Refactor

robertnovac1 · robertnovac1 · commit 6021430ac4ff · 2025-07-10T12:00:39.000+01:00
diff --git a/azure/templates/post-deploy.yml b/azure/templates/post-deploy.yml
@@ -61,7 +61,8 @@ steps:
           cd terraform
 
         make init
-        make apply aws_account_no=${aws_account_no} environment=$workspace
+        make plan aws_account_no=${aws_account_no} environment=$workspace
+        # make apply aws_account_no=${aws_account_no} environment=$workspace
 
         AWS_DOMAIN_NAME=$(make -s output name=service_domain_name)
         IMMS_DELTA_TABLE_NAME=$(make -s output name=imms_delta_table_name)
diff --git a/terraform/Makefile b/terraform/Makefile
@@ -1,13 +1,13 @@
 -include .env
 
-interactionId=$(environment)
-
-aws_profile = apim-dev
+interactionId = $(ENVIRONMENT)# to change to lower case
+environment = $(ENVIRONMENT)
+aws_profile = $(AWS_PROFILE)#apim-dev # Leave this here for pipeline
 tf_cmd = AWS_PROFILE=$(aws_profile) terraform
 
 project_name = immunisation
 project_short_name = imms
-state_bucket = $(project_name)-$(APIGEE_ENVIRONMENT)-terraform-state-files
+state_bucket = $(BUCKET_NAME)#$(project_name)-$(APIGEE_ENVIRONMENT)-terraform-state-files
 tf_state= -backend-config="bucket=$(state_bucket)"
 
 tf_vars= -var="project_name=$(project_name)" -var="project_short_name=$(project_short_name)"
@@ -20,11 +20,14 @@ lock-provider:
 	$(tf_cmd) providers lock -platform=darwin_arm64 -platform=darwin_amd64 -platform=linux_amd64 -platform=windows_amd64
 
 workspace:
-	$(tf_cmd) workspace new $(environment) || $(tf_cmd) workspace select $(environment) && echo "Switched to workspace/environment: $(environment)"
+	$(tf_cmd) workspace new $(ENVIRONMENT) || $(tf_cmd) workspace select $(ENVIRONMENT) && echo "Switched to workspace/environment: $(ENVIRONMENT)"
 
 init:
 	$(tf_cmd) init $(tf_state) -upgrade  $(tf_vars)
 
+init-reconfigure:
+	$(tf_cmd) init $(tf_state) -upgrade $(tf_vars) -reconfigure
+
 plan: workspace
 	 $(tf_cmd) plan $(tf_vars)
 
@@ -40,7 +43,7 @@ clean:
 destroy: workspace
 	$(tf_cmd) destroy $(tf_vars) -auto-approve
 	$(tf_cmd) workspace select default
-	$(tf_cmd) workspace delete $(environment)
+	$(tf_cmd) workspace delete $(ENVIRONMENT)
 
 output:
 	$(tf_cmd) output -raw $(name)
diff --git a/terraform/api_gateway/acm_cert.tf b/terraform/api_gateway/acm_cert.tf
@@ -1,31 +1,33 @@
 resource "aws_acm_certificate" "service_certificate" {
-    domain_name               = var.api_domain_name
-    subject_alternative_names = []
-    validation_method         = "DNS"
+  domain_name               = var.api_domain_name
+  subject_alternative_names = []
+  validation_method         = "DNS"
 
-    lifecycle {
-        create_before_destroy = true
-    }
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_acm_certificate_validation" "service_certificate" {
-    certificate_arn         = aws_acm_certificate.service_certificate.arn
-    validation_record_fqdns = [for record in aws_route53_record.dns_validation : record.fqdn]
+  certificate_arn         = aws_acm_certificate.service_certificate.arn
+  validation_record_fqdns = [for record in aws_route53_record.dns_validation : record.fqdn]
+  depends_on              = [aws_acm_certificate.service_certificate, aws_route53_record.dns_validation]
 }
 
 resource "aws_route53_record" "dns_validation" {
-    for_each = {
-        for dvo in aws_acm_certificate.service_certificate.domain_validation_options : dvo.domain_name => {
-            name   = dvo.resource_record_name
-            record = dvo.resource_record_value
-            type   = dvo.resource_record_type
-        }
+  for_each = {
+    for dvo in aws_acm_certificate.service_certificate.domain_validation_options : dvo.domain_name => {
+      name   = dvo.resource_record_name
+      record = dvo.resource_record_value
+      type   = dvo.resource_record_type
     }
+  }
 
-    allow_overwrite = true
-    name            = each.value.name
-    records         = [each.value.record]
-    ttl             = 60
-    type            = each.value.type
-    zone_id         = var.zone_id
+  allow_overwrite = true
+  name            = each.value.name
+  records         = [each.value.record]
+  ttl             = 60
+  type            = each.value.type
+  zone_id         = var.zone_id
+  depends_on      = [aws_acm_certificate.service_certificate]
 }
diff --git a/terraform/api_gateway/mtls_cert.tf b/terraform/api_gateway/mtls_cert.tf
@@ -4,21 +4,21 @@ locals {
 }
 
 data "aws_s3_bucket" "cert_storage" {
-  bucket = "imms-fhir-${local.config_env}-cert-storage"
+  bucket = "imms-fhir-${var.config_env}-cert-storage"
 }
 
 data "aws_s3_object" "cert" {
   bucket = data.aws_s3_bucket.cert_storage.bucket
-  key = local.truststore_file_name
+  key    = local.truststore_file_name
 }
 
 resource "aws_s3_bucket" "truststore_bucket" {
-  bucket = "${var.prefix}-truststores"
+  bucket        = "${var.prefix}-truststores"
   force_destroy = true
 }
 
 resource "aws_s3_object_copy" "copy_cert_from_storage" {
   bucket = aws_s3_bucket.truststore_bucket.bucket
   key    = local.truststore_file_name
-  source ="${data.aws_s3_object.cert.bucket}/${local.truststore_file_name}"
+  source = "${data.aws_s3_object.cert.bucket}/${local.truststore_file_name}"
 }
diff --git a/terraform/api_gateway/variables.tf b/terraform/api_gateway/variables.tf
@@ -4,8 +4,8 @@ variable "zone_id" {}
 variable "api_domain_name" {}
 variable "environment" {}
 variable "oas" {}
+variable "config_env" {}
 
 locals {
-    environment         = terraform.workspace == "green" ? "prod" : terraform.workspace == "blue" ? "prod" : terraform.workspace
-    config_env = local.environment == "prod" ? "prod" : "dev"
+  environment = terraform.workspace == "green" ? "prod" : terraform.workspace == "blue" ? "prod" : terraform.workspace
 }
diff --git a/terraform/configs.tf b/terraform/configs.tf
diff --git a/terraform/endpoints.tf b/terraform/endpoints.tf
@@ -114,6 +114,7 @@ module "api_gateway" {
   api_domain_name = local.service_domain_name
   environment     = local.environment
   oas             = local.oas
+  config_env      = local.config_env
 }
 
 resource "aws_lambda_permission" "api_gw" {
diff --git a/terraform/environments/int/blue/variables.tfvars b/terraform/environments/int/blue/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "int"
+sub_environment         = "blue"
+immunisation_account_id = "084828561157"
diff --git a/terraform/environments/int/green/variables.tfvars b/terraform/environments/int/green/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "int"
+sub_environment         = "green"
+immunisation_account_id = "084828561157"
diff --git a/terraform/environments/non-prod/blue/variables.tfvars b/terraform/environments/non-prod/blue/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "int"
+sub_environment         = "blue"
+immunisation_account_id = "084828561157"
diff --git a/terraform/environments/non-prod/green/variables.tfvars b/terraform/environments/non-prod/green/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "int"
+sub_environment         = "blue"
+immunisation_account_id = "345594581768"
diff --git a/terraform/environments/non-prod/internal-dev/variables.tfvars b/terraform/environments/non-prod/internal-dev/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "non-prod"
+sub_environment         = "internal-dev"
+immunisation_account_id = "345594581768"
diff --git a/terraform/environments/non-prod/pr/variables.tfvars b/terraform/environments/non-prod/pr/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "non-prod"
+sub_environment         = "pr"
+immunisation_account_id = "345594581768"
diff --git a/terraform/environments/non-prod/ref/variables.tfvars b/terraform/environments/non-prod/ref/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "non-prod"
+sub_environment         = "ref"
+immunisation_account_id = "345594581768"
diff --git a/terraform/environments/prod/blue/variables.tfvars b/terraform/environments/prod/blue/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "prod"
+sub_environment         = "blue"
+immunisation_account_id = "664418956997"
diff --git a/terraform/environments/prod/green/variables.tfvars b/terraform/environments/prod/green/variables.tfvars
@@ -0,0 +1,3 @@
+environment             = "prod"
+sub_environment         = "green"
+immunisation_account_id = "664418956997"
diff --git a/terraform/lambda.tf b/terraform/lambda.tf
@@ -15,13 +15,13 @@ resource "aws_ecr_repository" "operation_lambda_repository" {
     scan_on_push = true
   }
   name         = "${local.prefix}-operation-lambda-repo"
-  force_delete = local.is_temp
+  force_delete = true #local.is_temp
 }
 
 #resource "docker_image" "lambda_function_docker" {
 module "docker_image" {
   source  = "terraform-aws-modules/lambda/aws//modules/docker-build"
-  version = "8.0.1"
+  version = "7.21.1"
 
   create_ecr_repo  = false
   ecr_repo         = "${local.prefix}-operation-lambda-repo"
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -28,9 +28,7 @@ provider "aws" {
   }
 }
 
-data "aws_region" "current" {}
-data "aws_caller_identity" "current" {}
-data "aws_ecr_authorization_token" "token" {}
+
 
 provider "docker" {
   registry_auth {
@@ -39,3 +37,61 @@ provider "docker" {
     password = data.aws_ecr_authorization_token.token.password
   }
 }
+
+
+data "aws_region" "current" {}
+data "aws_caller_identity" "current" {}
+data "aws_ecr_authorization_token" "token" {}
+
+data "aws_vpc" "default" {
+  filter {
+    name   = "tag:Name"
+    values = [local.vpc_name]
+  }
+}
+
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+data "aws_kms_key" "existing_s3_encryption_key" {
+  key_id = "alias/imms-batch-s3-shared-key"
+}
+
+data "aws_kms_key" "existing_dynamo_encryption_key" {
+  key_id = "alias/imms-event-dynamodb-encryption"
+}
+
+data "aws_elasticache_cluster" "existing_redis" {
+  cluster_id = "immunisation-redis-cluster"
+}
+
+data "aws_security_group" "existing_securitygroup" {
+  filter {
+    name   = "group-name"
+    values = ["immunisation-security-group"]
+  }
+}
+
+data "aws_s3_bucket" "existing_config_bucket" {
+  # For now, look up the internal-dev bucket during int, ref and PR branch deploys.
+  count = local.create_config_bucket ? 0 : 1
+
+  bucket = "imms-${local.config_bucket_env}-supplier-config"
+}
+
+data "aws_kms_key" "existing_lambda_encryption_key" {
+  key_id = "alias/imms-batch-lambda-env-encryption"
+}
+
+data "aws_kms_key" "existing_kinesis_encryption_key" {
+  key_id = "alias/imms-batch-kinesis-stream-encryption"
+}
+
+data "aws_kms_key" "mesh_s3_encryption_key" {
+  count  = local.config_env == "int" ? 0 : 1
+  key_id = "alias/local-immunisation-mesh"
+}
diff --git a/terraform/mesh_processor.tf b/terraform/mesh_processor.tf
diff --git a/terraform/variables.tf b/terraform/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -4,21 +4,21 @@ locals {`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`data "aws_s3_bucket" "cert_storage" {`
`7`		`- bucket = "imms-fhir-${local.config_env}-cert-storage"`
	`7`	`+ bucket = "imms-fhir-${var.config_env}-cert-storage"`
`8`	`8`	`}`
`9`	`9`
`10`	`10`	`data "aws_s3_object" "cert" {`
`11`	`11`	`bucket = data.aws_s3_bucket.cert_storage.bucket`
`12`		`- key = local.truststore_file_name`
	`12`	`+ key = local.truststore_file_name`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`resource "aws_s3_bucket" "truststore_bucket" {`
`16`		`- bucket = "${var.prefix}-truststores"`
	`16`	`+ bucket = "${var.prefix}-truststores"`
`17`	`17`	`force_destroy = true`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`resource "aws_s3_object_copy" "copy_cert_from_storage" {`
`21`	`21`	`bucket = aws_s3_bucket.truststore_bucket.bucket`
`22`	`22`	`key = local.truststore_file_name`
`23`		`- source ="${data.aws_s3_object.cert.bucket}/${local.truststore_file_name}"`
	`23`	`+ source = "${data.aws_s3_object.cert.bucket}/${local.truststore_file_name}"`
`24`	`24`	`}`
Original file line number	Diff line number	Diff line change
`@@ -114,6 +114,7 @@ module "api_gateway" {`
`114`	`114`	`api_domain_name = local.service_domain_name`
`115`	`115`	`environment = local.environment`
`116`	`116`	`oas = local.oas`
	`117`	`+ config_env = local.config_env`
`117`	`118`	`}`
`118`	`119`
`119`	`120`	`resource "aws_lambda_permission" "api_gw" {`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+environment = "int"`
	`2`	`+sub_environment = "blue"`
	`3`	`+immunisation_account_id = "084828561157"`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+environment = "int"`
	`2`	`+sub_environment = "green"`
	`3`	`+immunisation_account_id = "084828561157"`