NRL-1664 New NFT/Performance/Load terraform environment

Author: axelkrastek1-nhs

terraform/account-wide-infrastructure/mgmt/route53.tf

@@ -136,3 +136,16 @@ resource "aws_route53_record" "NEW_qa_zone_delegation" {
   ttl  = 300
   type = "NS"
 }
+
+resource "aws_route53_record" "perftest_zone_delegation" {
+  zone_id = aws_route53_zone.prod_zone.zone_id
+  name    = "perftest.record-locator.national.nhs.uk"
+  records = [
+    "ns-1821.awsdns-35.co.uk.",
+    "ns-1449.awsdns-53.org.",
+    "ns-933.awsdns-52.net.",
+    "ns-500.awsdns-62.com."
+  ]
+  ttl  = 300
+  type = "NS"
+}

terraform/account-wide-infrastructure/test/domain.tf

@@ -38,3 +38,11 @@ module "ref-custom-domain-name" {
   mtls_certificate_file         = "s3://${module.ref-truststore-bucket.bucket_name}/${module.ref-truststore-bucket.certificates_object_key}"
   mtls_certificate_file_version = module.ref-truststore-bucket.certificates_object_version
 }
+
+module "perftest-custom-domain-name" {
+  source                        = "../modules/env-custom-domain-name"
+  domain_name                   = var.perftest_api_domain_name
+  domain_zone                   = aws_route53_zone.test-perftest-api-ns.name
+  mtls_certificate_file         = "s3://${module.perftest-truststore-bucket.bucket_name}/${module.perftest-truststore-bucket.certificates_object_key}"
+  mtls_certificate_file_version = module.perftest-truststore-bucket.certificates_object_version
+}

terraform/account-wide-infrastructure/test/dynamodb__pointers-table.tf

@@ -30,3 +30,11 @@ module "ref-pointers-table" {
   enable_pitr                 = true
   kms_deletion_window_in_days = 30
 }
+
+module "perftest-pointers-table" {
+  source                      = "../modules/pointers-table"
+  name_prefix                 = "nhsd-nrlf--perftest"
+  enable_deletion_protection  = true
+  enable_pitr                 = true
+  kms_deletion_window_in_days = 30
+}

terraform/account-wide-infrastructure/test/route53.tf

@@ -17,3 +17,7 @@ resource "aws_route53_zone" "NEW_test-ref-ns" {
 resource "aws_route53_zone" "test-ref-ns" {
   name = "api.record-locator.ref.national.nhs.uk"
 }
+
+resource "aws_route53_zone" "test-perftest-ns" {
+  name = "perftest.record-locator.national.nhs.uk"
+}

terraform/account-wide-infrastructure/test/s3.tf

@@ -24,6 +24,11 @@ module "ref-permissions-store-bucket" {
   name_prefix = "nhsd-nrlf--ref"
 }
 
+module "perftest-permissions-store-bucket" {
+  source      = "../modules/permissions-store-bucket"
+  name_prefix = "nhsd-nrlf--perftest"
+}
+
 module "qa-truststore-bucket" {
   source                  = "../modules/truststore-bucket"
   name_prefix             = "nhsd-nrlf--qa"
@@ -53,3 +58,9 @@ module "ref-truststore-bucket" {
   name_prefix             = "nhsd-nrlf--ref"
   server_certificate_file = "../../../truststore/server/ref.pem"
 }
+
+module "perftest-truststore-bucket" {
+  source                  = "../modules/truststore-bucket"
+  name_prefix             = "nhsd-nrlf--perftest"
+  server_certificate_file = "../../../truststore/server/perftest.pem"
+}

terraform/account-wide-infrastructure/test/secrets.tf

@@ -17,6 +17,11 @@ resource "aws_secretsmanager_secret" "ref_smoke_test_apigee_app" {
   description = "APIGEE App used to run Smoke Tests against the REF environment"
 }
 
+resource "aws_secretsmanager_secret" "perftest_smoke_test_apigee_app" {
+  name        = "${local.prefix}--perftest--apigee-app--smoke-test"
+  description = "APIGEE App used to run Smoke Tests against the perftest environment"
+}
+
 resource "aws_secretsmanager_secret" "backup_destination_parameters" {
   name        = "${local.prefix}--backup-destination-parameters"
   description = "Parameters used to configure the backup destination"
@@ -50,6 +55,11 @@ resource "aws_secretsmanager_secret" "ref_smoke_test_parameters" {
   description = "Parameters used to run Smoke Tests against the ref environment"
 }
 
+resource "aws_secretsmanager_secret" "perftest_smoke_test_parameters" {
+  name        = "${local.project}--perftest--smoke-test-parameters"
+  description = "Parameters used to run Smoke Tests against the perftest environment"
+}
+
 
 #
 # Splunk Configuration secrets
@@ -107,6 +117,11 @@ resource "aws_secretsmanager_secret" "ref_environment_configuration" {
   description = "The environment configuration for the Ref environment"
 }
 
+resource "aws_secretsmanager_secret" "perftest_environment_configuration" {
+  name        = "${local.project}--perftest--env-config"
+  description = "The environment configuration for the Perftest environment"
+}
+
 #
 # PowerBI secrets
 #

terraform/account-wide-infrastructure/test/vars.tf

@@ -29,6 +29,11 @@ variable "ref_api_domain_name" {
   default     = "ref.api.record-locator.ref.national.nhs.uk"
 }
 
+variable "perftest_api_domain_name" {
+  description = "The internal DNS name of the API Gateway for the perftest environment"
+  default     = "api.perftest.record-locator.national.nhs.uk"
+}
+
 variable "enable_reporting" {
   type        = bool
   description = "Enable account-wide reporting processes in the test account"

terraform/infrastructure/README.md

@@ -8,16 +8,17 @@ Each developer/QA can create their own ephemeral instance of the NRLF infrastruc
 
 This project has a number of "persistent environments", similar to traditional dev, ref and prod environments. Each of these environments will typically contain multiple NRLF stacks, allowing for blue/green style deployment, and have shared storage infrastructure like DynamoDB tables and S3 buckets. The persistent environments are deployed as follows:
 
-| Environment  | TF Workspace  | TF Config         | AWS Account | Internal Domain                      | Public Domain                             |
-| ------------ | ------------- | ----------------- | ----------- | ------------------------------------ | ----------------------------------------- |
-| internal-dev | dev-N         | `etc/dev.tfvars`  | dev         | `record-locator.dev.national.nhs.uk` | `internal-dev.api.service.nhs.uk`         |
-| dev-sandbox  | dev-sandbox-N | `etc/dev.tfvars`  | dev         | `record-locator.dev.national.nhs.uk` | `internal-dev-sandbox.api.service.nhs.uk` |
-| internal-qa  | qa-N          | `etc/qa.tfvars`   | test        | `qa.record-locator.national.nhs.uk`  | `internal-qa.api.service.nhs.uk`          |
-| qa-sandbox   | qa-sandbox-N  | `etc/qa.tfvars`   | test        | `qa.record-locator.national.nhs.uk`  | `internal-qa-sandbox.api.service.nhs.uk`  |
-| int          | int-N         | `etc/int.tfvars`  | test        | `record-locator.int.national.nhs.uk` | `int.api.service.nhs.uk`                  |
-| sandbox      | int-sandbox-N | `etc/int.tfvars`  | test        | `record-locator.int.national.nhs.uk` | `sandbox.api.service.nhs.uk`              |
-| ref          | ref-N         | `etc/ref.tfvars`  | test        | `record-locator.ref.national.nhs.uk` | `ref.api.service.nhs.uk`                  |
-| prod         | prod-N        | `etc/prod.tfvars` | prod        | `record-locator.national.nhs.uk`     | `api.service.nhs.uk`                      |
+| Environment  | TF Workspace  | TF Config             | AWS Account | Internal Domain                           | Public Domain                             |
+| ------------ | ------------- | --------------------- | ----------- | ----------------------------------------- | ----------------------------------------- |
+| internal-dev | dev-N         | `etc/dev.tfvars`      | dev         | `record-locator.dev.national.nhs.uk`      | `internal-dev.api.service.nhs.uk`         |
+| dev-sandbox  | dev-sandbox-N | `etc/dev.tfvars`      | dev         | `record-locator.dev.national.nhs.uk`      | `internal-dev-sandbox.api.service.nhs.uk` |
+| internal-qa  | qa-N          | `etc/qa.tfvars`       | test        | `qa.record-locator.national.nhs.uk`       | `internal-qa.api.service.nhs.uk`          |
+| qa-sandbox   | qa-sandbox-N  | `etc/qa.tfvars`       | test        | `qa.record-locator.national.nhs.uk`       | `internal-qa-sandbox.api.service.nhs.uk`  |
+| int          | int-N         | `etc/int.tfvars`      | test        | `record-locator.int.national.nhs.uk`      | `int.api.service.nhs.uk`                  |
+| sandbox      | int-sandbox-N | `etc/int.tfvars`      | test        | `record-locator.int.national.nhs.uk`      | `sandbox.api.service.nhs.uk`              |
+| perftest     | perftest-N    | `etc/perftest.tfvars` | test        | `perftest.record-locator.national.nhs.uk` | `perftest.api.service.nhs.uk`             |
+| ref          | ref-N         | `etc/ref.tfvars`      | test        | `record-locator.ref.national.nhs.uk`      | `ref.api.service.nhs.uk`                  |
+| prod         | prod-N        | `etc/prod.tfvars`     | prod        | `record-locator.national.nhs.uk`          | `api.service.nhs.uk`                      |
 
 The `N` in the TF workspace name repesents the stack id in that environment. So, for example, the internal-dev environment might have two stacks, `dev-1` and `dev-2` with TF workspace names matching their stack names. All resources for the `dev-1` stack will be contained within the `dev-1` TF workspace.
 

terraform/infrastructure/etc/perftest.tfvars

@@ -0,0 +1,9 @@
+account_name     = "perftest"
+aws_account_name = "test"
+
+domain              = "api.perftest.record-locator.national.nhs.uk"
+deletion_protection = true
+
+public_domain        = "perftest.api.service.nhs.uk"
+log_retention_period = 30
+enable_reporting     = false