[PRMP-580] Add create before destroy to gateways (#462)

Co-authored-by: Megan <[email protected]>
Co-authored-by: Kris Bloe <[email protected]>

Author: 3 people

.github/workflows/cron-tear-down-sandbox.yml

@@ -2,7 +2,7 @@ name: 'Z-CRON: Tear down - Sandboxes'
 
 on:
   schedule:
-    - cron: 59 17 * * 1-5 # utc time
+    - cron: 59 18-21 * * 1-5 # utc time
 
 permissions:
   pull-requests: write

README.md

@@ -7,6 +7,15 @@ This repository is used to build the infrastructure the NDR. That is it's sole p
 - [Terraform](https://developer.hashicorp.com/terraform/install)
 - [Terraform docs](https://github.com/terraform-docs/terraform-docs)
 
+To install terraform-docs on WSL use the following commands (e.g. for v0.20.0):
+```
+curl -sSLo ./terraform-docs.tar.gz https://terraform-docs.io/dl/v0.20.0/terraform-docs-v0.20.0-$(uname)-amd64.tar.gz
+tar -xzf terraform-docs.tar.gz
+chmod +x terraform-docs
+sudo mv terraform-docs /usr/local/bin/terraform-docs
+rm terraform-docs.tar.gz
+```
+
 ## Installation
 
 ### pre-commit hook

infrastructure/api.tf

@@ -95,6 +95,10 @@ resource "aws_api_gateway_stage" "ndr_api" {
   depends_on = [
     aws_cloudwatch_log_group.api_gateway_stage
   ]
+
+  lifecycle {
+    create_before_destroy = true
+  }
 }
 
 resource "aws_cloudwatch_log_group" "api_gateway_stage" {

infrastructure/api_mtls.tf

@@ -33,7 +33,10 @@ resource "aws_api_gateway_base_path_mapping" "api_mapping_mtls" {
   stage_name  = var.environment
   domain_name = aws_api_gateway_domain_name.custom_api_domain_mtls.domain_name
 
-  depends_on = [aws_api_gateway_deployment.ndr_api_deploy_mtls]
+  depends_on = [
+    aws_api_gateway_deployment.ndr_api_deploy_mtls,
+    aws_api_gateway_rest_api.ndr_doc_store_api_mtls
+  ]
 }
 
 resource "aws_api_gateway_deployment" "ndr_api_deploy_mtls" {
@@ -67,6 +70,12 @@ resource "aws_api_gateway_stage" "ndr_api_mtls" {
   rest_api_id          = aws_api_gateway_rest_api.ndr_doc_store_api_mtls.id
   stage_name           = var.environment
   xray_tracing_enabled = var.enable_xray_tracing
+
+  lifecycle {
+    create_before_destroy = true
+  }
+
+  depends_on = [aws_cloudwatch_log_group.mtls_api_gateway_stage]
 }
 
 resource "aws_cloudwatch_log_group" "mtls_api_gateway_stage" {

scripts/cleanup_sandboxes.py

@@ -1,3 +1,4 @@
+import time
 import boto3, os, requests, sys
 
 from botocore.exceptions import ClientError
@@ -62,3 +63,4 @@ def get_workspaces() -> list[str]:
     for workspace in workspaces:
         if workspace not in excluded:
             trigger_delete_workflow(token=gh_pat, sandbox=workspace)
+            time.sleep(300) # Wait 5 min between executions to avoid an AWS concurrency issue.