Feat/prsd 1544 maintenance page

.github/workflows/apply-integration.yml

@@ -11,4 +11,5 @@ jobs:
     with:
       environment: integration
       aws-account-id: 794038239680
+      maintenance-mode-on: false
     secrets: inherit

.github/workflows/apply-production.yml

@@ -11,4 +11,5 @@ jobs:
     with:
       environment: production
       aws-account-id: 879161327637
+      maintenance-mode-on: false
     secrets: inherit

.github/workflows/apply-test.yml

@@ -11,4 +11,5 @@ jobs:
     with:
       environment: test
       aws-account-id: 869935096717
+      maintenance-mode-on: false
     secrets: inherit

.github/workflows/apply.yml

@@ -8,10 +8,13 @@ on:
       aws-account-id:
         required: true
         type: string
+      maintenance-mode-on:
+        required: true
+        type: boolean
 
 env:
   TF_VAR_alarm_email_address: ${{ secrets.ALARMS_EMAIL }}
-
+  TF_VAR_maintenance_mode_on: ${{ inputs.maintenance-mode-on }}
 
 jobs:
   validate-target-environment:

terraform/environment_template/main.tf.template

@@ -78,6 +78,7 @@ module "frontdoor" {
   ]
   cloudwatch_log_expiration_days = local.cloudwatch_log_expiration_days
   use_aws_shield_advanced = true
+  maintenance_mode_on = var.maintenance_mode_on
 }
 
 module "certificates" {

terraform/integration/main.tf

@@ -87,6 +87,8 @@ module "frontdoor" {
   ]
   cloudwatch_log_expiration_days = local.cloudwatch_log_expiration_days
   use_aws_shield_advanced        = true
+  maintenance_mode_on            = var.maintenance_mode_on
+
 }
 
 module "certificates" {

terraform/integration/variables.tf

@@ -14,4 +14,10 @@ variable "alarm_email_address" {
   description = "Email addresses to receive CloudWatch alarm notifications"
   type        = string
   sensitive   = true
+}
+
+variable "maintenance_mode_on" {
+  type        = bool
+  description = "Indicates whether maintenance mode is on"
+  default     = false
 }

terraform/modules/frontdoor/cloudfront.tf

@@ -1,5 +1,6 @@
 locals {
-  origin_id = "origin-${var.environment_name}"
+  origin_id             = "origin-${var.environment_name}"
+  maintenance_origin_id = "maintenance-origin-${var.environment_name}"
 }
 
 #tfsec:ignore:aws-cloudfront-enable-logging: TODO we will be implementing logging later
@@ -44,6 +45,31 @@ resource "aws_cloudfront_distribution" "main" {
     }
   }
 
+  origin {
+    domain_name = aws_s3_bucket.maintenance_page_bucket.website_endpoint
+    origin_id   = local.maintenance_origin_id
+
+    custom_origin_config {
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "http-only"
+      origin_ssl_protocols   = ["TLSv1.2"]
+    }
+
+    custom_header {
+      name  = local.cloudfront_header_name
+      value = random_password.cloudfront_header.result
+    }
+  }
+
+  ordered_cache_behavior {
+    allowed_methods        = ["GET", "HEAD"]
+    cached_methods         = ["GET", "HEAD"]
+    path_pattern           = var.maintenance_mode_on ? "/maintenance" : "*"
+    target_origin_id       = local.maintenance_origin_id
+    viewer_protocol_policy = "allow-all"
+  }
+
   viewer_certificate {
     cloudfront_default_certificate = var.ssl_certs_created ? false : true
     acm_certificate_arn            = var.ssl_certs_created ? var.cloudfront_certificate_arn : null

terraform/modules/frontdoor/maintenance_page.tf

@@ -0,0 +1,56 @@
+
+resource "aws_s3_bucket" "maintenance_page_bucket" {
+  bucket = "${var.environment_name}-maintenance-page-bucket"
+}
+
+resource "aws_s3_bucket_public_access_block" "maintenance_page_bucket_public_access" {
+  bucket = aws_s3_bucket.maintenance_page_bucket.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_website_configuration" "maintenance_page_bucket_website" {
+  bucket = aws_s3_bucket.maintenance_page_bucket.id
+
+  index_document {
+    suffix = "index.html"
+  }
+
+  error_document {
+    key = "index.html"
+  }
+}
+
+resource "aws_s3_object" "maintenance_page" {
+  for_each = fileset("maintenance_page", "**")
+
+  bucket = aws_s3_bucket.maintenance_page_bucket.id
+  key    = each.value
+  source = "maintenance_page/${each.value}"
+}
+
+resource "aws_s3_bucket_policy" "maintenance_page" {
+  bucket = aws_s3_bucket.maintenance_page_bucket.id
+  policy = data.aws_iam_policy_document.maintenance_page.json
+}
+
+data "aws_iam_policy_document" "maintenance_page" {
+  statement {
+    principals {
+      type        = "Service"
+      identifiers = ["cloudfront.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.maintenance_page_bucket.arn}/*"]
+
+    condition {
+      test     = "StringEquals"
+      variable = "AWS:SourceArn"
+      values   = [aws_cloudfront_distribution.main.arn]
+    }
+  }
+}

terraform/modules/frontdoor/maintenance_page/index.html

@@ -0,0 +1,98 @@
+<!DOCTYPE html>
+<html lang="en" class="govuk-template govuk-template--rebranded">
+<head>
+    <meta charset="utf-8">
+    <title>Sorry, the service is unavailable - Private Rented Sector Database - GOV.UK</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
+    <meta name="theme-color" content="#1d70b8">
+    <link rel="stylesheet" href="govuk-frontend-5.11.2.min.css">
+</head>
+<body class="govuk-template__body">
+<a href="#main-content" class="govuk-skip-link" data-module="govuk-skip-link">Skip to main content</a>
+<header class="govuk-header" data-module="govuk-header">
+    <div class="govuk-header__container govuk-width-container">
+        <div class="govuk-header__logo">
+            <a href="/" class="govuk-header__link govuk-header__link--homepage">
+                <svg
+                        focusable="false"
+                        role="img"
+                        xmlns="http://www.w3.org/2000/svg"
+                        viewBox="0 0 324 60"
+                        height="30"
+                        width="162"
+                        fill="currentcolor" class="govuk-header__logotype" aria-label="GOV.UK">
+                    <title>GOV.UK</title>
+                    <g>
+                        <circle cx="20" cy="17.6" r="3.7"/>
+                        <circle cx="10.2" cy="23.5" r="3.7"/>
+                        <circle cx="3.7" cy="33.2" r="3.7"/>
+                        <circle cx="31.7" cy="30.6" r="3.7"/>
+                        <circle cx="43.3" cy="17.6" r="3.7"/>
+                        <circle cx="53.2" cy="23.5" r="3.7"/>
+                        <circle cx="59.7" cy="33.2" r="3.7"/>
+                        <circle cx="31.7" cy="30.6" r="3.7"/>
+                        <path d="M33.1,9.8c.2-.1.3-.3.5-.5l4.6,2.4v-6.8l-4.6,1.5c-.1-.2-.3-.3-.5-.5l1.9-5.9h-6.7l1.9,5.9c-.2.1-.3.3-.5.5l-4.6-1.5v6.8l4.6-2.4c.1.2.3.3.5.5l-2.6,8c-.9,2.8,1.2,5.7,4.1,5.7h0c3,0,5.1-2.9,4.1-5.7l-2.6-8ZM37,37.9s-3.4,3.8-4.1,6.1c2.2,0,4.2-.5,6.4-2.8l-.7,8.5c-2-2.8-4.4-4.1-5.7-3.8.1,3.1.5,6.7,5.8,7.2,3.7.3,6.7-1.5,7-3.8.4-2.6-2-4.3-3.7-1.6-1.4-4.5,2.4-6.1,4.9-3.2-1.9-4.5-1.8-7.7,2.4-10.9,3,4,2.6,7.3-1.2,11.1,2.4-1.3,6.2,0,4,4.6-1.2-2.8-3.7-2.2-4.2.2-.3,1.7.7,3.7,3,4.2,1.9.3,4.7-.9,7-5.9-1.3,0-2.4.7-3.9,1.7l2.4-8c.6,2.3,1.4,3.7,2.2,4.5.6-1.6.5-2.8,0-5.3l5,1.8c-2.6,3.6-5.2,8.7-7.3,17.5-7.4-1.1-15.7-1.7-24.5-1.7h0c-8.8,0-17.1.6-24.5,1.7-2.1-8.9-4.7-13.9-7.3-17.5l5-1.8c-.5,2.5-.6,3.7,0,5.3.8-.8,1.6-2.3,2.2-4.5l2.4,8c-1.5-1-2.6-1.7-3.9-1.7,2.3,5,5.2,6.2,7,5.9,2.3-.4,3.3-2.4,3-4.2-.5-2.4-3-3.1-4.2-.2-2.2-4.6,1.6-6,4-4.6-3.7-3.7-4.2-7.1-1.2-11.1,4.2,3.2,4.3,6.4,2.4,10.9,2.5-2.8,6.3-1.3,4.9,3.2-1.8-2.7-4.1-1-3.7,1.6.3,2.3,3.3,4.1,7,3.8,5.4-.5,5.7-4.2,5.8-7.2-1.3-.2-3.7,1-5.7,3.8l-.7-8.5c2.2,2.3,4.2,2.7,6.4,2.8-.7-2.3-4.1-6.1-4.1-6.1h10.6,0Z"/>
+                    </g>
+                    <circle class="govuk-logo-dot" cx="226" cy="36" r="7.3"/>
+                    <path d="M93.94 41.25c.4 1.81 1.2 3.21 2.21 4.62 1 1.4 2.21 2.41 3.61 3.21s3.21 1.2 5.22 1.2 3.61-.4 4.82-1c1.4-.6 2.41-1.4 3.21-2.41.8-1 1.4-2.01 1.61-3.01s.4-2.01.4-3.01v.14h-10.86v-7.02h20.07v24.08h-8.03v-5.56c-.6.8-1.38 1.61-2.19 2.41-.8.8-1.81 1.2-2.81 1.81-1 .4-2.21.8-3.41 1.2s-2.41.4-3.81.4a18.56 18.56 0 0 1-14.65-6.63c-1.6-2.01-3.01-4.41-3.81-7.02s-1.4-5.62-1.4-8.83.4-6.02 1.4-8.83a20.45 20.45 0 0 1 19.46-13.65c3.21 0 4.01.2 5.82.8 1.81.4 3.61 1.2 5.02 2.01 1.61.8 2.81 2.01 4.01 3.21s2.21 2.61 2.81 4.21l-7.63 4.41c-.4-1-1-1.81-1.61-2.61-.6-.8-1.4-1.4-2.21-2.01-.8-.6-1.81-1-2.81-1.4-1-.4-2.21-.4-3.61-.4-2.01 0-3.81.4-5.22 1.2-1.4.8-2.61 1.81-3.61 3.21s-1.61 2.81-2.21 4.62c-.4 1.81-.6 3.71-.6 5.42s.8 5.22.8 5.22Zm57.8-27.9c3.21 0 6.22.6 8.63 1.81 2.41 1.2 4.82 2.81 6.62 4.82S170.2 24.39 171 27s1.4 5.62 1.4 8.83-.4 6.02-1.4 8.83-2.41 5.02-4.01 7.02-4.01 3.61-6.62 4.82-5.42 1.81-8.63 1.81-6.22-.6-8.63-1.81-4.82-2.81-6.42-4.82-3.21-4.41-4.01-7.02-1.4-5.62-1.4-8.83.4-6.02 1.4-8.83 2.41-5.02 4.01-7.02 4.01-3.61 6.42-4.82 5.42-1.81 8.63-1.81Zm0 36.73c1.81 0 3.61-.4 5.02-1s2.61-1.81 3.61-3.01 1.81-2.81 2.21-4.41c.4-1.81.8-3.61.8-5.62 0-2.21-.2-4.21-.8-6.02s-1.2-3.21-2.21-4.62c-1-1.2-2.21-2.21-3.61-3.01s-3.21-1-5.02-1-3.61.4-5.02 1c-1.4.8-2.61 1.81-3.61 3.01s-1.81 2.81-2.21 4.62c-.4 1.81-.8 3.61-.8 5.62 0 2.41.2 4.21.8 6.02.4 1.81 1.2 3.21 2.21 4.41s2.21 2.21 3.61 3.01c1.4.8 3.21 1 5.02 1Zm36.32 7.96-12.24-44.15h9.83l8.43 32.77h.4l8.23-32.77h9.83L200.3 58.04h-12.24Zm74.14-7.96c2.18 0 3.51-.6 3.51-.6 1.2-.6 2.01-1 2.81-1.81s1.4-1.81 1.81-2.81a13 13 0 0 0 .8-4.01V13.9h8.63v28.15c0 2.41-.4 4.62-1.4 6.62-.8 2.01-2.21 3.61-3.61 5.02s-3.41 2.41-5.62 3.21-4.62 1.2-7.02 1.2-5.02-.4-7.02-1.2c-2.21-.8-4.01-1.81-5.62-3.21s-2.81-3.01-3.61-5.02-1.4-4.21-1.4-6.62V13.9h8.63v26.95c0 1.61.2 3.01.8 4.01.4 1.2 1.2 2.21 2.01 2.81.8.8 1.81 1.4 2.81 1.81 0 0 1.34.6 3.51.6Zm34.22-36.18v18.92l15.65-18.92h10.82l-15.03 17.32 16.03 26.83h-10.21l-11.44-20.21-5.62 6.22v13.99h-8.83V13.9"/>
+                </svg>
+            </a>
+        </div>
+    </div>
+</header>
+<div class="govuk-width-container">
+    <main class="govuk-main-wrapper govuk-main-wrapper--l" id="main-content" role="main">
+        <div class="govuk-grid-row">
+            <div class="govuk-grid-column-two-thirds">
+                <h1 class="govuk-heading-l">Sorry, the service is unavailable</h1>
+                <p class="govuk-body">Please try again later</p>
+            </div>
+        </div>
+    </main>
+</div>
+<footer class="govuk-footer">
+    <div class="govuk-width-container">
+        <svg focusable="false" role="presentation" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 60" height="30" width="32" fill="currentcolor" class="govuk-footer__crown">
+            <g>
+                <circle cx="20" cy="17.6" r="3.7"/>
+                <circle cx="10.2" cy="23.5" r="3.7"/>
+                <circle cx="3.7" cy="33.2" r="3.7"/>
+                <circle cx="31.7" cy="30.6" r="3.7"/>
+                <circle cx="43.3" cy="17.6" r="3.7"/>
+                <circle cx="53.2" cy="23.5" r="3.7"/>
+                <circle cx="59.7" cy="33.2" r="3.7"/>
+                <circle cx="31.7" cy="30.6" r="3.7"/>
+                <path d="M33.1,9.8c.2-.1.3-.3.5-.5l4.6,2.4v-6.8l-4.6,1.5c-.1-.2-.3-.3-.5-.5l1.9-5.9h-6.7l1.9,5.9c-.2.1-.3.3-.5.5l-4.6-1.5v6.8l4.6-2.4c.1.2.3.3.5.5l-2.6,8c-.9,2.8,1.2,5.7,4.1,5.7h0c3,0,5.1-2.9,4.1-5.7l-2.6-8ZM37,37.9s-3.4,3.8-4.1,6.1c2.2,0,4.2-.5,6.4-2.8l-.7,8.5c-2-2.8-4.4-4.1-5.7-3.8.1,3.1.5,6.7,5.8,7.2,3.7.3,6.7-1.5,7-3.8.4-2.6-2-4.3-3.7-1.6-1.4-4.5,2.4-6.1,4.9-3.2-1.9-4.5-1.8-7.7,2.4-10.9,3,4,2.6,7.3-1.2,11.1,2.4-1.3,6.2,0,4,4.6-1.2-2.8-3.7-2.2-4.2.2-.3,1.7.7,3.7,3,4.2,1.9.3,4.7-.9,7-5.9-1.3,0-2.4.7-3.9,1.7l2.4-8c.6,2.3,1.4,3.7,2.2,4.5.6-1.6.5-2.8,0-5.3l5,1.8c-2.6,3.6-5.2,8.7-7.3,17.5-7.4-1.1-15.7-1.7-24.5-1.7h0c-8.8,0-17.1.6-24.5,1.7-2.1-8.9-4.7-13.9-7.3-17.5l5-1.8c-.5,2.5-.6,3.7,0,5.3.8-.8,1.6-2.3,2.2-4.5l2.4,8c-1.5-1-2.6-1.7-3.9-1.7,2.3,5,5.2,6.2,7,5.9,2.3-.4,3.3-2.4,3-4.2-.5-2.4-3-3.1-4.2-.2-2.2-4.6,1.6-6,4-4.6-3.7-3.7-4.2-7.1-1.2-11.1,4.2,3.2,4.3,6.4,2.4,10.9,2.5-2.8,6.3-1.3,4.9,3.2-1.8-2.7-4.1-1-3.7,1.6.3,2.3,3.3,4.1,7,3.8,5.4-.5,5.7-4.2,5.8-7.2-1.3-.2-3.7,1-5.7,3.8l-.7-8.5c2.2,2.3,4.2,2.7,6.4,2.8-.7-2.3-4.1-6.1-4.1-6.1h10.6,0Z"/>
+            </g>
+        </svg>
+        <div class="govuk-footer__meta">
+            <div class="govuk-footer__meta-item govuk-footer__meta-item--grow">
+                <h2 class="govuk-visually-hidden">Support links</h2>
+                <div class="govuk-footer__meta-custom">
+                    <span>If you need help using this private beta, get in touch by email:</span>
+                    <a class="govuk-footer__link" href="mailto: [email protected]">[email protected]</a>
+                    <span>.</span>
+                    <br>
+                    <span>Or by phone: 03034447000</span>
+                </div>
+                <div class="govuk-footer__meta-custom">
+                    <span>Built by</span>
+                    <a class="govuk-footer__link" href="https://www.gov.uk/government/organisations/ministry-of-housing-communities-local-government">Ministry of Housing, Communities, and Local Government (MHCLG)</a>
+                </div>
+                <svg aria-hidden="true" focusable="false" class="govuk-footer__licence-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 483.2 195.7" height="17" width="41">
+                    <path fill="currentColor" d="M421.5 142.8V.1l-50.7 32.3v161.1h112.4v-50.7zm-122.3-9.6A47.12 47.12 0 0 1 221 97.8c0-26 21.1-47.1 47.1-47.1 16.7 0 31.4 8.7 39.7 21.8l42.7-27.2A97.63 97.63 0 0 0 268.1 0c-36.5 0-68.3 20.1-85.1 49.7A98 98 0 0 0 97.8 0C43.9 0 0 43.9 0 97.8s43.9 97.8 97.8 97.8c36.5 0 68.3-20.1 85.1-49.7a97.76 97.76 0 0 0 149.6 25.4l19.4 22.2h3v-87.8h-80l24.3 27.5zM97.8 145c-26 0-47.1-21.1-47.1-47.1s21.1-47.1 47.1-47.1 47.2 21 47.2 47S123.8 145 97.8 145"/>
+                </svg>
+                <span class="govuk-footer__licence-description">
+                    <span>All content is available under the</span>
+                    <a class="govuk-footer__link" rel="license" href="https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/">Open Government Licence v3.0</a>
+                    <span >, except where otherwise stated</span>
+                </span>
+            </div>
+            <div class="govuk-footer__meta-item">
+                <a class="govuk-footer__link govuk-footer__copyright-logo" href="https://www.nationalarchives.gov.uk/information-management/re-using-public-sector-information/uk-government-licensing-framework/crown-copyright/">&#x00A9 Crown copyright</a>
+            </div>
+        </div>
+    </div>
+</footer>
+</body>
+</html>

terraform/modules/frontdoor/variables.tf

@@ -75,4 +75,10 @@ variable "cloudwatch_log_expiration_days" {
 variable "use_aws_shield_advanced" {
   type        = bool
   description = "Indicates whether AWS Shield Advanced should be enabled"
+}
+
+variable "maintenance_mode_on" {
+  type        = bool
+  description = "Indicates whether maintenance mode is on"
+  default     = false
 }

terraform/production/main.tf

@@ -87,6 +87,7 @@ module "frontdoor" {
   ip_allowlist                   = local.ip_allowlist
   cloudwatch_log_expiration_days = local.cloudwatch_log_expiration_days
   use_aws_shield_advanced        = false
+  maintenance_mode_on            = var.maintenance_mode_on
 }
 
 module "certificates" {

terraform/production/variables.tf

@@ -20,4 +20,10 @@ variable "ip_restrictions_on" {
   description = "Enable IP restrictions for the web application"
   type        = bool
   default     = false
+}
+
+variable "maintenance_mode_on" {
+  type        = bool
+  description = "Indicates whether maintenance mode is on"
+  default     = false
 }

terraform/test/main.tf

@@ -87,6 +87,7 @@ module "frontdoor" {
   ]
   cloudwatch_log_expiration_days = local.cloudwatch_log_expiration_days
   use_aws_shield_advanced        = false
+  maintenance_mode_on            = var.maintenance_mode_on
 }
 
 module "certificates" {

terraform/test/variables.tf

@@ -14,4 +14,10 @@ variable "alarm_email_address" {
   description = "Email address to receive CloudWatch alarm notifications"
   type        = string
   sensitive   = true
+}
+
+variable "maintenance_mode_on" {
+  type        = bool
+  description = "Indicates whether maintenance mode is on"
+  default     = false
 }