBFunction.*.function_name +} \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 1e8c9eab892..59385209fc1 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -14,16 +14,16 @@ variable "filename" { } variable "function_name" { - type = list(string) + type = list(any) default = ["snapshotDBFunction","deletesnapshotFunction","connectDBFunction"] } variable "handler" { - type = list(string) + type = list(any) default = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler","ssh/dbconnect.handler"] } variable "runtime" { - type = list(string) + type = list(any) default = [ "nodejs18.x","python3.8","nodejs18.x"] } \ No newline at end of file From a4d956790606e6828906e253c1af5305b260e90f Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Wed, 18 Oct 2023 15:10:58 +0100 Subject: [PATCH 29/92] added count index --- terraform/environments/apex/lambda.tf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 50923287bf9..908e408cbfb 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -35,14 +35,16 @@ resource "aws_cloudwatch_event_rule" "mon_sun" { } resource "aws_cloudwatch_event_target" "check_mon_sun" { + count = 3 rule = aws_cloudwatch_event_rule.mon_sun.name - arn = module.lambda_backup.lambda_function + arn = module.lambda_backup[count.index].lambda_function } resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { + count = 3 statement_id = "AllowExecutionFromCloudWatch" action = "lambda:InvokeFunction" - function_name = module.lambda_backup.lambda_function_name + function_name = module.lambda_backup[count.index].lambda_function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.mon_sun.arn } \ No newline at end of file From b9a86cbf2979f2b1c58aae79768df53b5140b61e Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Wed, 18 Oct 2023 15:38:00 +0100 Subject: [PATCH 30/92] amend the count indexes --- terraform/environments/apex/lambda.tf | 4 ++-- terraform/environments/apex/module/lambda/outputs.tf | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 908e408cbfb..4301de180c9 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -37,14 +37,14 @@ resource "aws_cloudwatch_event_rule" "mon_sun" { resource "aws_cloudwatch_event_target" "check_mon_sun" { count = 3 rule = aws_cloudwatch_event_rule.mon_sun.name - arn = module.lambda_backup[count.index].lambda_function + arn = module.lambda_backup.lambda_function } resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { count = 3 statement_id = "AllowExecutionFromCloudWatch" action = "lambda:InvokeFunction" - function_name = module.lambda_backup[count.index].lambda_function_name + function_name = module.lambda_backup.lambda_function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.mon_sun.arn } \ No newline at end of file diff --git a/terraform/environments/apex/module/lambda/outputs.tf b/terraform/environments/apex/module/lambda/outputs.tf index aa785489f3c..6d6d5277d5b 100644 --- a/terraform/environments/apex/module/lambda/outputs.tf +++ b/terraform/environments/apex/module/lambda/outputs.tf @@ -1,7 +1,7 @@ output "lambda_function" { - value = aws_lambda_function.snapshotDBFunction.*.arn + value = aws_lambda_function.snapshotDBFunction.*.arn[count.index] } output "lambda_function_name" { - value = aws_lambda_function.snapshotDBFunction.*.function_name + value = aws_lambda_function.snapshotDBFunction.*.function_name[count.index] } \ No newline at end of file From 71daa8e05c05c633da12f0ce74c7a7b717f0886c Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Wed, 18 Oct 2023 16:08:46 +0100 Subject: [PATCH 31/92] only attaching the first lambda function to event rules --- terraform/environments/apex/lambda.tf | 20 ------------------ .../environments/apex/module/lambda/main.tf | 21 +++++++++++++++++++ .../apex/module/lambda/outputs.tf | 12 +++++------ 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 4301de180c9..f5eb8b1e514 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -28,23 +28,3 @@ runtime = local.runtime } -resource "aws_cloudwatch_event_rule" "mon_sun" { - name = "${local.application_name}-createSnapshotRule-LWN8E1LNHFJR" - description = "Fires every five minutes" - schedule_expression = "0 2 ? * MON-SUN *" -} - -resource "aws_cloudwatch_event_target" "check_mon_sun" { - count = 3 - rule = aws_cloudwatch_event_rule.mon_sun.name - arn = module.lambda_backup.lambda_function -} - -resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { - count = 3 - statement_id = "AllowExecutionFromCloudWatch" - action = "lambda:InvokeFunction" - function_name = module.lambda_backup.lambda_function_name - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.mon_sun.arn -} \ No newline at end of file diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index d18ec6aabc8..429171ecb57 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -27,4 +27,25 @@ resource "aws_lambda_function" "snapshotDBFunction" { # foo = "bar" # } # } +} + +resource "aws_cloudwatch_event_rule" "mon_sun" { + name = "laa-createSnapshotRule-LWN8E1LNHFJR" + description = "Fires every five minutes" + schedule_expression = "0 2 ? * MON-SUN *" +} + +resource "aws_cloudwatch_event_target" "check_mon_sun" { + count = 3 + rule = aws_cloudwatch_event_rule.mon_sun.name + arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" +} + +resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { + count = 3 + statement_id = "AllowExecutionFromCloudWatch" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.snapshotDBFunction[0].function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.mon_sun.arn } \ No newline at end of file diff --git a/terraform/environments/apex/module/lambda/outputs.tf b/terraform/environments/apex/module/lambda/outputs.tf index 6d6d5277d5b..337ea045884 100644 --- a/terraform/environments/apex/module/lambda/outputs.tf +++ b/terraform/environments/apex/module/lambda/outputs.tf @@ -1,7 +1,7 @@ -output "lambda_function" { - value = aws_lambda_function.snapshotDBFunction.*.arn[count.index] -} +# output "lambda_function" { +# value = aws_lambda_function.snapshotDBFunction.*.arn[count.index] +# } -output "lambda_function_name" { - value = aws_lambda_function.snapshotDBFunction.*.function_name[count.index] -} \ No newline at end of file +# output "lambda_function_name" { +# value = aws_lambda_function.snapshotDBFunction.*.function_name[count.index] +# } \ No newline at end of file From f03e4c1d107daefcaca384c8777103c670050c82 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Wed, 18 Oct 2023 16:14:06 +0100 Subject: [PATCH 32/92] 3 is not require just one rule for now --- terraform/environments/apex/module/lambda/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index 429171ecb57..32bfd7a96c3 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -36,13 +36,13 @@ resource "aws_cloudwatch_event_rule" "mon_sun" { } resource "aws_cloudwatch_event_target" "check_mon_sun" { - count = 3 + count = 1 rule = aws_cloudwatch_event_rule.mon_sun.name arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" } resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { - count = 3 + count = 1 statement_id = "AllowExecutionFromCloudWatch" action = "lambda:InvokeFunction" function_name = aws_lambda_function.snapshotDBFunction[0].function_name From cc929ffb4750d6adf92201aa0eada24eafa5ea4d Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Wed, 18 Oct 2023 16:24:10 +0100 Subject: [PATCH 33/92] changed scheduled expressions --- terraform/environments/apex/module/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf index 32bfd7a96c3..c36b463f9f5 100644 --- a/terraform/environments/apex/module/lambda/main.tf +++ b/terraform/environments/apex/module/lambda/main.tf @@ -32,7 +32,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "0 2 ? * MON-SUN *" + schedule_expression = "cron(00 4 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "check_mon_sun" { From 7a472a338bbe232e3a51c0d27feba9689785be6c Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Thu, 19 Oct 2023 16:49:37 +0100 Subject: [PATCH 34/92] rebuild ec2 with new ami and merge ecs code --- .../apex/application_variables.json | 10 +- .../apex/cloudwatch_agent_config.json | 32 +- terraform/environments/apex/codebuild.tf | 13 + terraform/environments/apex/locals.tf | 9 +- .../apex/modules/codebuild/main.tf | 280 ++++++++++++++++++ .../codebuild/s3_bucket_policy.json.tpl | 20 ++ .../apex/modules/codebuild/variables.tf | 39 +++ .../environments/apex/modules/lambda/main.tf | 51 ++++ .../apex/modules/lambda/outputs.tf | 7 + .../apex/modules/lambda/variables.tf | 43 +++ .../apex/modules/lambdapolicy/main.tf | 65 ++++ .../apex/modules/lambdapolicy/outputs.tf | 3 + .../apex/modules/lambdapolicy/variables.tf | 8 + .../environments/apex/modules/s3/main.tf | 28 ++ .../environments/apex/modules/s3/variables.tf | 23 ++ 15 files changed, 604 insertions(+), 27 deletions(-) create mode 100644 terraform/environments/apex/codebuild.tf create mode 100644 terraform/environments/apex/modules/codebuild/main.tf create mode 100644 terraform/environments/apex/modules/codebuild/s3_bucket_policy.json.tpl create mode 100644 terraform/environments/apex/modules/codebuild/variables.tf create mode 100644 terraform/environments/apex/modules/lambda/main.tf create mode 100644 terraform/environments/apex/modules/lambda/outputs.tf create mode 100644 terraform/environments/apex/modules/lambda/variables.tf create mode 100644 terraform/environments/apex/modules/lambdapolicy/main.tf create mode 100644 terraform/environments/apex/modules/lambdapolicy/outputs.tf create mode 100644 terraform/environments/apex/modules/lambdapolicy/variables.tf create mode 100644 terraform/environments/apex/modules/s3/main.tf create mode 100644 terraform/environments/apex/modules/s3/variables.tf diff --git a/terraform/environments/apex/application_variables.json b/terraform/environments/apex/application_variables.json index 5012ab1007c..64e7843d889 100644 --- a/terraform/environments/apex/application_variables.json +++ b/terraform/environments/apex/application_variables.json @@ -2,19 +2,19 @@ "accounts": { "development": { "example_var": "dev-data", - "ec2amiid": "ami-057de645e240e87c1", + "ec2amiid": "ami-0a5b0804d9efdeed0", "ec2instancetype": "t3.medium", "mp_vpc_cidr": "10.26.56.0/21", "lz_shared_nonprod_mgmt_vpc_cidr": "10.200.0.0/20", "lz_shared_prod_mgmt_vpc_cidr": "10.200.16.0/20", "u01_orahome_size": "40", - "u01_orahome_snapshot": "snap-0fb84db7af842db4b", + "u01_orahome_snapshot": "snap-0dbe4e9eb3ae8c8e2", "u02_oradata_size": "100", - "u02_oradata_snapshot": "snap-002a82aef2628b621", + "u02_oradata_snapshot": "snap-08eb47b98646c0002", "u03_redo_size": "50", - "u03_redo_snapshot": "snap-08499cdd392b9b7dc", + "u03_redo_snapshot": "snap-02864a98e6392f7ba", "u04_arch_size": "50", - "u04_arch_snapshot": "snap-03b6eb947cfe779d8" + "u04_arch_snapshot": "snap-0bc63d7b569e9eb3b" }, "test": { "example_var": "test-data" diff --git a/terraform/environments/apex/cloudwatch_agent_config.json b/terraform/environments/apex/cloudwatch_agent_config.json index 5528ec4e8aa..f32312b3567 100644 --- a/terraform/environments/apex/cloudwatch_agent_config.json +++ b/terraform/environments/apex/cloudwatch_agent_config.json @@ -25,7 +25,13 @@ "metrics_collection_interval": 60, "drop_device": true, "resources": ["*"], - "ignore_file_system_types": ["tmpfs", "devtmpfs", "sysfs", "fuse.s3fs", "nfs4"] + "ignore_file_system_types": [ + "tmpfs", + "devtmpfs", + "sysfs", + "fuse.s3fs", + "nfs4" + ] }, "diskio": { "measurement": [ @@ -67,19 +73,17 @@ } }, "logs": { - "logs_collected": { - "files": { - "collect_list": [ - { - "file_path": "/var/log/messages", - "log_group_name": "APEX-EC2", - "log_stream_name": "{instance_id}", - "retention_in_days": 90 - - - } - ] - } + "logs_collected": { + "files": { + "collect_list": [ + { + "file_path": "/var/log/messages", + "log_group_name": "APEX-EC2", + "log_stream_name": "{instance_id}", + "retention_in_days": 90 + } + ] } } + } } diff --git a/terraform/environments/apex/codebuild.tf b/terraform/environments/apex/codebuild.tf new file mode 100644 index 00000000000..3285e52bc13 --- /dev/null +++ b/terraform/environments/apex/codebuild.tf @@ -0,0 +1,13 @@ +module "apex-ecr-codebuild" { + count = local.environment == "development" ? 1 : 0 + source = "./modules/codebuild" + + app_name = local.application_name + account_id = local.environment_management.account_ids[terraform.workspace] + tags = local.tags + s3_lifecycle_expiration_days = 31 + s3_lifecycle_noncurr_version_expiration_days = 31 + core_shared_services_production_account_id = local.environment_management.account_ids["core-shared-services-production"] + local_ecr_url = "${local.environment_management.account_ids[terraform.workspace]}.dkr.ecr.eu-west-2.amazonaws.com/apex-local-ecr" + application_test_url = local.application_test_url +} \ No newline at end of file diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index e3e287ff493..0c023887083 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -2,21 +2,14 @@ locals { #js FIles dbsourcefiles = var.source_file - - #ZIP FILES Below zipfiles = var.output_path - #Functions functions = var.function_name - #Handlers handlers = var.handler - #Runtime runtime = var.runtime - - - + application_test_url = "https://apex.laa-development.modernisation-platform.service.justice.gov.uk/apex/" } \ No newline at end of file diff --git a/terraform/environments/apex/modules/codebuild/main.tf b/terraform/environments/apex/modules/codebuild/main.tf new file mode 100644 index 00000000000..8339a67a2a0 --- /dev/null +++ b/terraform/environments/apex/modules/codebuild/main.tf @@ -0,0 +1,280 @@ +############################################# +# S3 Bucket for storing deployment, test reports and other outputs +############################################# + +resource "aws_s3_bucket" "deployment_report" { + bucket = "laa-${var.app_name}-deployment-pipeline-reportbucket" + # force_destroy = true # Enable to recreate bucket deleting everything inside + tags = merge( + var.tags, + { + Name = "laa-${var.app_name}-deployment-pipeline-reportbucket" + }, + ) +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "report_sse" { + bucket = aws_s3_bucket.deployment_report.id + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_lifecycle_configuration" "report_lifecycle" { + bucket = aws_s3_bucket.deployment_report.id + + rule { + id = "monthly-expiration" + expiration { + days = var.s3_lifecycle_expiration_days + } + noncurrent_version_expiration { + noncurrent_days = var.s3_lifecycle_noncurr_version_expiration_days + } + + status = "Enabled" + } +} + +resource "aws_s3_bucket_versioning" "report_versioning" { + bucket = aws_s3_bucket.deployment_report.id + versioning_configuration { + status = "Enabled" + } +} + +###################################################### +# ECR Resources +###################################################### + +resource "aws_ecr_repository" "local-ecr" { + name = "${var.app_name}-local-ecr" + image_tag_mutability = "MUTABLE" + + image_scanning_configuration { + scan_on_push = false + } + + tags = merge( + var.tags, + { + Name = "${var.app_name}-local-ecr" + }, + ) +} + +resource "aws_ecr_repository_policy" "local-ecr-policy" { + repository = aws_ecr_repository.local-ecr.name + policy = data.aws_iam_policy_document.local-ecr-policy-data.json +} + +data "aws_iam_policy_document" "local-ecr-policy-data" { + statement { + sid = "AccessECR" + effect = "Allow" + + principals { + type = "AWS" + identifiers = ["arn:aws:iam::${var.account_id}:role/${var.app_name}-CodeBuildRole", "arn:aws:iam::${var.account_id}:user/cicd-member-user"] + } + + actions = [ + "ecr:GetDownloadUrlForLayer", + "ecr:BatchGetImage", + "ecr:BatchCheckLayerAvailability", + "ecr:PutImage", + "ecr:InitiateLayerUpload", + "ecr:UploadLayerPart", + "ecr:CompleteLayerUpload", + "ecr:DescribeRepositories", + "ecr:GetRepositoryPolicy", + "ecr:ListImages" + ] + } +} + +###################################################### +# S3 Resource Bucket for Codebuild +###################################################### + +resource "aws_s3_bucket" "codebuild_resources" { + bucket = "laa-${var.app_name}-management-resourcebucket" + # force_destroy = true +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "resources_sse" { + bucket = aws_s3_bucket.codebuild_resources.id + rule { + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +data "template_file" "s3_resource_bucket_policy" { + template = file("${path.module}/s3_bucket_policy.json.tpl") + + vars = { + account_id = var.account_id, + s3_resource_name = aws_s3_bucket.codebuild_resources.id, + codebuild_role_name = aws_iam_role.codebuild_s3.id + } +} + +resource "aws_s3_bucket_policy" "allow_access_from_codebuild" { + bucket = aws_s3_bucket.codebuild_resources.id + policy = data.template_file.s3_resource_bucket_policy.rendered +} + +###################################################### +# CodeBuild projects +###################################################### + +resource "aws_iam_role" "codebuild_s3" { + name = "${var.app_name}-CodeBuildRole" + assume_role_policy = file("${path.module}/codebuild_iam_role.json") + tags = merge( + var.tags, + { + Name = "${var.app_name}-CodeBuildRole" + } + ) +} + +data "template_file" "codebuild_policy" { + template = file("${path.module}/codebuild_iam_policy.json.tpl") + + vars = { + s3_report_bucket_name = aws_s3_bucket.deployment_report.id + core_shared_services_production_account_id = var.core_shared_services_production_account_id + account_id = var.account_id + app_name = var.app_name + } +} + +resource "aws_iam_role_policy" "codebuild_s3" { + name = "${var.app_name}-CodeBuildPolicy" + role = aws_iam_role.codebuild_s3.name + policy = data.template_file.codebuild_policy.rendered +} + +resource "aws_codebuild_project" "app-build" { + name = "${var.app_name}-app-build" + description = "Project to build the ${var.app_name} Java application" + build_timeout = 20 + # encryption_key = aws_kms_key.codebuild.arn + service_role = aws_iam_role.codebuild_s3.arn + + artifacts { + type = "NO_ARTIFACTS" + } + # Comment above and uncomment below to use artifact + # artifacts { + # type = "S3" + # location = aws_s3_bucket.codebuild_artifact.id + # } + + environment { + compute_type = "BUILD_GENERAL1_MEDIUM" + image = "aws/codebuild/docker:17.09.0" + type = "LINUX_CONTAINER" + privileged_mode = true + + environment_variable { + name = "AWS_DEFAULT_REGION" + value = "eu-west-2" + } + + environment_variable { + name = "AWS_ACCOUNT_ID" + value = var.account_id + } + + environment_variable { + name = "REPOSITORY_URI" + value = var.local_ecr_url + } + + environment_variable { + name = "ARTIFACT_BUCKET" + value = "deployment_report" + } + + environment_variable { + name = "APPLICATION_NAME" + value = var.app_name + } + + environment_variable { + name = "REPORT_S3_BUCKET" + value = "deployment_report" + } + + } + + source { + type = "GITHUB" + location = "https://github.com/ministryofjustice/laa-${var.app_name}.git" + buildspec = "buildspec-mp.yml" + } + + tags = merge( + var.tags, + { + Name = "${var.app_name}-app-build" + }, + ) +} + +resource "aws_codebuild_project" "test-build" { + name = "${var.app_name}-test-build" + description = "Project to test the Java application ${var.app_name}" + build_timeout = 20 + # encryption_key = aws_kms_key.codebuild.arn + service_role = aws_iam_role.codebuild_s3.arn + + artifacts { + type = "NO_ARTIFACTS" + } + # Comment above and uncomment below to use artifact + # artifacts { + # type = "S3" + # location = aws_s3_bucket.codebuild_artifact.id + # } + + environment { + compute_type = "BUILD_GENERAL1_MEDIUM" + image = "aws/codebuild/python:2.7.12" + type = "LINUX_CONTAINER" + + environment_variable { + name = "APP_URL" + value = var.application_test_url + } + + environment_variable { + name = "APPLICATION_NAME" + value = var.app_name + } + + environment_variable { + name = "REPORT_S3_BUCKET" + value = aws_s3_bucket.deployment_report.id + } + } + + source { + type = "GITHUB" + location = "https://github.com/ministryofjustice/laa-${var.app_name}.git" + buildspec = "testspec-lz.yml" + } + + tags = merge( + var.tags, + { + Name = "${var.app_name}-test" + }, + ) +} \ No newline at end of file diff --git a/terraform/environments/apex/modules/codebuild/s3_bucket_policy.json.tpl b/terraform/environments/apex/modules/codebuild/s3_bucket_policy.json.tpl new file mode 100644 index 00000000000..5adbbce3cfd --- /dev/null +++ b/terraform/environments/apex/modules/codebuild/s3_bucket_policy.json.tpl @@ -0,0 +1,20 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Principal": { + "AWS": [ + "arn:aws:iam::${account_id}:role/${codebuild_role_name}" + ] + }, + "Effect": "Allow", + "Action": [ + "s3:*" + ], + "Resource": [ + "arn:aws:s3:::${s3_resource_name}", + "arn:aws:s3:::${s3_resource_name}/*" + ] + } + ] +} diff --git a/terraform/environments/apex/modules/codebuild/variables.tf b/terraform/environments/apex/modules/codebuild/variables.tf new file mode 100644 index 00000000000..6b28921000a --- /dev/null +++ b/terraform/environments/apex/modules/codebuild/variables.tf @@ -0,0 +1,39 @@ +variable "app_name" { + type = string + description = "Name of the application" +} + +variable "tags" { + type = map(string) + description = "Common tags to be used by all resources" +} + +variable "account_id" { + type = string + description = "AWS Account ID" +} + +variable "s3_lifecycle_expiration_days" { + type = string + description = "S3 Bucket lifecycle configuration expiration days" +} + +variable "s3_lifecycle_noncurr_version_expiration_days" { + type = string + description = "S3 Bucket lifecycle configuration noncurrent version expiration days" +} + +variable "core_shared_services_production_account_id" { + type = string + description = "AWS Account ID of Core Shared Services Production where the shared ECR resides" +} + +variable "local_ecr_url" { + type = string + description = "URL for the local ECR repo" +} + +variable "application_test_url" { + type = string + description = "Endpoint to test the application with Selenium upon" +} \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf new file mode 100644 index 00000000000..c36b463f9f5 --- /dev/null +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -0,0 +1,51 @@ + + +data "archive_file" "lambda_dbsnapshot" { + count = 3 + type = "zip" + source_file = var.source_file[count.index] + output_path = var.output_path[count.index] +} + + +resource "aws_lambda_function" "snapshotDBFunction" { + # If the file is not in the current working directory you will need to include a + # path.module in the filename. + + count = 3 + filename = var.filename[count.index] + function_name = var.function_name[count.index] + role = var.role + handler = var.handler[count.index] + + source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 + + runtime = var.runtime[count.index] + +# environment { +# variables = { +# foo = "bar" +# } +# } +} + +resource "aws_cloudwatch_event_rule" "mon_sun" { + name = "laa-createSnapshotRule-LWN8E1LNHFJR" + description = "Fires every five minutes" + schedule_expression = "cron(00 4 ? * MON-SUN *)" +} + +resource "aws_cloudwatch_event_target" "check_mon_sun" { + count = 1 + rule = aws_cloudwatch_event_rule.mon_sun.name + arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" +} + +resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { + count = 1 + statement_id = "AllowExecutionFromCloudWatch" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.snapshotDBFunction[0].function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.mon_sun.arn +} \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/outputs.tf b/terraform/environments/apex/modules/lambda/outputs.tf new file mode 100644 index 00000000000..337ea045884 --- /dev/null +++ b/terraform/environments/apex/modules/lambda/outputs.tf @@ -0,0 +1,7 @@ +# output "lambda_function" { +# value = aws_lambda_function.snapshotDBFunction.*.arn[count.index] +# } + +# output "lambda_function_name" { +# value = aws_lambda_function.snapshotDBFunction.*.function_name[count.index] +# } \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf new file mode 100644 index 00000000000..987d7ed5ebe --- /dev/null +++ b/terraform/environments/apex/modules/lambda/variables.tf @@ -0,0 +1,43 @@ +variable "backup_policy_name" { + type = string + default = "" +} + +variable "role" { + type = string + default = "" +} + +variable "tags" { + type = map(any) +} + +variable "filename" { + type = list(string) + default = [""] +} + +variable "source_file" { + type = list(string) + default = [""] +} + +variable "output_path" { + type = list(string) + default = [""] +} + +variable "function_name" { + type = list(string) + default = [""] +} + +variable "handler" { + type = list(string) + default = [""] +} + +variable "runtime" { + type = list(string) + default = [ ""] +} \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambdapolicy/main.tf b/terraform/environments/apex/modules/lambdapolicy/main.tf new file mode 100644 index 00000000000..2668042c4fd --- /dev/null +++ b/terraform/environments/apex/modules/lambdapolicy/main.tf @@ -0,0 +1,65 @@ +data "aws_iam_policy_document" "assume_role" { + statement { + effect = "Allow" + + principals { + type = "Service" + identifiers = ["lambda.amazonaws.com","ssm.amazonaws.com"] + } + + actions = ["sts:AssumeRole"] + } +} + +resource "aws_iam_role" "backuplambdarole" { + name = "apex-backuplambdarole" + assume_role_policy = data.aws_iam_policy_document.assume_role.json +} + + + +resource "aws_iam_policy" "backuplambdapolicy" { #tfsec:ignore:aws-iam-no-policy-wildcards + name = var.backup_policy_name + tags = var.tags + policy = < Date: Thu, 19 Oct 2023 17:05:20 +0100 Subject: [PATCH 35/92] change cron time for event bridge --- terraform/environments/apex/modules/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index c36b463f9f5..aa3d286c855 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -32,7 +32,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(00 4 ? * MON-SUN *)" + schedule_expression = "cron(30 10 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "check_mon_sun" { From 3dbfb3de579af663841f38fbdd69464075364159 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Thu, 19 Oct 2023 17:19:12 +0100 Subject: [PATCH 36/92] change event bridge cron time --- terraform/environments/apex/modules/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index aa3d286c855..729d4add4b0 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -32,7 +32,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(30 10 ? * MON-SUN *)" + schedule_expression = "cron(30 09 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "check_mon_sun" { From 1b7b1e5a993c3affa4a9714ad008cfd5efa55873 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Fri, 20 Oct 2023 11:03:45 +0100 Subject: [PATCH 37/92] added input paramater and change cron time --- terraform/environments/apex/modules/lambda/main.tf | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 729d4add4b0..3414d9980b0 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -32,13 +32,17 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(30 09 ? * MON-SUN *)" + schedule_expression = "cron(15 11 ? * MON-SUN *)" + + } resource "aws_cloudwatch_event_target" "check_mon_sun" { count = 1 rule = aws_cloudwatch_event_rule.mon_sun.name arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" + input = {"appname": "apex Database Server"} + } resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { From aa566969485ce6d6af6e674923e6d7a4e40e1999 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Fri, 20 Oct 2023 11:11:06 +0100 Subject: [PATCH 38/92] uncomment event rules --- .../environments/apex/modules/lambda/main.tf | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 3414d9980b0..4d40474f236 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -29,27 +29,27 @@ resource "aws_lambda_function" "snapshotDBFunction" { # } } -resource "aws_cloudwatch_event_rule" "mon_sun" { - name = "laa-createSnapshotRule-LWN8E1LNHFJR" - description = "Fires every five minutes" - schedule_expression = "cron(15 11 ? * MON-SUN *)" +# resource "aws_cloudwatch_event_rule" "mon_sun" { +# name = "laa-createSnapshotRule-LWN8E1LNHFJR" +# description = "Fires every five minutes" +# schedule_expression = "cron(15 11 ? * MON-SUN *)" -} +# } -resource "aws_cloudwatch_event_target" "check_mon_sun" { - count = 1 - rule = aws_cloudwatch_event_rule.mon_sun.name - arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" - input = {"appname": "apex Database Server"} +# resource "aws_cloudwatch_event_target" "check_mon_sun" { +# count = 1 +# rule = aws_cloudwatch_event_rule.mon_sun.name +# arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" +# input = {"appname": "apex Database Server"} -} - -resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { - count = 1 - statement_id = "AllowExecutionFromCloudWatch" - action = "lambda:InvokeFunction" - function_name = aws_lambda_function.snapshotDBFunction[0].function_name - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.mon_sun.arn -} \ No newline at end of file +# } + +# resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { +# count = 1 +# statement_id = "AllowExecutionFromCloudWatch" +# action = "lambda:InvokeFunction" +# function_name = aws_lambda_function.snapshotDBFunction[0].function_name +# principal = "events.amazonaws.com" +# source_arn = aws_cloudwatch_event_rule.mon_sun.arn +# } \ No newline at end of file From 6f8efb571bd0a403799cc4089b15138dd004dcb9 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Fri, 20 Oct 2023 11:26:21 +0100 Subject: [PATCH 39/92] deploying everything again --- .../environments/apex/modules/lambda/main.tf | 40 +++++++++---------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 4d40474f236..2b29466df9d 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -29,27 +29,27 @@ resource "aws_lambda_function" "snapshotDBFunction" { # } } -# resource "aws_cloudwatch_event_rule" "mon_sun" { -# name = "laa-createSnapshotRule-LWN8E1LNHFJR" -# description = "Fires every five minutes" -# schedule_expression = "cron(15 11 ? * MON-SUN *)" +resource "aws_cloudwatch_event_rule" "mon_sun" { + name = "laa-createSnapshotRule-LWN8E1LNHFJR" + description = "Fires every five minutes" + schedule_expression = "cron(45 11 ? * MON-SUN *)" -# } +} -# resource "aws_cloudwatch_event_target" "check_mon_sun" { -# count = 1 -# rule = aws_cloudwatch_event_rule.mon_sun.name -# arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" -# input = {"appname": "apex Database Server"} +resource "aws_cloudwatch_event_target" "check_mon_sun" { + count = 1 + rule = aws_cloudwatch_event_rule.mon_sun.name + arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" + input = {"appname": "apex Database Server"} -# } - -# resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { -# count = 1 -# statement_id = "AllowExecutionFromCloudWatch" -# action = "lambda:InvokeFunction" -# function_name = aws_lambda_function.snapshotDBFunction[0].function_name -# principal = "events.amazonaws.com" -# source_arn = aws_cloudwatch_event_rule.mon_sun.arn -# } \ No newline at end of file +} + +resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { + count = 1 + statement_id = "AllowExecutionFromCloudWatch" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.snapshotDBFunction[0].function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.mon_sun.arn +} \ No newline at end of file From 43946764464b2ec4057f60f105ce3bb1696fbbc5 Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Fri, 20 Oct 2023 11:38:37 +0100 Subject: [PATCH 40/92] LAWS-3514: changed cron entry time for Lambda backup --- terraform/environments/apex/modules/lambda/main.tf | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 2b29466df9d..3766346d7d4 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -32,9 +32,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(45 11 ? * MON-SUN *)" - - + schedule_expression = "cron(55 11 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "check_mon_sun" { @@ -42,7 +40,6 @@ resource "aws_cloudwatch_event_target" "check_mon_sun" { rule = aws_cloudwatch_event_rule.mon_sun.name arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" input = {"appname": "apex Database Server"} - } resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { From 3ebcba47eb61435b29c0f49526676f8418c8c92e Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Fri, 20 Oct 2023 11:44:37 +0100 Subject: [PATCH 41/92] LAWS-3514: removed cron Lambda backup entry --- .../environments/apex/modules/lambda/main.tf | 42 +++++++++---------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 3766346d7d4..9e5d1662ae3 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -29,24 +29,24 @@ resource "aws_lambda_function" "snapshotDBFunction" { # } } -resource "aws_cloudwatch_event_rule" "mon_sun" { - name = "laa-createSnapshotRule-LWN8E1LNHFJR" - description = "Fires every five minutes" - schedule_expression = "cron(55 11 ? * MON-SUN *)" -} - -resource "aws_cloudwatch_event_target" "check_mon_sun" { - count = 1 - rule = aws_cloudwatch_event_rule.mon_sun.name - arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" - input = {"appname": "apex Database Server"} -} - -resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { - count = 1 - statement_id = "AllowExecutionFromCloudWatch" - action = "lambda:InvokeFunction" - function_name = aws_lambda_function.snapshotDBFunction[0].function_name - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.mon_sun.arn -} \ No newline at end of file +# resource "aws_cloudwatch_event_rule" "mon_sun" { +# name = "laa-createSnapshotRule-LWN8E1LNHFJR" +# description = "Fires every five minutes" +# schedule_expression = "cron(55 11 ? * MON-SUN *)" +# } + +# resource "aws_cloudwatch_event_target" "check_mon_sun" { +# count = 1 +# rule = aws_cloudwatch_event_rule.mon_sun.name +# arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" +# input = {"appname": "apex Database Server"} +# } + +# resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { +# count = 1 +# statement_id = "AllowExecutionFromCloudWatch" +# action = "lambda:InvokeFunction" +# function_name = aws_lambda_function.snapshotDBFunction[0].function_name +# principal = "events.amazonaws.com" +# source_arn = aws_cloudwatch_event_rule.mon_sun.arn +# } \ No newline at end of file From 5aef983855898a0407ba9ce08d0cf0a50c5c2b0c Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 10:05:56 +0100 Subject: [PATCH 42/92] remove event rule and module folder --- .../environments/apex/modules/lambda/main.tf | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 9e5d1662ae3..15a1654f3a0 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -29,24 +29,3 @@ resource "aws_lambda_function" "snapshotDBFunction" { # } } -# resource "aws_cloudwatch_event_rule" "mon_sun" { -# name = "laa-createSnapshotRule-LWN8E1LNHFJR" -# description = "Fires every five minutes" -# schedule_expression = "cron(55 11 ? * MON-SUN *)" -# } - -# resource "aws_cloudwatch_event_target" "check_mon_sun" { -# count = 1 -# rule = aws_cloudwatch_event_rule.mon_sun.name -# arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" -# input = {"appname": "apex Database Server"} -# } - -# resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { -# count = 1 -# statement_id = "AllowExecutionFromCloudWatch" -# action = "lambda:InvokeFunction" -# function_name = aws_lambda_function.snapshotDBFunction[0].function_name -# principal = "events.amazonaws.com" -# source_arn = aws_cloudwatch_event_rule.mon_sun.arn -# } \ No newline at end of file From b905f5f362675010a66db2017f180bd3a135e03b Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 10:45:27 +0100 Subject: [PATCH 43/92] deleted module folder --- .../environments/apex/module/lambda/main.tf | 51 ----------- .../apex/module/lambda/outputs.tf | 7 -- .../apex/module/lambda/variables.tf | 43 --------- .../apex/module/lambdapolicy/main.tf | 65 -------------- .../apex/module/lambdapolicy/outputs.tf | 3 - .../apex/module/lambdapolicy/variables.tf | 8 -- terraform/environments/apex/module/s3/main.tf | 28 ------ .../environments/apex/module/s3/variables.tf | 23 ----- terraform/environments/apex/run.sh | 89 ------------------- 9 files changed, 317 deletions(-) delete mode 100644 terraform/environments/apex/module/lambda/main.tf delete mode 100644 terraform/environments/apex/module/lambda/outputs.tf delete mode 100644 terraform/environments/apex/module/lambda/variables.tf delete mode 100644 terraform/environments/apex/module/lambdapolicy/main.tf delete mode 100644 terraform/environments/apex/module/lambdapolicy/outputs.tf delete mode 100644 terraform/environments/apex/module/lambdapolicy/variables.tf delete mode 100644 terraform/environments/apex/module/s3/main.tf delete mode 100644 terraform/environments/apex/module/s3/variables.tf delete mode 100644 terraform/environments/apex/run.sh diff --git a/terraform/environments/apex/module/lambda/main.tf b/terraform/environments/apex/module/lambda/main.tf deleted file mode 100644 index c36b463f9f5..00000000000 --- a/terraform/environments/apex/module/lambda/main.tf +++ /dev/null @@ -1,51 +0,0 @@ - - -data "archive_file" "lambda_dbsnapshot" { - count = 3 - type = "zip" - source_file = var.source_file[count.index] - output_path = var.output_path[count.index] -} - - -resource "aws_lambda_function" "snapshotDBFunction" { - # If the file is not in the current working directory you will need to include a - # path.module in the filename. - - count = 3 - filename = var.filename[count.index] - function_name = var.function_name[count.index] - role = var.role - handler = var.handler[count.index] - - source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 - - runtime = var.runtime[count.index] - -# environment { -# variables = { -# foo = "bar" -# } -# } -} - -resource "aws_cloudwatch_event_rule" "mon_sun" { - name = "laa-createSnapshotRule-LWN8E1LNHFJR" - description = "Fires every five minutes" - schedule_expression = "cron(00 4 ? * MON-SUN *)" -} - -resource "aws_cloudwatch_event_target" "check_mon_sun" { - count = 1 - rule = aws_cloudwatch_event_rule.mon_sun.name - arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" -} - -resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { - count = 1 - statement_id = "AllowExecutionFromCloudWatch" - action = "lambda:InvokeFunction" - function_name = aws_lambda_function.snapshotDBFunction[0].function_name - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.mon_sun.arn -} \ No newline at end of file diff --git a/terraform/environments/apex/module/lambda/outputs.tf b/terraform/environments/apex/module/lambda/outputs.tf deleted file mode 100644 index 337ea045884..00000000000 --- a/terraform/environments/apex/module/lambda/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -# output "lambda_function" { -# value = aws_lambda_function.snapshotDBFunction.*.arn[count.index] -# } - -# output "lambda_function_name" { -# value = aws_lambda_function.snapshotDBFunction.*.function_name[count.index] -# } \ No newline at end of file diff --git a/terraform/environments/apex/module/lambda/variables.tf b/terraform/environments/apex/module/lambda/variables.tf deleted file mode 100644 index 987d7ed5ebe..00000000000 --- a/terraform/environments/apex/module/lambda/variables.tf +++ /dev/null @@ -1,43 +0,0 @@ -variable "backup_policy_name" { - type = string - default = "" -} - -variable "role" { - type = string - default = "" -} - -variable "tags" { - type = map(any) -} - -variable "filename" { - type = list(string) - default = [""] -} - -variable "source_file" { - type = list(string) - default = [""] -} - -variable "output_path" { - type = list(string) - default = [""] -} - -variable "function_name" { - type = list(string) - default = [""] -} - -variable "handler" { - type = list(string) - default = [""] -} - -variable "runtime" { - type = list(string) - default = [ ""] -} \ No newline at end of file diff --git a/terraform/environments/apex/module/lambdapolicy/main.tf b/terraform/environments/apex/module/lambdapolicy/main.tf deleted file mode 100644 index 2668042c4fd..00000000000 --- a/terraform/environments/apex/module/lambdapolicy/main.tf +++ /dev/null @@ -1,65 +0,0 @@ -data "aws_iam_policy_document" "assume_role" { - statement { - effect = "Allow" - - principals { - type = "Service" - identifiers = ["lambda.amazonaws.com","ssm.amazonaws.com"] - } - - actions = ["sts:AssumeRole"] - } -} - -resource "aws_iam_role" "backuplambdarole" { - name = "apex-backuplambdarole" - assume_role_policy = data.aws_iam_policy_document.assume_role.json -} - - - -resource "aws_iam_policy" "backuplambdapolicy" { #tfsec:ignore:aws-iam-no-policy-wildcards - name = var.backup_policy_name - tags = var.tags - policy = < cloudwatch_agent_config.json -/opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/home/cloudwatch_agent_config.json \ No newline at end of file From 1460eaaa1853cfbc77c1ffe8c2874a18afc1773e Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 10:59:43 +0100 Subject: [PATCH 44/92] typo on module folder --- terraform/environments/apex/lambda.tf | 4 ++-- terraform/environments/apex/s3.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index f5eb8b1e514..d0dac417b52 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -1,5 +1,5 @@ module "iambackup" { - source = "./module/lambdapolicy" + source = "./modules/lambdapolicy" backup_policy_name = "laa-${local.application_name}-${local.environment}-policy" tags = merge( local.tags, @@ -7,7 +7,7 @@ module "iambackup" { ) } module "lambda_backup" { - source = "./module/lambda" + source = "./modules/lambda" backup_policy_name = "${local.application_name}-lambda-instance-policy" source_file = local.dbsourcefiles diff --git a/terraform/environments/apex/s3.tf b/terraform/environments/apex/s3.tf index f8f13e88935..53c56b7af86 100644 --- a/terraform/environments/apex/s3.tf +++ b/terraform/environments/apex/s3.tf @@ -1,5 +1,5 @@ module "s3_bucket_lambda" { - source = "./module/s3" + source = "./modules/s3" bucket_name = "laa-${local.application_name}-${local.environment}-mp" # Added suffix -mp to the name as it must be unique from the existing bucket in LZ # bucket_prefix not used in case bucket name get referenced as part of EC2 AMIs From a45d0783dbae630da8e76973c469dd112035452e Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 11:04:04 +0100 Subject: [PATCH 45/92] re-added the event rules --- .../environments/apex/modules/lambda/main.tf | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 15a1654f3a0..e125b264014 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -29,3 +29,24 @@ resource "aws_lambda_function" "snapshotDBFunction" { # } } +resource "aws_cloudwatch_event_rule" "mon_sun" { + name = "laa-createSnapshotRule-LWN8E1LNHFJR" + description = "Fires every five minutes" + schedule_expression = "cron(30 11 ? * MON-SUN *)" +} + +resource "aws_cloudwatch_event_target" "check_mon_sun" { + count = 1 + rule = aws_cloudwatch_event_rule.mon_sun.name + arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" + input = {"appname": "apex Database Server"} +} + +resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { + count = 1 + statement_id = "AllowExecutionFromCloudWatch" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.snapshotDBFunction[0].function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.mon_sun.arn +} \ No newline at end of file From b24cf1eccf254680fd784da04b1f5d2b00632615 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 11:09:48 +0100 Subject: [PATCH 46/92] allow json values --- terraform/environments/apex/modules/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index e125b264014..8de7e4ac5ed 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -39,7 +39,7 @@ resource "aws_cloudwatch_event_target" "check_mon_sun" { count = 1 rule = aws_cloudwatch_event_rule.mon_sun.name arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" - input = {"appname": "apex Database Server"} + input =jsonencode({"appname": "apex Database Server"}) } resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { From 53f946b1b7d020bde2b2c148749c026a7b087a22 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 12:50:22 +0100 Subject: [PATCH 47/92] create sg and attach sg and created env --- terraform/environments/apex/lambda.tf | 4 +-- .../environments/apex/modules/lambda/main.tf | 36 +++++++++++++------ .../apex/modules/lambda/variables.tf | 5 +++ terraform/environments/apex/variables.tf | 5 +++ 4 files changed, 37 insertions(+), 13 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index d0dac417b52..aa79a90934c 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -8,7 +8,7 @@ module "iambackup" { } module "lambda_backup" { source = "./modules/lambda" - +security_grp_name = "${local.application_name}-${local.environment}-lambdaSecurityGroup" backup_policy_name = "${local.application_name}-lambda-instance-policy" source_file = local.dbsourcefiles output_path = local.zipfiles @@ -19,8 +19,6 @@ role = module.iambackup.backuprole runtime = local.runtime - - tags = merge( local.tags, { Name = "laa-${local.application_name}-${local.environment}-mp" } diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 8de7e4ac5ed..6398939d97c 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -7,32 +7,47 @@ data "archive_file" "lambda_dbsnapshot" { output_path = var.output_path[count.index] } +resource "aws_security_group" "lambdasg" { + name = var.security_grp_name + description = "APEX Lambda Security Group" + vpc_id = data.aws_vpc.shared.id -resource "aws_lambda_function" "snapshotDBFunction" { - # If the file is not in the current working directory you will need to include a - # path.module in the filename. + egress { + description = "outbound access" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +resource "aws_lambda_function" "snapshotDBFunction" { count = 3 filename = var.filename[count.index] function_name = var.function_name[count.index] role = var.role handler = var.handler[count.index] - source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 - runtime = var.runtime[count.index] + environment { + variables = { + LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" -# environment { -# variables = { -# foo = "bar" -# } -# } + } + } + vpc_config { + security_group_ids = [aws_security_group.lambdasg.id] + subnet_ids = data.aws_subnet.private_subnets_a.id + } + } resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" schedule_expression = "cron(30 11 ? * MON-SUN *)" + } resource "aws_cloudwatch_event_target" "check_mon_sun" { @@ -40,6 +55,7 @@ resource "aws_cloudwatch_event_target" "check_mon_sun" { rule = aws_cloudwatch_event_rule.mon_sun.name arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" input =jsonencode({"appname": "apex Database Server"}) + } resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf index 987d7ed5ebe..63b7634abf5 100644 --- a/terraform/environments/apex/modules/lambda/variables.tf +++ b/terraform/environments/apex/modules/lambda/variables.tf @@ -40,4 +40,9 @@ variable "handler" { variable "runtime" { type = list(string) default = [ ""] +} + +variable "security_grp_name" { + type = string + default = "" } \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 59385209fc1..977af7c3079 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -26,4 +26,9 @@ variable "handler" { variable "runtime" { type = list(any) default = [ "nodejs18.x","python3.8","nodejs18.x"] +} + +variable "security_grp_name" { + type = string + default = "" } \ No newline at end of file From 41bf25b34ecdc56acf0556f1dafbd5017cb9c44d Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 12:55:43 +0100 Subject: [PATCH 48/92] included extra variables for the module --- terraform/environments/apex/lambda.tf | 1 + terraform/environments/apex/modules/lambda/variables.tf | 5 +++++ terraform/environments/apex/variables.tf | 5 +++++ 3 files changed, 11 insertions(+) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index aa79a90934c..3dd22ab1d93 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -17,6 +17,7 @@ function_name = local.functions handler = local.handlers role = module.iambackup.backuprole runtime = local.runtime +subnet_ids = data.aws_subnet.private_subnets_a.id tags = merge( diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf index 63b7634abf5..7d13369176e 100644 --- a/terraform/environments/apex/modules/lambda/variables.tf +++ b/terraform/environments/apex/modules/lambda/variables.tf @@ -45,4 +45,9 @@ variable "runtime" { variable "security_grp_name" { type = string default = "" +} + +variable "subnet_ids" { + type =list(string) + default = [""] } \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 977af7c3079..39257a76ebb 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -31,4 +31,9 @@ variable "runtime" { variable "security_grp_name" { type = string default = "" +} + +variable "subnet_ids" { + type =list(string) + default = [""] } \ No newline at end of file From 3175b95f13d0300d3cbbd73de3be2f2f6f847f49 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 13:01:20 +0100 Subject: [PATCH 49/92] add vpc id --- terraform/environments/apex/lambda.tf | 1 + terraform/environments/apex/modules/lambda/variables.tf | 4 ++++ terraform/environments/apex/variables.tf | 5 +++++ 3 files changed, 10 insertions(+) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 3dd22ab1d93..a22f1f16011 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -8,6 +8,7 @@ module "iambackup" { } module "lambda_backup" { source = "./modules/lambda" + vpc_id = data.aws_vpc.shared.id security_grp_name = "${local.application_name}-${local.environment}-lambdaSecurityGroup" backup_policy_name = "${local.application_name}-lambda-instance-policy" source_file = local.dbsourcefiles diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf index 7d13369176e..6901c0c8f07 100644 --- a/terraform/environments/apex/modules/lambda/variables.tf +++ b/terraform/environments/apex/modules/lambda/variables.tf @@ -50,4 +50,8 @@ variable "security_grp_name" { variable "subnet_ids" { type =list(string) default = [""] +} +variable "vpc_id" { + type = string + default = "" } \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 39257a76ebb..67581a941d2 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -36,4 +36,9 @@ variable "security_grp_name" { variable "subnet_ids" { type =list(string) default = [""] +} + +variable "vpc_id" { + type = string + default = "" } \ No newline at end of file From 270fb4142cfa4fb392cc20a027d6953427fd5c0f Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 13:03:57 +0100 Subject: [PATCH 50/92] forgot to save adding vpc --- terraform/environments/apex/modules/lambda/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 6398939d97c..e39f984c071 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -10,7 +10,7 @@ data "archive_file" "lambda_dbsnapshot" { resource "aws_security_group" "lambdasg" { name = var.security_grp_name description = "APEX Lambda Security Group" - vpc_id = data.aws_vpc.shared.id + vpc_id = var.vpc_id egress { @@ -38,7 +38,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { } vpc_config { security_group_ids = [aws_security_group.lambdasg.id] - subnet_ids = data.aws_subnet.private_subnets_a.id + subnet_ids = var.subnet_ids } } From 8c784531c91126906b2770592041b81cf173e920 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 14:12:50 +0100 Subject: [PATCH 51/92] missed [] --- terraform/environments/apex/lambda.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index a22f1f16011..9f613f74566 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -18,7 +18,7 @@ function_name = local.functions handler = local.handlers role = module.iambackup.backuprole runtime = local.runtime -subnet_ids = data.aws_subnet.private_subnets_a.id +subnet_ids = [data.aws_subnet.private_subnets_a.id] tags = merge( From 28e084be98a7ecdfbbd0d3d8304ace71ef59cb3b Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 14:21:10 +0100 Subject: [PATCH 52/92] change cron time --- terraform/environments/apex/modules/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index e39f984c071..a56f0532619 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -46,7 +46,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(30 11 ? * MON-SUN *)" + schedule_expression = "cron(27 14 ? * MON-SUN *)" } From de69a8f96f0781d07095c3ca82ea4514afc727c4 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 14:27:34 +0100 Subject: [PATCH 53/92] change cron time v1 --- terraform/environments/apex/modules/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index a56f0532619..d5b1cc0f61e 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -46,7 +46,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(27 14 ? * MON-SUN *)" + schedule_expression = "cron(32 14 ? * MON-SUN *)" } From 41c016c5c396c64e19095ad2efce8f67bb8be45a Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 15:56:00 +0100 Subject: [PATCH 54/92] create s3 bucket key and for lambda function --- terraform/environments/apex/lambda.tf | 18 ++++++++++++++++++ terraform/environments/apex/locals.tf | 2 ++ .../environments/apex/modules/lambda/main.tf | 2 +- .../apex/modules/lambda/variables.tf | 10 ++++++++++ terraform/environments/apex/variables.tf | 14 ++++++++++++++ 5 files changed, 45 insertions(+), 1 deletion(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 9f613f74566..907bec462ee 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -6,6 +6,20 @@ module "iambackup" { { Name = "laa-${local.application_name}-${local.environment}-mp" } ) } + +module "s3_bucket_lambda" { + source = "./modules/s3" + + bucket_name = "laa-${local.application_name}-${local.environment}-mp" # Added suffix -mp to the name as it must be unique from the existing bucket in LZ + # bucket_prefix not used in case bucket name get referenced as part of EC2 AMIs + + tags = merge( + local.tags, + { Name = "laa-${local.application_name}-${local.environment}-mp" } + ) + +} + module "lambda_backup" { source = "./modules/lambda" vpc_id = data.aws_vpc.shared.id @@ -19,6 +33,10 @@ handler = local.handlers role = module.iambackup.backuprole runtime = local.runtime subnet_ids = [data.aws_subnet.private_subnets_a.id] +lamdbabucketname = "laa-${local.application_name}-${local.environment}-mp" +key = local.key + + tags = merge( diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index 0c023887083..493c994c9d0 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -11,5 +11,7 @@ locals { #Runtime runtime = var.runtime + key = "dbsnapshot.zip" + application_test_url = "https://apex.laa-development.modernisation-platform.service.justice.gov.uk/apex/" } \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index d5b1cc0f61e..af8f74e1f0d 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -40,7 +40,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { security_group_ids = [aws_security_group.lambdasg.id] subnet_ids = var.subnet_ids } - + tags = var.tags } resource "aws_cloudwatch_event_rule" "mon_sun" { diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf index 6901c0c8f07..c6fc849e938 100644 --- a/terraform/environments/apex/modules/lambda/variables.tf +++ b/terraform/environments/apex/modules/lambda/variables.tf @@ -54,4 +54,14 @@ variable "subnet_ids" { variable "vpc_id" { type = string default = "" +} + +variable "lamdbabucketname" { + type = string + default = "" +} + +variable "key" { + type = string + default = "" } \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 67581a941d2..3a8a2bd872c 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -41,4 +41,18 @@ variable "subnet_ids" { variable "vpc_id" { type = string default = "" +} + +variable "tags" { + type = map(any) +} + +variable "lamdbabucketname" { + type = string + default = "" +} + +variable "key" { + type = string + default = "" } \ No newline at end of file From 13fe1780a42cfbc16090105fa131377f5d82774d Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 15:59:11 +0100 Subject: [PATCH 55/92] delete s3.tf --- terraform/environments/apex/s3.tf | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 terraform/environments/apex/s3.tf diff --git a/terraform/environments/apex/s3.tf b/terraform/environments/apex/s3.tf deleted file mode 100644 index 53c56b7af86..00000000000 --- a/terraform/environments/apex/s3.tf +++ /dev/null @@ -1,12 +0,0 @@ -module "s3_bucket_lambda" { - source = "./modules/s3" - - bucket_name = "laa-${local.application_name}-${local.environment}-mp" # Added suffix -mp to the name as it must be unique from the existing bucket in LZ - # bucket_prefix not used in case bucket name get referenced as part of EC2 AMIs - - tags = merge( - local.tags, - { Name = "laa-${local.application_name}-${local.environment}-mp" } - ) - -} \ No newline at end of file From cea300b84cfe64a13be54daa9c3feba5e00cba70 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:01:13 +0100 Subject: [PATCH 56/92] forgot to save file --- .../environments/apex/modules/lambda/main.tf | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index af8f74e1f0d..3ee356574a2 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -1,11 +1,5 @@ -data "archive_file" "lambda_dbsnapshot" { - count = 3 - type = "zip" - source_file = var.source_file[count.index] - output_path = var.output_path[count.index] -} resource "aws_security_group" "lambdasg" { name = var.security_grp_name @@ -22,6 +16,14 @@ resource "aws_security_group" "lambdasg" { } } +data "archive_file" "lambda_dbsnapshot" { + count = 3 + type = "zip" + source_file = var.source_file[count.index] + output_path = var.output_path[count.index] +} + + resource "aws_lambda_function" "snapshotDBFunction" { count = 3 filename = var.filename[count.index] @@ -30,6 +32,9 @@ resource "aws_lambda_function" "snapshotDBFunction" { handler = var.handler[count.index] source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 runtime = var.runtime[count.index] + s3_bucket = var.lamdbabucketname + s3_key = var.key + environment { variables = { LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" @@ -48,6 +53,7 @@ resource "aws_cloudwatch_event_rule" "mon_sun" { description = "Fires every five minutes" schedule_expression = "cron(32 14 ? * MON-SUN *)" + } resource "aws_cloudwatch_event_target" "check_mon_sun" { From a5887b14e724d1be0f6f15f1446f2591a8c6d2e4 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:07:19 +0100 Subject: [PATCH 57/92] remove tag vars --- terraform/environments/apex/variables.tf | 3 --- 1 file changed, 3 deletions(-) diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 3a8a2bd872c..08d306e9f8d 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -43,9 +43,6 @@ variable "vpc_id" { default = "" } -variable "tags" { - type = map(any) -} variable "lamdbabucketname" { type = string From ddea4ebc48c61f64cab9ee5c901fc0d61b133878 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:11:26 +0100 Subject: [PATCH 58/92] reduce the count to 1 --- terraform/environments/apex/modules/lambda/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 3ee356574a2..6ff47f66a28 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -17,7 +17,7 @@ resource "aws_security_group" "lambdasg" { } data "archive_file" "lambda_dbsnapshot" { - count = 3 + count = 1 type = "zip" source_file = var.source_file[count.index] output_path = var.output_path[count.index] @@ -25,7 +25,7 @@ data "archive_file" "lambda_dbsnapshot" { resource "aws_lambda_function" "snapshotDBFunction" { - count = 3 + count = 1 filename = var.filename[count.index] function_name = var.function_name[count.index] role = var.role From 5ce9bf15ee8369e2607cc9649594526d61157d54 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:16:46 +0100 Subject: [PATCH 59/92] added count index to the s3 --- terraform/environments/apex/modules/lambda/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 6ff47f66a28..4455f505506 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -32,8 +32,8 @@ resource "aws_lambda_function" "snapshotDBFunction" { handler = var.handler[count.index] source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 runtime = var.runtime[count.index] - s3_bucket = var.lamdbabucketname - s3_key = var.key + s3_bucket = var.lamdbabucketname[count.index] + s3_key = var.key[count.index] environment { variables = { From 59e771b93eb8ccdc2ad81e6ec3e8464fdc4c5368 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:24:18 +0100 Subject: [PATCH 60/92] amend the vars and made them list --- terraform/environments/apex/locals.tf | 2 +- terraform/environments/apex/modules/lambda/main.tf | 2 +- terraform/environments/apex/modules/lambda/variables.tf | 4 ++-- terraform/environments/apex/variables.tf | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index 493c994c9d0..f06048001bd 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -11,7 +11,7 @@ locals { #Runtime runtime = var.runtime - key = "dbsnapshot.zip" + key = var.key application_test_url = "https://apex.laa-development.modernisation-platform.service.justice.gov.uk/apex/" } \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 4455f505506..7668ec6cb82 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -32,7 +32,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { handler = var.handler[count.index] source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 runtime = var.runtime[count.index] - s3_bucket = var.lamdbabucketname[count.index] + s3_bucket = var.lamdbabucketname s3_key = var.key[count.index] environment { diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf index c6fc849e938..7fc8c5bb53d 100644 --- a/terraform/environments/apex/modules/lambda/variables.tf +++ b/terraform/environments/apex/modules/lambda/variables.tf @@ -62,6 +62,6 @@ variable "lamdbabucketname" { } variable "key" { - type = string - default = "" + type = list(string) + default = [""] } \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 08d306e9f8d..3b5a76f5f12 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -50,6 +50,6 @@ variable "lamdbabucketname" { } variable "key" { - type = string - default = "" + type = list(string) + default = ["dbsnapshot.zip"] } \ No newline at end of file From 977468c0961aa3cd4544171c659e5678433ea565 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:38:37 +0100 Subject: [PATCH 61/92] remove the key entry --- terraform/environments/apex/lambda.tf | 2 +- terraform/environments/apex/modules/lambda/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 907bec462ee..365e8bee5ac 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -34,7 +34,7 @@ role = module.iambackup.backuprole runtime = local.runtime subnet_ids = [data.aws_subnet.private_subnets_a.id] lamdbabucketname = "laa-${local.application_name}-${local.environment}-mp" -key = local.key +# key = local.key diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 7668ec6cb82..28aa86e8722 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -33,7 +33,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 runtime = var.runtime[count.index] s3_bucket = var.lamdbabucketname - s3_key = var.key[count.index] + # s3_key = var.key[count.index] environment { variables = { From ba59ce1c02042818b1b033ff8fe7e63badc4aac2 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:42:33 +0100 Subject: [PATCH 62/92] remove unwanted vars --- terraform/environments/apex/lambda.tf | 4 ++-- terraform/environments/apex/locals.tf | 2 +- terraform/environments/apex/modules/lambda/main.tf | 4 ++-- terraform/environments/apex/variables.tf | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 365e8bee5ac..0b5cf3b410e 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -27,14 +27,14 @@ security_grp_name = "${local.application_name}-${local.environment}-lambdaSecuri backup_policy_name = "${local.application_name}-lambda-instance-policy" source_file = local.dbsourcefiles output_path = local.zipfiles -filename = local.zipfiles +# filename = local.zipfiles function_name = local.functions handler = local.handlers role = module.iambackup.backuprole runtime = local.runtime subnet_ids = [data.aws_subnet.private_subnets_a.id] lamdbabucketname = "laa-${local.application_name}-${local.environment}-mp" -# key = local.key +key = local.zipfiles diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index f06048001bd..13f82043220 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -11,7 +11,7 @@ locals { #Runtime runtime = var.runtime - key = var.key + # key = var.key application_test_url = "https://apex.laa-development.modernisation-platform.service.justice.gov.uk/apex/" } \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 28aa86e8722..3ffc3a47da1 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -26,14 +26,14 @@ data "archive_file" "lambda_dbsnapshot" { resource "aws_lambda_function" "snapshotDBFunction" { count = 1 - filename = var.filename[count.index] + # filename = var.filename[count.index] function_name = var.function_name[count.index] role = var.role handler = var.handler[count.index] source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 runtime = var.runtime[count.index] s3_bucket = var.lamdbabucketname - # s3_key = var.key[count.index] + s3_key = var.filename[count.index] environment { variables = { diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 3b5a76f5f12..6b69c0df1a0 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -49,7 +49,7 @@ variable "lamdbabucketname" { default = "" } -variable "key" { - type = list(string) - default = ["dbsnapshot.zip"] -} \ No newline at end of file +# variable "key" { +# type = list(string) +# default = ["dbsnapshot.zip"] +# } \ No newline at end of file From 71237cff2f175f9bc134f8fb0f0574ed49325b4f Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:45:38 +0100 Subject: [PATCH 63/92] increase the count to 3 --- terraform/environments/apex/modules/lambda/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 3ffc3a47da1..9e72dd826a3 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -17,7 +17,7 @@ resource "aws_security_group" "lambdasg" { } data "archive_file" "lambda_dbsnapshot" { - count = 1 + count = 3 type = "zip" source_file = var.source_file[count.index] output_path = var.output_path[count.index] @@ -25,7 +25,7 @@ data "archive_file" "lambda_dbsnapshot" { resource "aws_lambda_function" "snapshotDBFunction" { - count = 1 + count = 3 # filename = var.filename[count.index] function_name = var.function_name[count.index] role = var.role From c2c161781783db64830197fdb47028af2cfcacfa Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 16:58:23 +0100 Subject: [PATCH 64/92] test trigger --- terraform/environments/apex/modules/lambda/main.tf | 2 +- terraform/environments/apex/modules/lambda/variables.tf | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index 9e72dd826a3..a05f7e32cd2 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -25,7 +25,7 @@ data "archive_file" "lambda_dbsnapshot" { resource "aws_lambda_function" "snapshotDBFunction" { - count = 3 + count = 1 # filename = var.filename[count.index] function_name = var.function_name[count.index] role = var.role diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf index 7fc8c5bb53d..cfab46964cd 100644 --- a/terraform/environments/apex/modules/lambda/variables.tf +++ b/terraform/environments/apex/modules/lambda/variables.tf @@ -61,7 +61,7 @@ variable "lamdbabucketname" { default = "" } -variable "key" { - type = list(string) - default = [""] -} \ No newline at end of file +# variable "key" { +# type = list(string) +# default = [""] +# } \ No newline at end of file From 916b61b70e1f3537cde0123f108c764ea2c69b1f Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 17:01:10 +0100 Subject: [PATCH 65/92] uncomment out var --- terraform/environments/apex/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf index 6b69c0df1a0..3b5a76f5f12 100644 --- a/terraform/environments/apex/variables.tf +++ b/terraform/environments/apex/variables.tf @@ -49,7 +49,7 @@ variable "lamdbabucketname" { default = "" } -# variable "key" { -# type = list(string) -# default = ["dbsnapshot.zip"] -# } \ No newline at end of file +variable "key" { + type = list(string) + default = ["dbsnapshot.zip"] +} \ No newline at end of file From e93934eb830bd027fde447f3a156d7c5c4a3bd17 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 17:03:06 +0100 Subject: [PATCH 66/92] uncomment out var v1 --- terraform/environments/apex/modules/lambda/variables.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf index cfab46964cd..7fc8c5bb53d 100644 --- a/terraform/environments/apex/modules/lambda/variables.tf +++ b/terraform/environments/apex/modules/lambda/variables.tf @@ -61,7 +61,7 @@ variable "lamdbabucketname" { default = "" } -# variable "key" { -# type = list(string) -# default = [""] -# } \ No newline at end of file +variable "key" { + type = list(string) + default = [""] +} \ No newline at end of file From c5e1a2880f2bc8144fd328806363c4ff794d4f2c Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Mon, 23 Oct 2023 17:06:16 +0100 Subject: [PATCH 67/92] change time --- terraform/environments/apex/modules/lambda/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index a05f7e32cd2..a39e09847c7 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -51,7 +51,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(32 14 ? * MON-SUN *)" + schedule_expression = "cron(15 17 ? * MON-SUN *)" } From 96eeb32a0d8572ab545049a65dd1a61bd9d17018 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 09:29:10 +0100 Subject: [PATCH 68/92] amend vars and change cron time --- terraform/environments/apex/locals.tf | 2 +- terraform/environments/apex/modules/lambda/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index 13f82043220..f06048001bd 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -11,7 +11,7 @@ locals { #Runtime runtime = var.runtime - # key = var.key + key = var.key application_test_url = "https://apex.laa-development.modernisation-platform.service.justice.gov.uk/apex/" } \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf index a39e09847c7..48913414ec9 100644 --- a/terraform/environments/apex/modules/lambda/main.tf +++ b/terraform/environments/apex/modules/lambda/main.tf @@ -51,7 +51,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { resource "aws_cloudwatch_event_rule" "mon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(15 17 ? * MON-SUN *)" + schedule_expression = "cron(38 09 ? * MON-SUN *)" } From 478a144994447167cceec19d3ddb30c48f72d863 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 09:46:41 +0100 Subject: [PATCH 69/92] change s3 key name --- terraform/environments/apex/lambda.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 0b5cf3b410e..eb70633e94a 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -34,7 +34,7 @@ role = module.iambackup.backuprole runtime = local.runtime subnet_ids = [data.aws_subnet.private_subnets_a.id] lamdbabucketname = "laa-${local.application_name}-${local.environment}-mp" -key = local.zipfiles +key = "dbsnapshot1.zip" From 0c280db7998d3eacf2a50d3df47927c1692a1343 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 12:50:36 +0100 Subject: [PATCH 70/92] deploying lambda out of module --- terraform/environments/apex/event_triggers.tf | 40 ++++++ terraform/environments/apex/lambda.tf | 115 +++++++++++++++--- .../environments/apex/modules/s3/outputs.tf | 3 + 3 files changed, 142 insertions(+), 16 deletions(-) create mode 100644 terraform/environments/apex/event_triggers.tf create mode 100644 terraform/environments/apex/modules/s3/outputs.tf diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf new file mode 100644 index 00000000000..2d3d0c453af --- /dev/null +++ b/terraform/environments/apex/event_triggers.tf @@ -0,0 +1,40 @@ +resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { + name = "laa-createSnapshotRule-LWN8E1LNHFJR" + description = "Fires every five minutes" + schedule_expression = "cron(38 09 ? * MON-SUN *)" +} + +resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { + rule = aws_cloudwatch_event_rule.snapshotDBFunctionmon_sun.name + arn = aws_lambda_function.snapshotDBFunction.arn + input =jsonencode({"appname": "apex Database Server"}) +} + +resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { + statement_id = "AllowExecutionFromCloudWatch" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.snapshotDBFunction.function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.snapshotDBFunctionmon_sun.arn +} + + +resource "aws_cloudwatch_event_rule" "deletesnapshotFunction_mon_fri" { + name = "laa-deletesnapshotRule-LWN8E1LNHFJR" + description = "Fires every five minutes" + schedule_expression = "cron(38 09 ? * MON-SUN *)" +} + +resource "aws_cloudwatch_event_target" "deletesnapshotFunctioncheck_mon_fri" { + rule = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.name + arn = aws_lambda_function.deletesnapshotFunction.arn + input =jsonencode({"appname": "apex Database Server"}) +} + +resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_fri" { + statement_id = "AllowExecutionFromCloudWatch" + action = "lambda:InvokeFunction" + function_name = aws_lambda_function.deletesnapshotFunction.function_name + principal = "events.amazonaws.com" + source_arn = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.arn +} \ No newline at end of file diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index eb70633e94a..5c6f7af62aa 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -20,29 +20,112 @@ module "s3_bucket_lambda" { } -module "lambda_backup" { - source = "./modules/lambda" - vpc_id = data.aws_vpc.shared.id -security_grp_name = "${local.application_name}-${local.environment}-lambdaSecurityGroup" -backup_policy_name = "${local.application_name}-lambda-instance-policy" -source_file = local.dbsourcefiles -output_path = local.zipfiles -# filename = local.zipfiles -function_name = local.functions -handler = local.handlers -role = module.iambackup.backuprole -runtime = local.runtime -subnet_ids = [data.aws_subnet.private_subnets_a.id] -lamdbabucketname = "laa-${local.application_name}-${local.environment}-mp" -key = "dbsnapshot1.zip" +resource "aws_security_group" "lambdasg" { + name = "${local.application_name}-lambda-security-group" + description = "APEX Lambda Security Group" + vpc_id = data.aws_vpc.shared.id + egress { + description = "outbound access" + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} + +data "archive_file" "dbsnapshot_file" { + type = "zip" + source_file = local.dbsnapshot_source_file + output_path = local.dbsnapshot_output_path +} +data "archive_file" "deletesnapshot_file" { + type = "zip" + source_file = local.deletesnapshot_source_file + output_path = local.deletesnapshot_output_path +} +data "archive_file" "dbconnect_file" { + type = "zip" + source_file = local.dbconnect_source_file + output_path = local.dbconnect_output_path +} - tags = merge( + +resource "aws_lambda_function" "snapshotDBFunction" { + function_name = local.snapshotDBFunctionname + role = module.iambackup.backuprole + handler = local.snapshotDBFunctionhandler + source_code_hash = data.archive_file.dbsnapshot_file.output_base64sha256 + runtime = local.snapshotDBFunctionruntime + s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_key = local.snapshotDBFunctionfilename + + environment { + variables = { + LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" + + } + } + vpc_config { + security_group_ids = [aws_security_group.lambdasg.id] + subnet_ids = [data.aws_subnet.private_subnets_a.id] + } + tags = merge( local.tags, { Name = "laa-${local.application_name}-${local.environment}-mp" } ) } +resource "aws_lambda_function" "deletesnapshotFunction" { + function_name = local.deletesnapshotFunctionname + role = module.iambackup.backuprole + handler = local.deletesnapshotFunctionhandler + source_code_hash = data.archive_file.delesnapshot_file.output_base64sha256 + runtime = local.deletesnapshotFunctionruntime + s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_key = local.deletesnapshotFunctionfilename + + environment { + variables = { + LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" + + } + } + vpc_config { + security_group_ids = [aws_security_group.lambdasg.id] + subnet_ids = [data.aws_subnet.private_subnets_a.id] + } + tags = merge( + local.tags, + { Name = "laa-${local.application_name}-${local.environment}-mp" } + ) +} + + +resource "aws_lambda_function" "connectDBFunction" { + function_name = local.connectDBFunctionname + role = module.iambackup.backuprole + handler = local.connectDBFunctionhandler + source_code_hash = data.archive_file.dbconnect_file.output_base64sha256 + runtime = local.connectDBFunctionruntime + s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_key = local.connectDBFunctionfilename + + environment { + variables = { + LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" + + } + } + vpc_config { + security_group_ids = [aws_security_group.lambdasg.id] + subnet_ids = [data.aws_subnet.private_subnets_a.id] + } + tags = merge( + local.tags, + { Name = "laa-${local.application_name}-${local.environment}-mp" } + ) +} diff --git a/terraform/environments/apex/modules/s3/outputs.tf b/terraform/environments/apex/modules/s3/outputs.tf new file mode 100644 index 00000000000..6a8e6b82b57 --- /dev/null +++ b/terraform/environments/apex/modules/s3/outputs.tf @@ -0,0 +1,3 @@ +output "lambdabucketname" { + value = aws_s3_bucket.laa-lambda-backup.bucket +} \ No newline at end of file From 6cbdc82a16e2fe60a6fb44b6a4bd0583c9f347b4 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 12:52:42 +0100 Subject: [PATCH 71/92] forgot to save the local.tf file --- terraform/environments/apex/locals.tf | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index f06048001bd..4a3735f80b6 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -12,6 +12,32 @@ locals { runtime = var.runtime key = var.key + #Lambda Config + dbsnapshot_source_file = "dbsnapshot.js" + deletesnapshot_source_file = "deletesnapshots.py" + dbconnect_source_file = "dbconnect.js" + dbsnapshot_output_path = "snapshotDBFunction.zip" + deletesnapshot_output_path = "deletesnapshotFunction.zip" + dbconnect_output_path = "connectDBFunction.zip" + + snapshotDBFunctionname = "snapshotDBFunction" + snapshotDBFunctionhandler = "snapshot/dbsnapshot.handler" + snapshotDBFunctionruntime = "nodejs18.x" + snapshotDBFunctionfilename = "snapshotDBFunction.zip" + + + deletesnapshotFunctionname = "deletesnapshotFunction" + deletesnapshotFunctionhandler = "deletesnapshots.lambda_handler" + deletesnapshotFunctionruntime = "python3.8" + deletesnapshotFunctionfilename = "deletesnapshotFunction.zip" + + + connectDBFunctionname = "connectDBFunction" + connectDBFunctionhandler = "ssh/dbconnect.handler" + connectDBFunctionruntime = "nodejs18.x" + connectDBFunctionfilename = "connectDBFunction.zip" + + application_test_url = "https://apex.laa-development.modernisation-platform.service.justice.gov.uk/apex/" } \ No newline at end of file From bb52d30cfd67ebb48aafb89b2c5848000c2b95f5 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 12:55:21 +0100 Subject: [PATCH 72/92] typo --- terraform/environments/apex/lambda.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 5c6f7af62aa..4acc2f86a9f 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -82,7 +82,7 @@ resource "aws_lambda_function" "deletesnapshotFunction" { function_name = local.deletesnapshotFunctionname role = module.iambackup.backuprole handler = local.deletesnapshotFunctionhandler - source_code_hash = data.archive_file.delesnapshot_file.output_base64sha256 + source_code_hash = data.archive_file.deletesnapshot_file.output_base64sha256 runtime = local.deletesnapshotFunctionruntime s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.deletesnapshotFunctionfilename From 4f9bb1b0662beb0545609070363ba113a7841ebb Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 12:59:26 +0100 Subject: [PATCH 73/92] change cron time --- terraform/environments/apex/event_triggers.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 2d3d0c453af..be0292cfd61 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(38 09 ? * MON-SUN *)" + schedule_expression = "cron(10 13 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { @@ -22,7 +22,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { resource "aws_cloudwatch_event_rule" "deletesnapshotFunction_mon_fri" { name = "laa-deletesnapshotRule-LWN8E1LNHFJR" description = "Fires every five minutes" - schedule_expression = "cron(38 09 ? * MON-SUN *)" + schedule_expression = "cron(38 09 ? * MON-FRI *)" } resource "aws_cloudwatch_event_target" "deletesnapshotFunctioncheck_mon_fri" { From 535f7dfe23b619e99179281355f30460fa1915fb Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 13:10:11 +0100 Subject: [PATCH 74/92] change event bus name --- terraform/environments/apex/event_triggers.tf | 4 ++-- terraform/environments/apex/lambda.tf | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index be0292cfd61..31bf82e16f6 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,5 +1,5 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { - name = "laa-createSnapshotRule-LWN8E1LNHFJR" + name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" schedule_expression = "cron(10 13 ? * MON-SUN *)" } @@ -20,7 +20,7 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { resource "aws_cloudwatch_event_rule" "deletesnapshotFunction_mon_fri" { - name = "laa-deletesnapshotRule-LWN8E1LNHFJR" + name = "laa-deletesnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" schedule_expression = "cron(38 09 ? * MON-FRI *)" } diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 4acc2f86a9f..18812d43c42 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -60,7 +60,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { source_code_hash = data.archive_file.dbsnapshot_file.output_base64sha256 runtime = local.snapshotDBFunctionruntime s3_bucket = module.s3_bucket_lambda.lambdabucketname - s3_key = local.snapshotDBFunctionfilename + # s3_key = local.snapshotDBFunctionfilename environment { variables = { @@ -85,7 +85,7 @@ resource "aws_lambda_function" "deletesnapshotFunction" { source_code_hash = data.archive_file.deletesnapshot_file.output_base64sha256 runtime = local.deletesnapshotFunctionruntime s3_bucket = module.s3_bucket_lambda.lambdabucketname - s3_key = local.deletesnapshotFunctionfilename + # s3_key = local.deletesnapshotFunctionfilename environment { variables = { @@ -111,7 +111,7 @@ resource "aws_lambda_function" "connectDBFunction" { source_code_hash = data.archive_file.dbconnect_file.output_base64sha256 runtime = local.connectDBFunctionruntime s3_bucket = module.s3_bucket_lambda.lambdabucketname - s3_key = local.connectDBFunctionfilename + # s3_key = local.connectDBFunctionfilename environment { variables = { From 9db31c4276958013144520e6f66836acf0f55950 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 13:13:24 +0100 Subject: [PATCH 75/92] remove s3 bucket --- terraform/environments/apex/lambda.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 18812d43c42..50c100f980d 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -59,7 +59,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { handler = local.snapshotDBFunctionhandler source_code_hash = data.archive_file.dbsnapshot_file.output_base64sha256 runtime = local.snapshotDBFunctionruntime - s3_bucket = module.s3_bucket_lambda.lambdabucketname + # s3_bucket = module.s3_bucket_lambda.lambdabucketname # s3_key = local.snapshotDBFunctionfilename environment { @@ -84,7 +84,7 @@ resource "aws_lambda_function" "deletesnapshotFunction" { handler = local.deletesnapshotFunctionhandler source_code_hash = data.archive_file.deletesnapshot_file.output_base64sha256 runtime = local.deletesnapshotFunctionruntime - s3_bucket = module.s3_bucket_lambda.lambdabucketname + # s3_bucket = module.s3_bucket_lambda.lambdabucketname # s3_key = local.deletesnapshotFunctionfilename environment { @@ -110,7 +110,7 @@ resource "aws_lambda_function" "connectDBFunction" { handler = local.connectDBFunctionhandler source_code_hash = data.archive_file.dbconnect_file.output_base64sha256 runtime = local.connectDBFunctionruntime - s3_bucket = module.s3_bucket_lambda.lambdabucketname + # s3_bucket = module.s3_bucket_lambda.lambdabucketname # s3_key = local.connectDBFunctionfilename environment { From 6c2cac7d3bdf5dcc8d47100206894f45a629b82e Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 14:12:40 +0100 Subject: [PATCH 76/92] include file name --- terraform/environments/apex/lambda.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 50c100f980d..77b1d76cb69 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -59,6 +59,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { handler = local.snapshotDBFunctionhandler source_code_hash = data.archive_file.dbsnapshot_file.output_base64sha256 runtime = local.snapshotDBFunctionruntime + filename = local.snapshotDBFunctionfilename # s3_bucket = module.s3_bucket_lambda.lambdabucketname # s3_key = local.snapshotDBFunctionfilename @@ -83,6 +84,7 @@ resource "aws_lambda_function" "deletesnapshotFunction" { role = module.iambackup.backuprole handler = local.deletesnapshotFunctionhandler source_code_hash = data.archive_file.deletesnapshot_file.output_base64sha256 + filename = local.deletesnapshotFunctionfilename runtime = local.deletesnapshotFunctionruntime # s3_bucket = module.s3_bucket_lambda.lambdabucketname # s3_key = local.deletesnapshotFunctionfilename @@ -110,6 +112,7 @@ resource "aws_lambda_function" "connectDBFunction" { handler = local.connectDBFunctionhandler source_code_hash = data.archive_file.dbconnect_file.output_base64sha256 runtime = local.connectDBFunctionruntime + filename = local.connectDBFunctionfilename # s3_bucket = module.s3_bucket_lambda.lambdabucketname # s3_key = local.connectDBFunctionfilename From b55b806cf764bc3fcb02623b8b41b5b9d2269d54 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 14:48:59 +0100 Subject: [PATCH 77/92] change cron time --- terraform/environments/apex/event_triggers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 31bf82e16f6..221d5d1e53c 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(10 13 ? * MON-SUN *)" + schedule_expression = "cron(00 15 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { From a792dee932c7abc194e104d137e44ed6939b41da Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 15:22:35 +0100 Subject: [PATCH 78/92] add function layers --- terraform/environments/apex/event_triggers.tf | 2 +- terraform/environments/apex/lambda.tf | 33 ++++++++++++++----- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 221d5d1e53c..d87cadce69e 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(00 15 ? * MON-SUN *)" + schedule_expression = "cron(30 15 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 77b1d76cb69..b59075dfbc0 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -53,15 +53,29 @@ data "archive_file" "dbconnect_file" { } + +resource "aws_lambda_layer_version" "lambda_layer" { + # filename = "lambda_layer_payload.zip" + layer_name = "SSHNodeJSLayer" + description = "A layer to add ssh libs to lambda" + license_info = "Apache-2.0" + s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_key = "nodejs.zip" + + compatible_runtimes = ["nodejs18.x"] +} + + resource "aws_lambda_function" "snapshotDBFunction" { function_name = local.snapshotDBFunctionname role = module.iambackup.backuprole handler = local.snapshotDBFunctionhandler source_code_hash = data.archive_file.dbsnapshot_file.output_base64sha256 runtime = local.snapshotDBFunctionruntime - filename = local.snapshotDBFunctionfilename - # s3_bucket = module.s3_bucket_lambda.lambdabucketname - # s3_key = local.snapshotDBFunctionfilename + # filename = local.snapshotDBFunctionfilename + layers = aws_lambda_layer_version.lambda_layer.compatible_runtimes + s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_key = local.snapshotDBFunctionfilename environment { variables = { @@ -84,10 +98,10 @@ resource "aws_lambda_function" "deletesnapshotFunction" { role = module.iambackup.backuprole handler = local.deletesnapshotFunctionhandler source_code_hash = data.archive_file.deletesnapshot_file.output_base64sha256 - filename = local.deletesnapshotFunctionfilename + # filename = local.deletesnapshotFunctionfilename runtime = local.deletesnapshotFunctionruntime - # s3_bucket = module.s3_bucket_lambda.lambdabucketname - # s3_key = local.deletesnapshotFunctionfilename + s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_key = local.deletesnapshotFunctionfilename environment { variables = { @@ -112,9 +126,10 @@ resource "aws_lambda_function" "connectDBFunction" { handler = local.connectDBFunctionhandler source_code_hash = data.archive_file.dbconnect_file.output_base64sha256 runtime = local.connectDBFunctionruntime - filename = local.connectDBFunctionfilename - # s3_bucket = module.s3_bucket_lambda.lambdabucketname - # s3_key = local.connectDBFunctionfilename + # filename = local.connectDBFunctionfilename + layers = aws_lambda_layer_version.lambda_layer.compatible_runtimes + s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_key = local.connectDBFunctionfilename environment { variables = { From 7635b03c2cf4ae167d4ba1ba99b3624bbd54aa05 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 15:29:13 +0100 Subject: [PATCH 79/92] change runtime --- terraform/environments/apex/event_triggers.tf | 2 +- terraform/environments/apex/lambda.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index d87cadce69e..76ebc75cdb8 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(30 15 ? * MON-SUN *)" + schedule_expression = "cron(38 15 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index b59075dfbc0..b94be82d61d 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -62,7 +62,7 @@ resource "aws_lambda_layer_version" "lambda_layer" { s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = "nodejs.zip" - compatible_runtimes = ["nodejs18.x"] + compatible_runtimes = ["nodejs12.x"] } From b490a5e3a71d39f569fae22736b181d251e07622 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 15:34:43 +0100 Subject: [PATCH 80/92] change runtime v1 --- terraform/environments/apex/lambda.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index b94be82d61d..56c6956c3a0 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -62,7 +62,7 @@ resource "aws_lambda_layer_version" "lambda_layer" { s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = "nodejs.zip" - compatible_runtimes = ["nodejs12.x"] + compatible_runtimes = ["nodejs16.x"] } From 07a2cf184d214422115a9f996766c5e567cb0fc2 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 16:06:55 +0100 Subject: [PATCH 81/92] change bucket name --- terraform/environments/apex/lambda.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 56c6956c3a0..b350bc0a79a 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -62,7 +62,7 @@ resource "aws_lambda_layer_version" "lambda_layer" { s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = "nodejs.zip" - compatible_runtimes = ["nodejs16.x"] + compatible_runtimes = ["nodejs14.x"] } @@ -74,7 +74,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { runtime = local.snapshotDBFunctionruntime # filename = local.snapshotDBFunctionfilename layers = aws_lambda_layer_version.lambda_layer.compatible_runtimes - s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_bucket = "laa-${local.application_name}-${local.environment}-mp" s3_key = local.snapshotDBFunctionfilename environment { @@ -100,7 +100,7 @@ resource "aws_lambda_function" "deletesnapshotFunction" { source_code_hash = data.archive_file.deletesnapshot_file.output_base64sha256 # filename = local.deletesnapshotFunctionfilename runtime = local.deletesnapshotFunctionruntime - s3_bucket = module.s3_bucket_lambda.lambdabucketname + s3_bucket = "laa-${local.application_name}-${local.environment}-mp" s3_key = local.deletesnapshotFunctionfilename environment { From eb9ccbeb2c27947d1d90ea6f7609d5f4e06aee14 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 16:15:22 +0100 Subject: [PATCH 82/92] use arn --- terraform/environments/apex/lambda.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index b350bc0a79a..804235005ca 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -73,8 +73,8 @@ resource "aws_lambda_function" "snapshotDBFunction" { source_code_hash = data.archive_file.dbsnapshot_file.output_base64sha256 runtime = local.snapshotDBFunctionruntime # filename = local.snapshotDBFunctionfilename - layers = aws_lambda_layer_version.lambda_layer.compatible_runtimes - s3_bucket = "laa-${local.application_name}-${local.environment}-mp" + layers = [aws_lambda_layer_version.lambda_layer.arn] + s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.snapshotDBFunctionfilename environment { @@ -100,7 +100,7 @@ resource "aws_lambda_function" "deletesnapshotFunction" { source_code_hash = data.archive_file.deletesnapshot_file.output_base64sha256 # filename = local.deletesnapshotFunctionfilename runtime = local.deletesnapshotFunctionruntime - s3_bucket = "laa-${local.application_name}-${local.environment}-mp" + s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.deletesnapshotFunctionfilename environment { @@ -127,7 +127,7 @@ resource "aws_lambda_function" "connectDBFunction" { source_code_hash = data.archive_file.dbconnect_file.output_base64sha256 runtime = local.connectDBFunctionruntime # filename = local.connectDBFunctionfilename - layers = aws_lambda_layer_version.lambda_layer.compatible_runtimes + layers = [aws_lambda_layer_version.lambda_layer.arn] s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.connectDBFunctionfilename From 77ff9e761587ebe3f039fd58d29cc5e16c772721 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Tue, 24 Oct 2023 16:25:08 +0100 Subject: [PATCH 83/92] change filename on local vars --- terraform/environments/apex/event_triggers.tf | 2 +- terraform/environments/apex/lambda.tf | 2 +- terraform/environments/apex/locals.tf | 12 ++++++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 76ebc75cdb8..1395180cc18 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(38 15 ? * MON-SUN *)" + schedule_expression = "cron(34 16 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 804235005ca..2f3c6b158fa 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -62,7 +62,7 @@ resource "aws_lambda_layer_version" "lambda_layer" { s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = "nodejs.zip" - compatible_runtimes = ["nodejs14.x"] + compatible_runtimes = ["nodejs18.x"] } diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index 4a3735f80b6..8f3f57fa859 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -16,26 +16,26 @@ locals { dbsnapshot_source_file = "dbsnapshot.js" deletesnapshot_source_file = "deletesnapshots.py" dbconnect_source_file = "dbconnect.js" - dbsnapshot_output_path = "snapshotDBFunction.zip" - deletesnapshot_output_path = "deletesnapshotFunction.zip" - dbconnect_output_path = "connectDBFunction.zip" + dbsnapshot_output_path = "dbsnapshot.zip" + deletesnapshot_output_path = "deletesnapshots.zip" + dbconnect_output_path = "dbconnect.zip" snapshotDBFunctionname = "snapshotDBFunction" snapshotDBFunctionhandler = "snapshot/dbsnapshot.handler" snapshotDBFunctionruntime = "nodejs18.x" - snapshotDBFunctionfilename = "snapshotDBFunction.zip" + snapshotDBFunctionfilename = "dbsnapshot.zip" deletesnapshotFunctionname = "deletesnapshotFunction" deletesnapshotFunctionhandler = "deletesnapshots.lambda_handler" deletesnapshotFunctionruntime = "python3.8" - deletesnapshotFunctionfilename = "deletesnapshotFunction.zip" + deletesnapshotFunctionfilename = "deletesnapshots.zip" connectDBFunctionname = "connectDBFunction" connectDBFunctionhandler = "ssh/dbconnect.handler" connectDBFunctionruntime = "nodejs18.x" - connectDBFunctionfilename = "connectDBFunction.zip" + connectDBFunctionfilename = "dbconnect.zip" From d2dbb82745e210d8a9ccf96802d5cd2b1c94d54d Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Wed, 25 Oct 2023 14:14:14 +0100 Subject: [PATCH 84/92] LAWS-3514: changed nodeks version for function and ssh layer --- terraform/environments/apex/event_triggers.tf | 2 +- terraform/environments/apex/lambda.tf | 8 ++++---- terraform/environments/apex/locals.tf | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 1395180cc18..c22402dd2f3 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(34 16 ? * MON-SUN *)" + schedule_expression = "cron(21 14 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 2f3c6b158fa..f24c83ed6e3 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -62,7 +62,7 @@ resource "aws_lambda_layer_version" "lambda_layer" { s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = "nodejs.zip" - compatible_runtimes = ["nodejs18.x"] + compatible_runtimes = ["nodejs16.x"] } @@ -76,7 +76,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { layers = [aws_lambda_layer_version.lambda_layer.arn] s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.snapshotDBFunctionfilename - + environment { variables = { LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" @@ -102,7 +102,7 @@ resource "aws_lambda_function" "deletesnapshotFunction" { runtime = local.deletesnapshotFunctionruntime s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.deletesnapshotFunctionfilename - + environment { variables = { LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" @@ -130,7 +130,7 @@ resource "aws_lambda_function" "connectDBFunction" { layers = [aws_lambda_layer_version.lambda_layer.arn] s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.connectDBFunctionfilename - + environment { variables = { LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index 8f3f57fa859..efe49d953cb 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -22,7 +22,7 @@ locals { snapshotDBFunctionname = "snapshotDBFunction" snapshotDBFunctionhandler = "snapshot/dbsnapshot.handler" - snapshotDBFunctionruntime = "nodejs18.x" + snapshotDBFunctionruntime = "nodejs16.x" snapshotDBFunctionfilename = "dbsnapshot.zip" @@ -34,7 +34,7 @@ locals { connectDBFunctionname = "connectDBFunction" connectDBFunctionhandler = "ssh/dbconnect.handler" - connectDBFunctionruntime = "nodejs18.x" + connectDBFunctionruntime = "nodejs16.x" connectDBFunctionfilename = "dbconnect.zip" From c3a44f09fac70a1d727971a0f90e30b06464241c Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Wed, 25 Oct 2023 14:45:55 +0100 Subject: [PATCH 85/92] LAWS-3514: changed nodejs version for function and ssh layer to version 12 --- terraform/environments/apex/lambda.tf | 2 +- terraform/environments/apex/locals.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index f24c83ed6e3..6cfab48d52d 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -62,7 +62,7 @@ resource "aws_lambda_layer_version" "lambda_layer" { s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = "nodejs.zip" - compatible_runtimes = ["nodejs16.x"] + compatible_runtimes = ["nodejs12.x"] } diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index efe49d953cb..db05e05ee60 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -22,7 +22,7 @@ locals { snapshotDBFunctionname = "snapshotDBFunction" snapshotDBFunctionhandler = "snapshot/dbsnapshot.handler" - snapshotDBFunctionruntime = "nodejs16.x" + snapshotDBFunctionruntime = "nodejs12.x" snapshotDBFunctionfilename = "dbsnapshot.zip" @@ -34,7 +34,7 @@ locals { connectDBFunctionname = "connectDBFunction" connectDBFunctionhandler = "ssh/dbconnect.handler" - connectDBFunctionruntime = "nodejs16.x" + connectDBFunctionruntime = "nodejs12.x" connectDBFunctionfilename = "dbconnect.zip" From 8e9a10bfb56a3ffc3d67e3e5167d4059d1b69b02 Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Wed, 25 Oct 2023 14:48:04 +0100 Subject: [PATCH 86/92] LAWS-3514: changed event rule time --- terraform/environments/apex/event_triggers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index c22402dd2f3..f19d6c24d4e 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(21 14 ? * MON-SUN *)" + schedule_expression = "cron(51 14 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { From 7a9980b1c8b65938c4ff27f4b421745123f91683 Mon Sep 17 00:00:00 2001 From: Tariq Mahmood Date: Wed, 25 Oct 2023 14:55:23 +0100 Subject: [PATCH 87/92] LAWS-3514: changed nodejs from version 12 to 14 --- terraform/environments/apex/event_triggers.tf | 2 +- terraform/environments/apex/lambda.tf | 2 +- terraform/environments/apex/locals.tf | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index f19d6c24d4e..5c9bac4614f 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(51 14 ? * MON-SUN *)" + schedule_expression = "cron(02 15 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 6cfab48d52d..3fff3c2658a 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -62,7 +62,7 @@ resource "aws_lambda_layer_version" "lambda_layer" { s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = "nodejs.zip" - compatible_runtimes = ["nodejs12.x"] + compatible_runtimes = ["nodejs14.x"] } diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index db05e05ee60..4e2cc4ab528 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -22,7 +22,7 @@ locals { snapshotDBFunctionname = "snapshotDBFunction" snapshotDBFunctionhandler = "snapshot/dbsnapshot.handler" - snapshotDBFunctionruntime = "nodejs12.x" + snapshotDBFunctionruntime = "nodejs14.x" snapshotDBFunctionfilename = "dbsnapshot.zip" @@ -34,7 +34,7 @@ locals { connectDBFunctionname = "connectDBFunction" connectDBFunctionhandler = "ssh/dbconnect.handler" - connectDBFunctionruntime = "nodejs12.x" + connectDBFunctionruntime = "nodejs14.x" connectDBFunctionfilename = "dbconnect.zip" From 7c7ef6e60d61a9edfa1d70bb38e0eea063bab938 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Thu, 26 Oct 2023 10:16:45 +0100 Subject: [PATCH 88/92] change cron time --- terraform/environments/apex/event_triggers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 5c9bac4614f..16f34de3985 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(02 15 ? * MON-SUN *)" + schedule_expression = "cron(24 10 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { From 4af653810de346cc42f4aea67f5ad46c3e429d7b Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Thu, 26 Oct 2023 10:56:55 +0100 Subject: [PATCH 89/92] change time --- terraform/environments/apex/event_triggers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 16f34de3985..455411c3351 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(24 10 ? * MON-SUN *)" + schedule_expression = "cron(03 11 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { From 09da645bde35d8e1f28639b91469f8c7cd5cc516 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Thu, 26 Oct 2023 11:05:34 +0100 Subject: [PATCH 90/92] utc time --- terraform/environments/apex/event_triggers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 455411c3351..6527e745433 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,7 +1,7 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" description = "Fires every five minutes" - schedule_expression = "cron(03 11 ? * MON-SUN *)" + schedule_expression = "cron(11 10 ? * MON-SUN *)" } resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { From d1cfc4c9e81e3a42e0188c8a7cd2e89d55d5ad5a Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Thu, 26 Oct 2023 15:27:15 +0100 Subject: [PATCH 91/92] tidy up the code and remove variables no more required --- terraform/environments/apex/event_triggers.tf | 42 ++++++----- terraform/environments/apex/locals.tf | 21 ++---- .../environments/apex/modules/lambda/main.tf | 74 ------------------- .../apex/modules/lambda/outputs.tf | 7 -- .../apex/modules/lambda/variables.tf | 67 ----------------- terraform/environments/apex/variables.tf | 55 -------------- 6 files changed, 28 insertions(+), 238 deletions(-) delete mode 100644 terraform/environments/apex/modules/lambda/main.tf delete mode 100644 terraform/environments/apex/modules/lambda/outputs.tf delete mode 100644 terraform/environments/apex/modules/lambda/variables.tf delete mode 100644 terraform/environments/apex/variables.tf diff --git a/terraform/environments/apex/event_triggers.tf b/terraform/environments/apex/event_triggers.tf index 6527e745433..4f1d50044d6 100644 --- a/terraform/environments/apex/event_triggers.tf +++ b/terraform/environments/apex/event_triggers.tf @@ -1,15 +1,8 @@ resource "aws_cloudwatch_event_rule" "snapshotDBFunctionmon_sun" { - name = "laa-createSnapshotRule-LWN8E1LNHFJR-APEX" - description = "Fires every five minutes" - schedule_expression = "cron(11 10 ? * MON-SUN *)" + name = "laa-createSnapshotRule-${local.application_name}-${local.environment}-mp" + description = "Daily snapshots of Oracle volumes" + schedule_expression = "cron(00 04 ? * MON-SUN *)" } - -resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { - rule = aws_cloudwatch_event_rule.snapshotDBFunctionmon_sun.name - arn = aws_lambda_function.snapshotDBFunction.arn - input =jsonencode({"appname": "apex Database Server"}) -} - resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { statement_id = "AllowExecutionFromCloudWatch" action = "lambda:InvokeFunction" @@ -18,17 +11,19 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { source_arn = aws_cloudwatch_event_rule.snapshotDBFunctionmon_sun.arn } - -resource "aws_cloudwatch_event_rule" "deletesnapshotFunction_mon_fri" { - name = "laa-deletesnapshotRule-LWN8E1LNHFJR-APEX" - description = "Fires every five minutes" - schedule_expression = "cron(38 09 ? * MON-FRI *)" +resource "aws_cloudwatch_event_target" "snapshotDBFunctioncheck_mon_sun" { + rule = aws_cloudwatch_event_rule.snapshotDBFunctionmon_sun.name + arn = aws_lambda_function.snapshotDBFunction.arn + input =jsonencode({"appname": "apex Database Server"}) } -resource "aws_cloudwatch_event_target" "deletesnapshotFunctioncheck_mon_fri" { - rule = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.name - arn = aws_lambda_function.deletesnapshotFunction.arn - input =jsonencode({"appname": "apex Database Server"}) + + + +resource "aws_cloudwatch_event_rule" "deletesnapshotFunction_mon_fri" { + name = "laa-deletesnapshotRule-${local.application_name}-${local.environment}-mp" + description = "Delete snapshots over 35 days old" + schedule_expression = "cron(10 02 ? * MON-FRI *)" } resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_fri" { @@ -37,4 +32,11 @@ resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_fri" { function_name = aws_lambda_function.deletesnapshotFunction.function_name principal = "events.amazonaws.com" source_arn = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.arn -} \ No newline at end of file +} + +resource "aws_cloudwatch_event_target" "deletesnapshotFunctioncheck_mon_fri" { + rule = aws_cloudwatch_event_rule.deletesnapshotFunction_mon_fri.name + arn = aws_lambda_function.deletesnapshotFunction.arn + input =jsonencode({"appname": "apex Database Server"}) +} + diff --git a/terraform/environments/apex/locals.tf b/terraform/environments/apex/locals.tf index 4e2cc4ab528..17f680bfed4 100644 --- a/terraform/environments/apex/locals.tf +++ b/terraform/environments/apex/locals.tf @@ -1,43 +1,34 @@ #### This file can be used to store locals specific to the member account #### locals { - #js FIles - dbsourcefiles = var.source_file - #ZIP FILES Below - zipfiles = var.output_path - #Functions - functions = var.function_name - #Handlers - handlers = var.handler - #Runtime - runtime = var.runtime - key = var.key - #Lambda Config + #Lambda files dbsnapshot_source_file = "dbsnapshot.js" deletesnapshot_source_file = "deletesnapshots.py" dbconnect_source_file = "dbconnect.js" + dbsnapshot_output_path = "dbsnapshot.zip" deletesnapshot_output_path = "deletesnapshots.zip" dbconnect_output_path = "dbconnect.zip" + #Lambda Function creation snapshotDBFunctionname = "snapshotDBFunction" snapshotDBFunctionhandler = "snapshot/dbsnapshot.handler" snapshotDBFunctionruntime = "nodejs14.x" snapshotDBFunctionfilename = "dbsnapshot.zip" - deletesnapshotFunctionname = "deletesnapshotFunction" deletesnapshotFunctionhandler = "deletesnapshots.lambda_handler" deletesnapshotFunctionruntime = "python3.8" deletesnapshotFunctionfilename = "deletesnapshots.zip" - connectDBFunctionname = "connectDBFunction" connectDBFunctionhandler = "ssh/dbconnect.handler" connectDBFunctionruntime = "nodejs14.x" connectDBFunctionfilename = "dbconnect.zip" - + #layer config + s3layerkey = "nodejs.zip" + compatible_runtimes = "nodejs14.x" application_test_url = "https://apex.laa-development.modernisation-platform.service.justice.gov.uk/apex/" } \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/main.tf b/terraform/environments/apex/modules/lambda/main.tf deleted file mode 100644 index 48913414ec9..00000000000 --- a/terraform/environments/apex/modules/lambda/main.tf +++ /dev/null @@ -1,74 +0,0 @@ - - - -resource "aws_security_group" "lambdasg" { - name = var.security_grp_name - description = "APEX Lambda Security Group" - vpc_id = var.vpc_id - - - egress { - description = "outbound access" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - } -} - -data "archive_file" "lambda_dbsnapshot" { - count = 3 - type = "zip" - source_file = var.source_file[count.index] - output_path = var.output_path[count.index] -} - - -resource "aws_lambda_function" "snapshotDBFunction" { - count = 1 - # filename = var.filename[count.index] - function_name = var.function_name[count.index] - role = var.role - handler = var.handler[count.index] - source_code_hash = data.archive_file.lambda_dbsnapshot[count.index].output_base64sha256 - runtime = var.runtime[count.index] - s3_bucket = var.lamdbabucketname - s3_key = var.filename[count.index] - - environment { - variables = { - LD_LIBRARY_PATH = "/opt/nodejs/node_modules/lib" - - } - } - vpc_config { - security_group_ids = [aws_security_group.lambdasg.id] - subnet_ids = var.subnet_ids - } - tags = var.tags -} - -resource "aws_cloudwatch_event_rule" "mon_sun" { - name = "laa-createSnapshotRule-LWN8E1LNHFJR" - description = "Fires every five minutes" - schedule_expression = "cron(38 09 ? * MON-SUN *)" - - -} - -resource "aws_cloudwatch_event_target" "check_mon_sun" { - count = 1 - rule = aws_cloudwatch_event_rule.mon_sun.name - arn = "${aws_lambda_function.snapshotDBFunction[0].arn}" - input =jsonencode({"appname": "apex Database Server"}) - -} - -resource "aws_lambda_permission" "allow_cloudwatch_to_call_check_mon_sun" { - count = 1 - statement_id = "AllowExecutionFromCloudWatch" - action = "lambda:InvokeFunction" - function_name = aws_lambda_function.snapshotDBFunction[0].function_name - principal = "events.amazonaws.com" - source_arn = aws_cloudwatch_event_rule.mon_sun.arn -} \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/outputs.tf b/terraform/environments/apex/modules/lambda/outputs.tf deleted file mode 100644 index 337ea045884..00000000000 --- a/terraform/environments/apex/modules/lambda/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -# output "lambda_function" { -# value = aws_lambda_function.snapshotDBFunction.*.arn[count.index] -# } - -# output "lambda_function_name" { -# value = aws_lambda_function.snapshotDBFunction.*.function_name[count.index] -# } \ No newline at end of file diff --git a/terraform/environments/apex/modules/lambda/variables.tf b/terraform/environments/apex/modules/lambda/variables.tf deleted file mode 100644 index 7fc8c5bb53d..00000000000 --- a/terraform/environments/apex/modules/lambda/variables.tf +++ /dev/null @@ -1,67 +0,0 @@ -variable "backup_policy_name" { - type = string - default = "" -} - -variable "role" { - type = string - default = "" -} - -variable "tags" { - type = map(any) -} - -variable "filename" { - type = list(string) - default = [""] -} - -variable "source_file" { - type = list(string) - default = [""] -} - -variable "output_path" { - type = list(string) - default = [""] -} - -variable "function_name" { - type = list(string) - default = [""] -} - -variable "handler" { - type = list(string) - default = [""] -} - -variable "runtime" { - type = list(string) - default = [ ""] -} - -variable "security_grp_name" { - type = string - default = "" -} - -variable "subnet_ids" { - type =list(string) - default = [""] -} -variable "vpc_id" { - type = string - default = "" -} - -variable "lamdbabucketname" { - type = string - default = "" -} - -variable "key" { - type = list(string) - default = [""] -} \ No newline at end of file diff --git a/terraform/environments/apex/variables.tf b/terraform/environments/apex/variables.tf deleted file mode 100644 index 3b5a76f5f12..00000000000 --- a/terraform/environments/apex/variables.tf +++ /dev/null @@ -1,55 +0,0 @@ -variable "source_file" { - type = list(any) - default = ["dbsnapshot.js","deletesnapshots.py","dbconnect.js"] -} - -variable "output_path" { - type = list(any) - default = ["snapshotDBFunction.zip","deletesnapshotFunction.zip","connectDBFunction.zip"] -} - -variable "filename" { - type = list(any) - default = ["snapshotDBFunction.zip", "deletesnapshotFunction.zip","connectDBFunction.zip"] -} - -variable "function_name" { - type = list(any) - default = ["snapshotDBFunction","deletesnapshotFunction","connectDBFunction"] -} - -variable "handler" { - type = list(any) - default = ["snapshot/dbsnapshot.handler","deletesnapshots.lambda_handler","ssh/dbconnect.handler"] -} - -variable "runtime" { - type = list(any) - default = [ "nodejs18.x","python3.8","nodejs18.x"] -} - -variable "security_grp_name" { - type = string - default = "" -} - -variable "subnet_ids" { - type =list(string) - default = [""] -} - -variable "vpc_id" { - type = string - default = "" -} - - -variable "lamdbabucketname" { - type = string - default = "" -} - -variable "key" { - type = list(string) - default = ["dbsnapshot.zip"] -} \ No newline at end of file From 592a6928582301734ad469c46d3940c923526509 Mon Sep 17 00:00:00 2001 From: tajewole-moj Date: Thu, 26 Oct 2023 15:33:34 +0100 Subject: [PATCH 92/92] tidy up part2 --- terraform/environments/apex/lambda.tf | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/terraform/environments/apex/lambda.tf b/terraform/environments/apex/lambda.tf index 3fff3c2658a..f40e6c7aaea 100644 --- a/terraform/environments/apex/lambda.tf +++ b/terraform/environments/apex/lambda.tf @@ -10,9 +10,7 @@ module "iambackup" { module "s3_bucket_lambda" { source = "./modules/s3" - bucket_name = "laa-${local.application_name}-${local.environment}-mp" # Added suffix -mp to the name as it must be unique from the existing bucket in LZ - # bucket_prefix not used in case bucket name get referenced as part of EC2 AMIs - + bucket_name = "laa-${local.application_name}-${local.environment}-mp" tags = merge( local.tags, { Name = "laa-${local.application_name}-${local.environment}-mp" } @@ -21,7 +19,7 @@ module "s3_bucket_lambda" { } resource "aws_security_group" "lambdasg" { - name = "${local.application_name}-lambda-security-group" + name = "${local.application_name}-${local.environment}-lambda-security-group" description = "APEX Lambda Security Group" vpc_id = data.aws_vpc.shared.id @@ -55,14 +53,13 @@ data "archive_file" "dbconnect_file" { resource "aws_lambda_layer_version" "lambda_layer" { - # filename = "lambda_layer_payload.zip" layer_name = "SSHNodeJSLayer" description = "A layer to add ssh libs to lambda" license_info = "Apache-2.0" s3_bucket = module.s3_bucket_lambda.lambdabucketname - s3_key = "nodejs.zip" + s3_key = local.s3layerkey - compatible_runtimes = ["nodejs14.x"] + compatible_runtimes = [local.compatible_runtimes] } @@ -72,7 +69,6 @@ resource "aws_lambda_function" "snapshotDBFunction" { handler = local.snapshotDBFunctionhandler source_code_hash = data.archive_file.dbsnapshot_file.output_base64sha256 runtime = local.snapshotDBFunctionruntime - # filename = local.snapshotDBFunctionfilename layers = [aws_lambda_layer_version.lambda_layer.arn] s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.snapshotDBFunctionfilename @@ -89,7 +85,7 @@ resource "aws_lambda_function" "snapshotDBFunction" { } tags = merge( local.tags, - { Name = "laa-${local.application_name}-${local.environment}-mp" } + { Name = "laa-${local.application_name}-${local.environment}-lambda-snapshot-mp" } ) } @@ -98,7 +94,6 @@ resource "aws_lambda_function" "deletesnapshotFunction" { role = module.iambackup.backuprole handler = local.deletesnapshotFunctionhandler source_code_hash = data.archive_file.deletesnapshot_file.output_base64sha256 - # filename = local.deletesnapshotFunctionfilename runtime = local.deletesnapshotFunctionruntime s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.deletesnapshotFunctionfilename @@ -115,7 +110,7 @@ resource "aws_lambda_function" "deletesnapshotFunction" { } tags = merge( local.tags, - { Name = "laa-${local.application_name}-${local.environment}-mp" } + { Name = "laa-${local.application_name}-${local.environment}-lambda-deletesnapshot-mp" } ) } @@ -126,7 +121,6 @@ resource "aws_lambda_function" "connectDBFunction" { handler = local.connectDBFunctionhandler source_code_hash = data.archive_file.dbconnect_file.output_base64sha256 runtime = local.connectDBFunctionruntime - # filename = local.connectDBFunctionfilename layers = [aws_lambda_layer_version.lambda_layer.arn] s3_bucket = module.s3_bucket_lambda.lambdabucketname s3_key = local.connectDBFunctionfilename @@ -143,7 +137,7 @@ resource "aws_lambda_function" "connectDBFunction" { } tags = merge( local.tags, - { Name = "laa-${local.application_name}-${local.environment}-mp" } + { Name = "laa-${local.application_name}-${local.environment}-lambda-connect-mp" } ) }