Skip to content

Commit 56a47a0

Browse files
nhsdevwsnhsdevws
authored
Merge pull request #373 from NHSDigital/VED-83-int-ref
Multiple Workspace / Envs
2 parents 32c40a1 + 09d8b75 commit 56a47a0

File tree

15 files changed

+210
-140
lines changed

15 files changed

+210
-140
lines changed

grafana/non-prod/docker/build_push_to_ecr.sh

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,43 @@ dirname=$(dirname "$0")
66
DOCKERFILE_DIR=$(realpath "$dirname")
77
echo "DOCKERFILE_DIR: $DOCKERFILE_DIR"
88

9+
# if parameter not passed, prompt for the environment.
10+
# Do not accept response if it is not one of the following: prod, int, ref, internal-dev
11+
# loop until valid response is received
12+
if [ -z "$1" ]; then
13+
while true; do
14+
read -p "Enter the environment (prod, int, ref, internal-dev): " ENVIRONMENT
15+
case $ENVIRONMENT in
16+
prod|int|ref|internal-dev)
17+
break
18+
;;
19+
*)
20+
echo "Invalid environment. Please enter one of: prod, int, ref, internal-dev."
21+
;;
22+
esac
23+
done
24+
else
25+
ENVIRONMENT=$1
26+
fi
27+
# Check if the environment is valid
28+
if [[ ! "$ENVIRONMENT" =~ ^(prod|int|ref|internal-dev)$ ]]; then
29+
echo "Invalid environment. Please enter one of: prod, int, ref, internal-dev."
30+
exit 1
31+
fi
32+
33+
# Set the prefix and other variables
34+
PREFIX="imms-${ENVIRONMENT}"
935
AWS_REGION="eu-west-2"
1036
ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
11-
REPOSITORY_NAME="imms-fhir-api-grafana"
37+
REPOSITORY_NAME="${PREFIX}-grafana-app"
1238
IMAGE_TAG="11.0.0-22.04_stable"
1339
LOCAL_IMAGE_NAME="$REPOSITORY_NAME:$IMAGE_TAG"
1440
IMAGE_NAME="$ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/$LOCAL_IMAGE_NAME"
15-
TAGS="Key=Environment,Value=non-prod Key=Project,Value=immunisation-fhir-api-grafana"
41+
TAGS='[
42+
{"Key": "Environment", "Value": "non-prod"},
43+
{"Key": "Project", "Value": "immunisation-fhir-api-grafana"},
44+
{"Key": "Environment", "Value": "'"$ENVIRONMENT"'"}
45+
]'
1646
LIFECYCLE_POLICY_FILE="lifecycle-policy.json"
1747

1848
# Change to the directory containing the Dockerfile

grafana/non-prod/docker/dashboards/CWLogs_rev1.json

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -597,8 +597,8 @@
597597
{
598598
"current": {
599599
"selected": false,
600-
"text": "hotel catalog creation started",
601-
"value": "hotel catalog creation started"
600+
"text": "",
601+
"value": ""
602602
},
603603
"hide": 0,
604604
"label": "Search",
@@ -610,7 +610,7 @@
610610
"value": "task timed out"
611611
}
612612
],
613-
"query": "hotel catalog creation started",
613+
"query": "",
614614
"skipUrlSync": false,
615615
"type": "textbox"
616616
}

grafana/non-prod/docker/lifecycle-policy.json

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,11 @@
66
"selection": {
77
"tagStatus": "any",
88
"countType": "imageCountMoreThan",
9-
"countNumber": 10,
10-
"tagPrefixList": [""]
9+
"countNumber": 10
1110
},
1211
"action": {
1312
"type": "expire"
1413
}
1514
}
1615
]
17-
}
16+
}

grafana/non-prod/readme.md

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,15 +17,40 @@ S3 bucket name : immunisation-grafana-terraform-state
1717

1818
The infrastructure is built using terraform. The code may be found in the terraform folder.
1919

20+
#### initialise terraform
21+
The terraform amanges multiple environmments. When running terraform init is used to specify the key dynamically using the -backend-config flag. This is done in the tf_init.sh file.
22+
2023
to rebuild the docker image from the ECR to ECS, run
2124
```
2225
terraform taint aws_ecs_task_definition.app
2326
```
2427

2528
to review the docker image
2629
```
27-
docker image inspect imms-fhir-api-grafana:11.0.0-22.04_stable
30+
docker image inspect imms-internal-dev-fhir-api-grafana:11.0.0-22.04_stable
31+
docker image inspect imms-int-fhir-api-grafana:11.0.0-22.04_stable
32+
docker image inspect imms-ref-fhir-api-grafana:11.0.0-22.04_stable
33+
```
34+
35+
### building environments
36+
Run the following commands to create and switch to the `int` workspace:
37+
```
38+
./tf_init.sh int
39+
./tf_init.sh ref
40+
./tf_init.sh internal-dev
41+
'''
42+
43+
Create an environment
44+
```
45+
terraform workspace new int
46+
Build an environment
2847
```
48+
terraform workspace select int
49+
```
50+
51+
'''
52+
terraform plan -var="environment=int"
53+
'''
2954

3055
### vpce vs nat gateway
3156

grafana/non-prod/terraform/all.tf

Lines changed: 29 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
11
# alb.tf
22

33
resource "aws_alb" "main" {
4-
name = "${var.prefix}-alb"
4+
name = "${local.prefix}-alb"
55
subnets = aws_subnet.grafana_public[*].id
66
security_groups = [aws_security_group.lb.id]
77
}
88

99
resource "aws_alb_target_group" "app" {
10-
name = "${var.prefix}-alb-tg"
10+
name = "${local.prefix}-tg"
1111
port = 3000
1212
protocol = "HTTP"
1313
vpc_id = aws_vpc.grafana_main.id
@@ -34,7 +34,7 @@ resource "aws_alb_listener" "front_end" {
3434
type = "forward"
3535
}
3636
tags = merge(var.tags, {
37-
Name = "${var.prefix}-alb-listener"
37+
Name = "${local.prefix}-alb-listener"
3838
})
3939
}
4040
############################################################################################################
@@ -48,7 +48,7 @@ resource "aws_appautoscaling_target" "target" {
4848
min_capacity = 1
4949
max_capacity = 1
5050
tags = merge(var.tags, {
51-
Name = "${var.prefix}-aas-tgt"
51+
Name = "${local.prefix}-aas-tgt"
5252
})
5353
}
5454

@@ -99,25 +99,26 @@ resource "aws_appautoscaling_policy" "down" {
9999
# ecs.tf
100100

101101
resource "aws_ecs_cluster" "main" {
102-
name = "grafana-cluster"
102+
name = "${local.prefix}-cluster"
103103
}
104104

105105
data "template_file" "grafana_app" {
106106
template = file("${path.module}/templates/ecs/grafana_app.json.tpl")
107107

108108
vars = {
109109
app_image = local.app_image
110+
app_name = local.app_name
110111
app_port = var.app_port
111112
fargate_cpu = var.fargate_cpu
112113
fargate_memory = var.fargate_memory
113114
aws_region = var.aws_region
114-
log_group = var.log_group
115+
log_group = local.log_group
115116
health_check_path = var.health_check_path
116117
}
117118
}
118119

119120
resource "aws_ecs_task_definition" "app" {
120-
family = "grafana-app-task"
121+
family = "${local.prefix}-app"
121122
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
122123
task_role_arn = aws_iam_role.ecs_task_role.arn
123124
network_mode = "awsvpc"
@@ -126,14 +127,13 @@ resource "aws_ecs_task_definition" "app" {
126127
memory = var.fargate_memory
127128
container_definitions = data.template_file.grafana_app.rendered
128129
tags = merge(var.tags, {
129-
Name = "${var.prefix}-ecs-task"
130+
Name = "${local.prefix}-task"
130131
})
131132

132133
}
133134

134-
135135
resource "aws_ecs_service" "main" {
136-
name = "${var.prefix}-ecs-svc"
136+
name = "${local.prefix}-ecs-svc"
137137
cluster = aws_ecs_cluster.main.id
138138
task_definition = aws_ecs_task_definition.app.arn
139139
desired_count = var.app_count
@@ -147,14 +147,14 @@ resource "aws_ecs_service" "main" {
147147

148148
load_balancer {
149149
target_group_arn = aws_alb_target_group.app.id
150-
container_name = "grafana-app"
150+
container_name = local.app_name
151151
container_port = var.app_port
152152
}
153153
}
154154
############################################################################################################
155155
# iam.tf
156156
resource "aws_iam_policy" "route53resolver_policy" {
157-
name = "${var.prefix}-route53resolver-policy"
157+
name = "${local.prefix}-route53resolver-policy"
158158
description = "Policy to allow Route 53 Resolver DNS Firewall actions"
159159
policy = jsonencode({
160160
Version = "2012-10-17",
@@ -182,7 +182,7 @@ resource "aws_iam_role_policy_attachment" "route53resolver_policy_attachment" {
182182
## Amazon ECR, and to store and retrieve logs in Amazon CloudWatch.
183183
## It grants permissions needed for ECS to start and manage tasks
184184
resource "aws_iam_role" "ecs_task_execution_role" {
185-
name = "${var.prefix}-ecs-task-execution-role"
185+
name = "${local.prefix}-ecs-task-execution-role"
186186

187187
assume_role_policy = <<EOF
188188
{
@@ -202,7 +202,7 @@ EOF
202202
}
203203

204204
resource "aws_iam_policy" "ecs_task_execution_policy" {
205-
name = "${var.prefix}-ecs-task-execution-policy"
205+
name = "${local.prefix}-ecs-task-execution-policy"
206206
description = "Policy for ECS task execution role to access ECR and CloudWatch Logs"
207207
policy = jsonencode({
208208
Version = "2012-10-17",
@@ -241,7 +241,7 @@ resource "aws_iam_role_policy_attachment" "ecs-task-execution-role-policy-attach
241241
# needs to interact with other AWS services (e.g., accessing S3,
242242
# DynamoDB, etc.).
243243
resource "aws_iam_role" "ecs_task_role" {
244-
name = "${var.prefix}-ecs-task-role"
244+
name = "${local.prefix}-ecs-task-role"
245245

246246
assume_role_policy = <<EOF
247247
{
@@ -264,7 +264,7 @@ EOF
264264

265265

266266
resource "aws_iam_policy" "ecs_task_policy" {
267-
name = "${var.prefix}-ecs-task-policy"
267+
name = "${local.prefix}-ecs-task-policy"
268268
description = "Policy for ECS task role to access CloudWatch Logs"
269269
policy = jsonencode({
270270
Version = "2012-10-17",
@@ -303,7 +303,7 @@ data "aws_iam_policy_document" "ecs_auto_scale_role" {
303303
}
304304
# ECS auto scale role
305305
resource "aws_iam_role" "ecs_auto_scale_role" {
306-
name = "${var.prefix}-${var.ecs_auto_scale_role_name}"
306+
name = "${local.prefix}-ecs_role"
307307
assume_role_policy = data.aws_iam_policy_document.ecs_auto_scale_role.json
308308
}
309309
# ECS auto scale role policy attachment
@@ -315,7 +315,7 @@ resource "aws_iam_role_policy_attachment" "ecs_auto_scale_role" {
315315
# Monitoring role
316316
resource "aws_iam_role" "monitoring_role" {
317317

318-
name = "${var.prefix}-monitoring-role"
318+
name = "${local.prefix}-monitoring-role"
319319

320320
assume_role_policy = jsonencode({
321321
"Version": "2012-10-17",
@@ -339,7 +339,7 @@ resource "aws_iam_role" "monitoring_role" {
339339
}
340340

341341
resource "aws_iam_role_policy" "monitoring_policy" {
342-
name = "${var.prefix}-monitoring-policy"
342+
name = "${local.prefix}-monitoring-policy"
343343
role = aws_iam_role.monitoring_role.id
344344

345345
policy = jsonencode({
@@ -410,7 +410,7 @@ resource "aws_vpc" "grafana_main" {
410410
enable_dns_support = true
411411
enable_dns_hostnames = true
412412
tags = {
413-
Name = "${var.prefix}-vpc"
413+
Name = "${local.prefix}-vpc"
414414
}
415415
}
416416

@@ -422,7 +422,7 @@ resource "aws_subnet" "grafana_private" {
422422
availability_zone = data.aws_availability_zones.available.names[count.index]
423423
vpc_id = aws_vpc.grafana_main.id
424424
tags = merge(var.tags, {
425-
Name = "${var.prefix}-private-subnet-${count.index}"
425+
Name = "${local.prefix}-private-subnet-${count.index}"
426426
})
427427
}
428428

@@ -435,7 +435,7 @@ resource "aws_subnet" "grafana_public" {
435435
vpc_id = aws_vpc.grafana_main.id
436436
map_public_ip_on_launch = true
437437
tags = merge(var.tags, {
438-
Name = "${var.prefix}-public-subnet-${count.index}"
438+
Name = "${local.prefix}-public-subnet-${count.index}"
439439
})
440440
}
441441

@@ -444,7 +444,7 @@ resource "aws_subnet" "grafana_public" {
444444
resource "aws_internet_gateway" "gw" {
445445
vpc_id = aws_vpc.grafana_main.id
446446
tags = merge(var.tags, {
447-
Name = "${var.prefix}-igw"
447+
Name = "${local.prefix}-igw"
448448
})
449449
}
450450

@@ -460,7 +460,7 @@ resource "aws_route_table" "private" {
460460
count = var.az_count
461461
vpc_id = aws_vpc.grafana_main.id
462462
tags = merge(var.tags, {
463-
Name = "${var.prefix}-private-rt-${count.index}"
463+
Name = "${local.prefix}-private-rt-${count.index}"
464464
})
465465
}
466466

@@ -486,7 +486,7 @@ resource "aws_route_table_association" "private" {
486486

487487
# Security group for the ALB
488488
resource "aws_security_group" "lb" {
489-
name = "grafana-load-balancer-security-group" # @TODO ${var.prefix}-alb-sg"
489+
name = "grafana-load-balancer-security-group" # @TODO ${local.prefix}-alb-sg"
490490
description = "controls access to the ALB"
491491
vpc_id = aws_vpc.grafana_main.id
492492

@@ -505,7 +505,7 @@ resource "aws_security_group" "lb" {
505505
}
506506

507507
tags = merge(var.tags, {
508-
Name = "${var.prefix}-alb-sg"
508+
Name = "${local.prefix}-alb-sg"
509509
})
510510
}
511511

@@ -529,15 +529,15 @@ resource "aws_security_group" "ecs_tasks" {
529529
cidr_blocks = ["0.0.0.0/0"]
530530
}
531531
tags = merge(var.tags, {
532-
Name = "${var.prefix}-sg-ecs-tasks"
532+
Name = "${local.prefix}-sg-ecs-tasks"
533533
})
534534
}
535535

536536
# Elastic IP & NAT Gateway for egress traffic
537537
resource "aws_eip" "nat" {
538538
domain = "vpc"
539539
tags = merge(var.tags, {
540-
Name = "${var.prefix}-nat-eip"
540+
Name = "${local.prefix}-nat-eip"
541541
})
542542
}
543543

@@ -546,6 +546,6 @@ resource "aws_nat_gateway" "nat" {
546546
allocation_id = aws_eip.nat.id
547547
subnet_id = element(aws_subnet.grafana_public[*].id, 0)
548548
tags = merge(var.tags, {
549-
Name = "${var.prefix}-nat-gw"
549+
Name = "${local.prefix}-nat-gw"
550550
})
551551
}

grafana/non-prod/terraform/logs.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,15 +4,15 @@
44

55
# Set up CloudWatch group and log stream and retain logs for 30 days
66
resource "aws_cloudwatch_log_group" "grafana_log_group" {
7-
name = var.log_group
7+
name = local.log_group
88
retention_in_days = 30
99

1010
tags = merge(var.tags, {
11-
Name = "${var.prefix}-log-group"
11+
Name = local.log_group
1212
})
1313
}
1414

1515
resource "aws_cloudwatch_log_stream" "grafana_log_group" {
16-
name = "${var.prefix}-log-stream"
16+
name = "${local.log_group}-stream"
1717
log_group_name = aws_cloudwatch_log_group.grafana_log_group.name
1818
}

0 commit comments

Comments
 (0)