Merge pull request #728 from NHSDigital/DTOSS-11566-upgrade-postgress-sku

[DTOSS-11566] - Upgrades PostgreSQL SKU and enable high availability.

Author: josielsouzanordcloud

infrastructure/environments/prod/variables.tfvars

@@ -4,6 +4,8 @@ fetch_secrets_from_app_key_vault      = true
 front_door_profile                    = "afd-live-hub-manbrs"
 postgres_backup_retention_days        = 7
 postgres_geo_redundant_backup_enabled = true
+postgres_sku_name                     = "GP_Standard_D2ds_v5"
+postgres_enable_high_availability     = true
 protect_keyvault                      = true
 vnet_address_space                    = "10.11.0.0/16"
 nhs_notify_api_message_batch_url      = "https://api.service.nhs.uk/comms/v1/message-batches"

infrastructure/modules/container-apps/alerts.tf

@@ -1,22 +1,22 @@
 resource "azurerm_monitor_scheduled_query_rules_alert_v2" "failure_event" {
   count = var.enable_alerting ? 1 : 0
 
-  auto_mitigation_enabled           = false
-  description                       = "An alert triggered by a custom event batch_marked_as_failed logged in code"
-  enabled                           = var.enable_alerting
-  evaluation_frequency              = "PT5M"
-  location                          = var.region
-  name                              = "${var.app_short_name}-batch-failed-alert"
-  resource_group_name               = azurerm_resource_group.main.name
-  scopes                            = [var.app_insights_id]
-  severity                          = 2
-  skip_query_validation             = false
-  target_resource_types             = ["microsoft.insights/components"]
-  window_duration                   = "PT5M"
-  workspace_alerts_storage_enabled  = false
+  auto_mitigation_enabled          = false
+  description                      = "An alert triggered by a custom event batch_marked_as_failed logged in code"
+  enabled                          = var.enable_alerting
+  evaluation_frequency             = "PT5M"
+  location                         = var.region
+  name                             = "${var.app_short_name}-batch-failed-alert"
+  resource_group_name              = azurerm_resource_group.main.name
+  scopes                           = [var.app_insights_id]
+  severity                         = 2
+  skip_query_validation            = false
+  target_resource_types            = ["microsoft.insights/components"]
+  window_duration                  = "PT5M"
+  workspace_alerts_storage_enabled = false
 
   action {
-    action_groups     = [var.action_group_id]
+    action_groups = [var.action_group_id]
   }
 
   criteria {

infrastructure/modules/container-apps/postgres.tf

@@ -18,6 +18,7 @@ module "postgres" {
 
   backup_retention_days           = var.postgres_backup_retention_days
   geo_redundant_backup_enabled    = var.postgres_geo_redundant_backup_enabled
+  enable_high_availability        = var.postgres_enable_high_availability
   postgresql_admin_object_id      = data.azuread_group.postgres_sql_admin_group.object_id
   postgresql_admin_principal_name = var.postgres_sql_admin_group
   postgresql_admin_principal_type = "Group"

infrastructure/modules/container-apps/variables.tf

@@ -130,6 +130,11 @@ variable "postgres_subnet_id" {
   type        = string
 }
 
+variable "postgres_enable_high_availability" {
+  description = "Whether to enable high availability for the PostgreSQL Flexible Server."
+  type        = bool
+}
+
 variable "main_subnet_id" {
   description = "The main subnet id. Created in the infra module."
   type        = string

infrastructure/terraform/main.tf

@@ -65,6 +65,7 @@ module "container-apps" {
   postgres_storage_mb                   = var.postgres_storage_mb
   postgres_storage_tier                 = var.postgres_storage_tier
   postgres_subnet_id                    = var.deploy_infra ? module.infra[0].postgres_subnet_id : data.azurerm_subnet.postgres[0].id
+  postgres_enable_high_availability     = var.postgres_enable_high_availability
   main_subnet_id                        = var.deploy_infra ? module.infra[0].main_subnet_id : data.azurerm_subnet.main[0].id
   run_notifications_smoke_test          = var.run_notifications_smoke_test
   seed_demo_data                        = var.seed_demo_data

infrastructure/terraform/variables.tf

@@ -102,6 +102,12 @@ variable "postgres_storage_tier" {
   type        = string
 }
 
+variable "postgres_enable_high_availability" {
+  description = "Whether to enable high availability for the PostgreSQL Flexible Server."
+  type        = bool
+  default     = false
+}
+
 variable "enable_entra_id_authentication" {
   description = <<EOT
     Enable Entra ID authentication for the container app. If true, authentication will be required to access the application.