From 24e78de9c54275e243f514c92ecbf7484ef2cd97 Mon Sep 17 00:00:00 2001 From: Jaimyn Mayer Date: Mon, 5 Aug 2024 09:27:15 +1000 Subject: [PATCH] removed old and unsupported terraform related files --- .github/workflows/codeql-analysis.yml | 68 ---------- .octopus/deployment_process.ocl | 0 .octopus/deployment_settings.ocl | 7 - .octopus/schema_version.ocl | 1 - .octopus/variables.ocl | 0 Dockerfile.copilot | 49 ------- LICENSE | 4 +- copilot/.workspace | 1 - copilot/README.md | 1 - copilot/buildspec.yml | 126 ------------------ copilot/frontend/addons/mm-db.yml | 109 --------------- copilot/frontend/manifest.yml | 40 ------ copilot/pipeline.yml | 31 ----- docker/container_start_no_setup.sh | 13 -- infrastructure/.tool-versions | 4 - infrastructure/README.md | 102 -------------- .../terraform/membermatters/common.yml | 22 --- .../terraform/membermatters/empty.yml | 4 - .../terraform/membermatters/prod.yml | 4 - .../prod/acm-public/terragrunt.hcl | 26 ---- .../route53-delegation-set/terragrunt.hcl | 16 --- .../prod/route53-public/terragrunt.hcl | 19 --- .../membermatters/prod/vpc/terragrunt.hcl | 17 --- .../terraform/membermatters/terragrunt.hcl | 61 --------- infrastructure/terraform/modules/acm/main.tf | 84 ------------ .../terraform/modules/acm/outputs.tf | 7 - .../terraform/modules/acm/provider.tf | 23 ---- .../terraform/modules/acm/variables.tf | 13 -- infrastructure/terraform/modules/acm/vars.tf | 59 -------- .../modules/route53-delegation-set/main.tf | 22 --- .../modules/route53-delegation-set/outputs.tf | 9 -- .../route53-delegation-set/provider.tf | 23 ---- .../route53-delegation-set/variables.tf | 4 - .../modules/route53-delegation-set/vars.tf | 59 -------- .../terraform/modules/route53-zone/main.tf | 26 ---- .../terraform/modules/route53-zone/outputs.tf | 19 --- .../modules/route53-zone/provider.tf | 23 ---- .../modules/route53-zone/variables.tf | 12 -- .../terraform/modules/route53-zone/vars.tf | 59 -------- infrastructure/terraform/modules/vpc/main.tf | 58 -------- .../terraform/modules/vpc/outputs.tf | 119 ----------------- .../terraform/modules/vpc/provider.tf | 23 ---- .../terraform/modules/vpc/variables.tf | 118 ---------------- infrastructure/terraform/modules/vpc/vars.tf | 59 -------- infrastructure/terraform/set_env.sh | 53 -------- 45 files changed, 2 insertions(+), 1595 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yml delete mode 100644 .octopus/deployment_process.ocl delete mode 100644 .octopus/deployment_settings.ocl delete mode 100644 .octopus/schema_version.ocl delete mode 100644 .octopus/variables.ocl delete mode 100644 Dockerfile.copilot delete mode 100644 copilot/.workspace delete mode 100644 copilot/README.md delete mode 100644 copilot/buildspec.yml delete mode 100644 copilot/frontend/addons/mm-db.yml delete mode 100644 copilot/frontend/manifest.yml delete mode 100644 copilot/pipeline.yml delete mode 100644 docker/container_start_no_setup.sh delete mode 100644 infrastructure/.tool-versions delete mode 100644 infrastructure/README.md delete mode 100644 infrastructure/terraform/membermatters/common.yml delete mode 100644 infrastructure/terraform/membermatters/empty.yml delete mode 100644 infrastructure/terraform/membermatters/prod.yml delete mode 100644 infrastructure/terraform/membermatters/prod/acm-public/terragrunt.hcl delete mode 100644 infrastructure/terraform/membermatters/prod/route53-delegation-set/terragrunt.hcl delete mode 100644 infrastructure/terraform/membermatters/prod/route53-public/terragrunt.hcl delete mode 100644 infrastructure/terraform/membermatters/prod/vpc/terragrunt.hcl delete mode 100644 infrastructure/terraform/membermatters/terragrunt.hcl delete mode 100644 infrastructure/terraform/modules/acm/main.tf delete mode 100644 infrastructure/terraform/modules/acm/outputs.tf delete mode 100644 infrastructure/terraform/modules/acm/provider.tf delete mode 100644 infrastructure/terraform/modules/acm/variables.tf delete mode 100644 infrastructure/terraform/modules/acm/vars.tf delete mode 100644 infrastructure/terraform/modules/route53-delegation-set/main.tf delete mode 100644 infrastructure/terraform/modules/route53-delegation-set/outputs.tf delete mode 100644 infrastructure/terraform/modules/route53-delegation-set/provider.tf delete mode 100644 infrastructure/terraform/modules/route53-delegation-set/variables.tf delete mode 100644 infrastructure/terraform/modules/route53-delegation-set/vars.tf delete mode 100644 infrastructure/terraform/modules/route53-zone/main.tf delete mode 100644 infrastructure/terraform/modules/route53-zone/outputs.tf delete mode 100644 infrastructure/terraform/modules/route53-zone/provider.tf delete mode 100644 infrastructure/terraform/modules/route53-zone/variables.tf delete mode 100644 infrastructure/terraform/modules/route53-zone/vars.tf delete mode 100644 infrastructure/terraform/modules/vpc/main.tf delete mode 100644 infrastructure/terraform/modules/vpc/outputs.tf delete mode 100644 infrastructure/terraform/modules/vpc/provider.tf delete mode 100644 infrastructure/terraform/modules/vpc/variables.tf delete mode 100644 infrastructure/terraform/modules/vpc/vars.tf delete mode 100644 infrastructure/terraform/set_env.sh diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 55581a55..00000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,68 +0,0 @@ -# For most projects, this workflow file will not need changing; you simply need -# to commit it to your repository. -# -# You may wish to alter this file to override the set of languages analyzed, -# or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" - -on: - workflow_dispatch: - push: - branches: - - "dev" - pull_request: - # The branches below must be a subset of the branches above - branches: - - "dev" - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: ["javascript", "python"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more: - # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed - - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.octopus/deployment_process.ocl b/.octopus/deployment_process.ocl deleted file mode 100644 index e69de29b..00000000 diff --git a/.octopus/deployment_settings.ocl b/.octopus/deployment_settings.ocl deleted file mode 100644 index 562e7dd7..00000000 --- a/.octopus/deployment_settings.ocl +++ /dev/null @@ -1,7 +0,0 @@ -connectivity_policy { - allow_deployments_to_no_targets = true -} - -versioning_strategy { - template = "#{Octopus.Version.LastMajor}.#{Octopus.Version.LastMinor}.#{Octopus.Version.NextPatch}" -} \ No newline at end of file diff --git a/.octopus/schema_version.ocl b/.octopus/schema_version.ocl deleted file mode 100644 index 4548a61f..00000000 --- a/.octopus/schema_version.ocl +++ /dev/null @@ -1 +0,0 @@ -version = 6 \ No newline at end of file diff --git a/.octopus/variables.ocl b/.octopus/variables.ocl deleted file mode 100644 index e69de29b..00000000 diff --git a/Dockerfile.copilot b/Dockerfile.copilot deleted file mode 100644 index 17254659..00000000 --- a/Dockerfile.copilot +++ /dev/null @@ -1,49 +0,0 @@ -# Specify our base image -FROM alpine:3.13 -LABEL maintainer="Jaimyn Mayer (github@jaimyn.com.au)" -LABEL description="Base Dockerfile for the MemberMatters software." - -# Volumes don't really make sense when deploying to ECS -# VOLUME /usr/src/data/ -# VOLUME /usr/src/logs/ - -# Copy over the nginx config file -ADD memberportal/requirements.txt /usr/src/app/memberportal/requirements.txt -ADD frontend/package.json /usr/src/app/frontend/package.json -ADD frontend/package-lock.json /usr/src/app/frontend/package-lock.json -ADD docker/nginx.conf /etc/nginx/nginx.conf -WORKDIR /usr/src/app/ - -# Install nginx and other build dependencies -RUN apk update \ - && apk add make gcc g++ musl-dev libffi-dev openssl-dev zlib-dev jpeg-dev bash libpng-dev openrc cargo nginx vips-dev python2 python3 python3-dev py3-pip nodejs npm mariadb-dev mariadb-client \ - # Create some base folders for everything - && mkdir /usr/src/logs && mkdir /usr/src/data \ - # Install node deps - && cd /usr/src/app/frontend/ \ - && npm ci \ - # Install python deps - && cd /usr/src/app/memberportal/ \ - $$ pip3 install --no-cache-dir pillow \ - && pip3 install --no-cache-dir -r requirements.txt - -# Copy over app code -ADD memberportal /usr/src/app/memberportal -ADD frontend /usr/src/app/frontend -ADD docker /usr/src/app/docker - -# Build out the code: -RUN cd /usr/src/app/memberportal/ \ - && python3 manage.py collectstatic --noinput \ - # Build our frontend - && cd /usr/src/app/frontend/ \ - && npm run build \ - # Remove node_modules and our .npmrc - && rm -rf .npmrc node_modules/ \ - # Remove build deps we don't need anymore - && apk del --no-cache --purge make gcc g++ musl-dev libffi-dev openssl-dev zlib-dev jpeg-dev bash libpng-dev cargo vips-dev python2 python3-dev npm \ - && rm -rf /var/cache/apk/* - -# Expose the port and run the app -EXPOSE 8000 -CMD ["sh", "/usr/src/app/docker/container_start_no_setup.sh"] diff --git a/LICENSE b/LICENSE index 458f692b..8744c30c 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ -Copyright 2020 MemberMatters (Jaimyn Mayer and others) +# Copyright 2024 MemberMatters (Jaimyn Mayer and others) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/copilot/.workspace b/copilot/.workspace deleted file mode 100644 index 7d7a4fa1..00000000 --- a/copilot/.workspace +++ /dev/null @@ -1 +0,0 @@ -application: mm diff --git a/copilot/README.md b/copilot/README.md deleted file mode 100644 index 34fd6f99..00000000 --- a/copilot/README.md +++ /dev/null @@ -1 +0,0 @@ -see infrastructure/README.md file \ No newline at end of file diff --git a/copilot/buildspec.yml b/copilot/buildspec.yml deleted file mode 100644 index 1c902bb0..00000000 --- a/copilot/buildspec.yml +++ /dev/null @@ -1,126 +0,0 @@ -# Buildspec runs in the build stage of your pipeline. -version: 0.2 -phases: - install: - runtime-versions: - docker: 18 - ruby: 2.6 - commands: - - echo "cd into $CODEBUILD_SRC_DIR" - - cd $CODEBUILD_SRC_DIR - # Download the copilot linux binary. - - wget https://ecs-cli-v2-release.s3.amazonaws.com/copilot-linux-v1.6.0 - - mv ./copilot-linux-v1.6.0 ./copilot-linux - - chmod +x ./copilot-linux - build: - commands: - - echo "Run your tests" - - ls -l - # - make test - post_build: - commands: - - ls -l - - export COLOR="false" - # First, upgrade the cloudformation stack of every environment in the pipeline. - - pipeline=$(cat $CODEBUILD_SRC_DIR/copilot/pipeline.yml | ruby -ryaml -rjson -e 'puts JSON.pretty_generate(YAML.load(ARGF))') - - pl_envs=$(echo $pipeline | jq '.stages[].name' | sed 's/"//g') - - > - for pl_env in $pl_envs; do - ./copilot-linux env upgrade -n $pl_env; - done; - # Find all the local services in the workspace. - - svcs=$(./copilot-linux svc ls --local --json | jq '.services[].name' | sed 's/"//g') - # Find all the local jobs in the workspace. - - jobs=$(./copilot-linux job ls --local --json | jq '.jobs[].name' | sed 's/"//g') - # Find all the environments - - envs=$(./copilot-linux env ls --json | jq '.environments[].name' | sed 's/"//g') - # Generate the cloudformation templates. - # The tag is the build ID but we replaced the colon ':' with a dash '-'. - # We truncate the tag (from the front) to 128 characters, the limit for Docker tags - # (https://docs.docker.com/engine/reference/commandline/tag/) - - tag=$(sed 's/:/-/g' <<<"$CODEBUILD_BUILD_ID" | rev | cut -c 1-128 | rev) - - > - for env in $envs; do - for svc in $svcs; do - ./copilot-linux svc package -n $svc -e $env --output-dir './infrastructure' --tag $tag; - done; - for job in $jobs; do - ./copilot-linux job package -n $job -e $env --output-dir './infrastructure' --tag $tag; - done; - done; - - ls -lah ./infrastructure - # Concatenate jobs and services into one var for addons - # If addons exists, upload addons templates to each S3 bucket and write template URL to template config files. - - WORKLOADS=$(echo $jobs $svcs) - - | - for workload in $WORKLOADS; do - ADDONSFILE=./infrastructure/$workload.addons.stack.yml - if [ -f "$ADDONSFILE" ]; then - tmp=$(mktemp) - timestamp=$(date +%s) - aws s3 cp "$ADDONSFILE" "s3://stackset-mm-infrastructu-pipelinebuiltartifactbuc-rm2bowzplpyj/manual/$timestamp/$workload.addons.stack.yml"; - jq --arg a "https://stackset-mm-infrastructu-pipelinebuiltartifactbuc-rm2bowzplpyj.s3.ap-southeast-2.amazonaws.com/manual/$timestamp/$workload.addons.stack.yml" '.Parameters.AddonsTemplateURL = $a' ./infrastructure/$workload-prod.params.json > "$tmp" && mv "$tmp" ./infrastructure/$workload-prod.params.json - fi - done; - # Build images - # - For each manifest file: - # - Read the path to the Dockerfile by translating the YAML file into JSON. - # - Run docker build. - # - For each environment: - # - Retrieve the ECR repository. - # - Login and push the image. - - > - for workload in $WORKLOADS; do - manifest=$(cat $CODEBUILD_SRC_DIR/copilot/$workload/manifest.yml | ruby -ryaml -rjson -e 'puts JSON.pretty_generate(YAML.load(ARGF))') - image_location=$(echo $manifest | jq '.image.location') - if [ ! "$image_location" = null ]; then - echo "skipping image building because location is provided as $image_location"; - continue - fi - base_dockerfile=$(echo $manifest | jq '.image.build') - build_dockerfile=$(echo $manifest| jq 'if .image.build?.dockerfile? then .image.build.dockerfile else "" end' | sed 's/"//g') - build_context=$(echo $manifest| jq 'if .image.build?.context? then .image.build.context else "" end' | sed 's/"//g') - build_target=$(echo $manifest| jq 'if .image.build?.target? then .image.build.target else "" end' | sed 's/"//g') - dockerfile_args=$(echo $manifest | jq 'if .image.build?.args? then .image.build.args else "" end | to_entries?') - build_cache_from=$(echo $manifest | jq 'if .image.build?.cache_from? then .image.build.cache_from else "" end') - df_rel_path=$( echo $base_dockerfile | sed 's/"//g') - if [ -n "$build_dockerfile" ]; then - df_rel_path=$build_dockerfile - fi - df_path=$df_rel_path - df_dir_path=$(dirname "$df_path") - if [ -n "$build_context" ]; then - df_dir_path=$build_context - fi - build_args= - if [ -n "$dockerfile_args" ]; then - for arg in $(echo $dockerfile_args | jq -r '.[] | "\(.key)=\(.value)"'); do - build_args="$build_args--build-arg $arg " - done - fi - if [ -n "$build_target" ]; then - build_args="$build_args--target $build_target " - fi - if [ -n "$build_cache_from" ]; then - for arg in $(echo $build_cache_from | jq -r '.[]'); do - build_args="$build_args--cache-from $arg " - done - fi - echo "Name: $workload" - echo "Relative Dockerfile path: $df_rel_path" - echo "Docker build context: $df_dir_path" - echo "Docker build args: $build_args" - echo "Running command: docker build -t $workload:$tag $build_args-f $df_path $df_dir_path"; - docker build -t $workload:$tag $build_args-f $df_path $df_dir_path; - image_id=$(docker images -q $workload:$tag); - for env in $envs; do - repo=$(cat $CODEBUILD_SRC_DIR/infrastructure/$workload-$env.params.json | jq '.Parameters.ContainerImage' | sed 's/"//g'); - region=$(echo $repo | cut -d'.' -f4); - $(aws ecr get-login-password --region $region | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$region.amazonaws.com); - docker tag $image_id $repo; - docker push $repo; - done; - done; -artifacts: - files: - - "infrastructure/*" diff --git a/copilot/frontend/addons/mm-db.yml b/copilot/frontend/addons/mm-db.yml deleted file mode 100644 index bf74b26a..00000000 --- a/copilot/frontend/addons/mm-db.yml +++ /dev/null @@ -1,109 +0,0 @@ -Parameters: - App: - Type: String - Description: Your application's name. - Env: - Type: String - Description: The environment name your service, job, or workflow is being deployed to. - Name: - Type: String - Description: The name of the service, job, or workflow being deployed. - # Customize your Aurora Serverless cluster by setting the default value of the following parameters. - mmdbDBName: - Type: String - Description: The name of the initial database to be created in the DB cluster. - Default: mm - # Cannot have special characters - # Naming constraints: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints - mmdbDBAutoPauseSeconds: - Type: Number - Description: The duration in seconds before the cluster pauses. - Default: 1000 -Mappings: - mmdbEnvScalingConfigurationMap: - prod: - "DBMinCapacity": 1 # AllowedValues: [1, 2, 4, 8, 16, 32, 64, 128, 256] - "DBMaxCapacity": 8 # AllowedValues: [1, 2, 4, 8, 16, 32, 64, 128, 256] -Resources: - mmdbDBSubnetGroup: - Type: 'AWS::RDS::DBSubnetGroup' - Properties: - DBSubnetGroupDescription: Group of Copilot private subnets for Aurora cluster. - SubnetIds: - !Split [',', { 'Fn::ImportValue': !Sub '${App}-${Env}-PrivateSubnets' }] - mmdbSecurityGroup: - Metadata: - 'aws:copilot:description': 'A security group for your workload to access the DB cluster mmdb' - Type: 'AWS::EC2::SecurityGroup' - Properties: - GroupDescription: !Sub 'The Security Group for ${Name} to access DB cluster mmdb.' - VpcId: - Fn::ImportValue: - !Sub '${App}-${Env}-VpcId' - Tags: - - Key: Name - Value: !Sub 'copilot-${App}-${Env}-${Name}-Aurora' - mmdbDBClusterSecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - GroupDescription: The Security Group for the database cluster. - SecurityGroupIngress: - - ToPort: 3306 - FromPort: 3306 - IpProtocol: tcp - Description: !Sub 'From the Aurora Security Group of the workload ${Name}.' - SourceSecurityGroupId: !Ref mmdbSecurityGroup - VpcId: - Fn::ImportValue: - !Sub '${App}-${Env}-VpcId' - mmdbAuroraSecret: - Type: AWS::SecretsManager::Secret - Properties: - Description: !Sub Aurora main user secret for ${AWS::StackName} - GenerateSecretString: - SecretStringTemplate: '{"username": "admin"}' - GenerateStringKey: "password" - ExcludePunctuation: true - IncludeSpace: false - PasswordLength: 16 - mmdbDBClusterParameterGroup: - Type: 'AWS::RDS::DBClusterParameterGroup' - Properties: - Description: !Ref 'AWS::StackName' - Family: 'aurora-mysql5.7' - Parameters: - character_set_client: 'utf8' - mmdbDBCluster: - Type: 'AWS::RDS::DBCluster' - Properties: - MasterUsername: - !Join [ "", [ '{{resolve:secretsmanager:', !Ref mmdbAuroraSecret, ":SecretString:username}}" ]] - MasterUserPassword: - !Join [ "", [ '{{resolve:secretsmanager:', !Ref mmdbAuroraSecret, ":SecretString:password}}" ]] - DatabaseName: !Ref mmdbDBName - Engine: 'aurora-mysql' - EngineVersion: '5.7.mysql_aurora.2.07.1' - EngineMode: serverless - DBClusterParameterGroupName: !Ref mmdbDBClusterParameterGroup - DBSubnetGroupName: !Ref mmdbDBSubnetGroup - VpcSecurityGroupIds: - - !Ref mmdbDBClusterSecurityGroup - ScalingConfiguration: - AutoPause: true - MinCapacity: !FindInMap [mmdbEnvScalingConfigurationMap, !Ref Env, DBMinCapacity] - MaxCapacity: !FindInMap [mmdbEnvScalingConfigurationMap, !Ref Env, DBMaxCapacity] - SecondsUntilAutoPause: !Ref mmdbDBAutoPauseSeconds - mmdbSecretAuroraClusterAttachment: - Type: AWS::SecretsManager::SecretTargetAttachment - Properties: - SecretId: !Ref mmdbAuroraSecret - TargetId: !Ref mmdbDBCluster - TargetType: AWS::RDS::DBCluster -Outputs: - mmdbSecret: # injected as MMDB_SECRET environment variable by Copilot. - Description: "The JSON secret that holds the database username and password. Fields are 'host', 'port', 'dbname', 'username', 'password', 'dbClusterIdentifier' and 'engine'" - Value: !Ref mmdbAuroraSecret - mmdbSecurityGroup: - Description: "The security group to attach to the workload." - Value: !Ref mmdbSecurityGroup - diff --git a/copilot/frontend/manifest.yml b/copilot/frontend/manifest.yml deleted file mode 100644 index b50743a3..00000000 --- a/copilot/frontend/manifest.yml +++ /dev/null @@ -1,40 +0,0 @@ -# The manifest for the "frontend" service. -# Read the full specification for the "Load Balanced Web Service" type at: -# https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/ - -# Your service name will be used in naming your resources like log groups, ECS services, etc. -name: frontend -type: Load Balanced Web Service - -# Distribute traffic to your service. -http: - # Requests to this path will be forwarded to your service. - # To match all requests you can use the "/" path. - path: '/' - # You can specify a custom health check path. The default is "/". - # healthcheck: '/' - -# Configuration for your containers and service. -image: - # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/lb-web-service/#image-build - build: Dockerfile.copilot - # Port exposed through your container to route traffic to it. - port: 8000 - -cpu: 256 # Number of CPU units for the task. -memory: 512 # Amount of memory in MiB used by the task. -count: 1 # Number of tasks that should be running in your service. -exec: true # Enable running commands in your container. - -# Optional fields for more advanced use-cases. -# -#variables: # Pass environment variables as key value pairs. -# LOG_LEVEL: info - -#secrets: # Pass secrets from AWS Systems Manager (SSM) Parameter Store. -# GITHUB_TOKEN: GITHUB_TOKEN # The key is the name of the environment variable, the value is the name of the SSM parameter. - -# You can override any of the values defined above by environment. -#environments: -# test: -# count: 2 # Number of tasks to run for the "test" environment. diff --git a/copilot/pipeline.yml b/copilot/pipeline.yml deleted file mode 100644 index 5bc4e5c5..00000000 --- a/copilot/pipeline.yml +++ /dev/null @@ -1,31 +0,0 @@ -# This YAML file defines the relationship and deployment ordering of your environments. - -# The name of the pipeline -name: pipeline-mm-MemberMatters - -# The version of the schema used in this template -version: 1 - -# This section defines the source artifacts. -source: - # The name of the provider that is used to store the source artifacts. - provider: GitHub - # Additional properties that further specifies the exact location - # the artifacts should be sourced from. For example, the GitHub provider - # has the following properties: repository, branch. - properties: - branch: main - repository: https://github.com/gctechspace/MemberMatters - # Optional: specify the name of an existing CodeStar Connections connection. - # connection_name: a-connection - -# The deployment section defines the order the pipeline will deploy -# to your environments. -stages: - - # The name of the environment to deploy to. - name: prod - # Optional: flag for manual approval action before deployment. - # requires_approval: true - # Optional: use test commands to validate this stage of your build. - # test_commands: [echo 'running tests', make test] - diff --git a/docker/container_start_no_setup.sh b/docker/container_start_no_setup.sh deleted file mode 100644 index b426ea9e..00000000 --- a/docker/container_start_no_setup.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh - -# Start nginx -nginx - -# Navigate to the app and start gunicorn -cd memberportal - -# We should migrate on startup in case there's been any db changes -python3 manage.py migrate - -exec daphne -b 0.0.0.0 -p 8001 membermatters.asgi:application -#exec gunicorn membermatters.wsgi:application --bind unix:/tmp/gunicorn.sock --access-logfile '/usr/src/logs/access.log' --error-logfile '/usr/src/logs/error.log' --workers 6 diff --git a/infrastructure/.tool-versions b/infrastructure/.tool-versions deleted file mode 100644 index 91ed8888..00000000 --- a/infrastructure/.tool-versions +++ /dev/null @@ -1,4 +0,0 @@ -packer 1.6.0 -python 3.8.4 -terraform 0.12.28 -terragrunt 0.23.29 diff --git a/infrastructure/README.md b/infrastructure/README.md deleted file mode 100644 index 26553d8e..00000000 --- a/infrastructure/README.md +++ /dev/null @@ -1,102 +0,0 @@ -# Deploying Member Matters to the Cloud - -## Required tools: - -- `terraform` -- `terragrunt` -- `aws-vault` (optional, a nice way to store AWS creds in keyring) - -## Step 1: Set env variables and AWS creds - -```bash -cd terraform/ -aws-vault exec gctechspace-prod -- # note: env creds expire after 30 mins -export ENV=prod -source ./set_env.sh -``` - -## Step 2: Initial bootstrapping of hosted zone / vpc / wildcard ssl certificate - -```bash -# nameservers for the zone we're gonna use in AWS land -terragrunt apply --terragrunt-working-dir membermatters/$ENV/route53-delegation-set -# setup the zone for members.gctechspace.org -terragrunt apply --terragrunt-working-dir membermatters/$ENV/route53-public - -# now we have a zone and name servers, we can delegate members.gctechspace.org to AWS from CloudFlare config -# this is done manually through CloudFlare: "ns-1453.awsdns-53.org", "ns-1914.awsdns-47.co.uk", "ns-217.awsdns-27.com", "ns-797.awsdns-35.net", - -# confirm subdomain delegation to AWS worked: -host -t ns members.gctechspace.org - members.gctechspace.org name server ns-1453.awsdns-53.org. - members.gctechspace.org name server ns-1914.awsdns-47.co.uk. - members.gctechspace.org name server ns-217.awsdns-27.com. - members.gctechspace.org name server ns-797.awsdns-35.net. - -# Create AWS SSL cert for *.members.gctechspace.org -terragrunt apply --terragrunt-working-dir membermatters/$ENV/acm-public -# Create VPC for hosting this app in (note down the VPC ID, public and private subnet IDs) -terragrunt apply --terragrunt-working-dir membermatters/$ENV/vpc -``` - -# Initial setup of app & database - -```bash -cd copilot -# Bootstrap copilot setup -copilot app init mm --domain members.gctechspace.org -# Tell copilot to start a "prod" environment in the VPC / security groups we made above -copilot env init -n prod --import-vpc-id vpc-0903228a2ce58d9f2 --import-public-subnets subnet-09e0cd5ec6c42a3e1,subnet-01c831b1e7051d803 --import-private-subnets subnet-050236b57beb46fd0,subnet-0e7676e504a766e50 -# Tell copilot to launch a service called "frontend" based on a Dockerfile -copilot svc init --name frontend --svc-type "Load Balanced Web Service" --dockerfile ../../test/Dockerfile -# deploy and start the service -copilot svc deploy - -# We now have an app at frontend.prod.mm.members.gctechspace.org - phew! -# Manually fix up the hostname in AWS console -# 1. Load balancers -> HTTPS Listener -> Change certificate to `members.gctechspace.org` -# 2. Load balancers -> HTTPS Listener -> View/edit rules -> Change hostname to `members.gctechspace.org` -# 3. Load balancers -> HTTP Listener -> View/edit rules -> Change hostname to `members.gctechspace.org` -# These settings should stay as long as we don't delete the app and re-create it. - -# Create the database configuration ( enter initial database name as "mm" ) -copilot storage init -n mm-db -t Aurora -w frontend --engine MySQL -# Deploy database config and kick of DB creation: -copilot deploy --name frontend - -# Create codedeploy pipeline -copilot pipeline init -# Have a look at the generated files, tweak as needed and add them to git: -git add buildspec.yml pipeline.yml -# Deploy the pipeline -copilot pipeline update -# Follow the prompts ^^ to connect github up to codepipeline -``` - -# Manual deploy app - -From the command line, pushing any local changes straight to production: -```bash -copilot svc deploy -``` - -From the AWS console, pulling in the latest `main` branch from github and deploying it: - -https://ap-southeast-2.console.aws.amazon.com/codesuite/codepipeline/pipelines/pipeline-mm-MemberMatters/view?region=ap-southeast-2 - -then click 'Release change' at the top. - -# Connect to running instance - -```bash -copilot svc exec --name frontend --env prod -c /bin/bash -``` - -# Automatic Deployments - -When a merge to main happens, AWS kicks off an automatic build and deployment of the latest code. - -Follow along with progress here: https://ap-southeast-2.console.aws.amazon.com/codesuite/codepipeline/pipelines/pipeline-mm-MemberMatters/view?region=ap-southeast-2 - -If something doesn't work right, CloudFormation will time out after 30 or so minutes. To make that process quicker you can scale down the number of instances (ECS -> Clusters -> open Cluster -> open Service -> click Update -> next,next,change Desired Count to 0) - diff --git a/infrastructure/terraform/membermatters/common.yml b/infrastructure/terraform/membermatters/common.yml deleted file mode 100644 index 3288cb89..00000000 --- a/infrastructure/terraform/membermatters/common.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Common / default settings for all environments - -# Short name for organization, used to name/tag things -org: gctechspace - -# Globally unique name for organization, used for things like S3 buckets -org_unique: gctechspace - -# Name of the app -app_name: membermatters - -# Region to build in -# aws ec2 describe-regions -aws_region: ap-southeast-2 - -# Availiability zones -# aws ec2 describe-availability-zones --region ap-southeast-2 -availability_zones: ["ap-southeast-2a", "ap-southeast-2b"] - -# Whether KMS is available (not supported in China) -has_kms: true diff --git a/infrastructure/terraform/membermatters/empty.yml b/infrastructure/terraform/membermatters/empty.yml deleted file mode 100644 index 5aa66daa..00000000 --- a/infrastructure/terraform/membermatters/empty.yml +++ /dev/null @@ -1,4 +0,0 @@ -# This is intentionally empty object. This YAML file is used as a catch all to return an empty map when expected yaml -# vars do not exist. Note that this file can not be completely empty because terragrunt's yamldecode function expects an -# object, and it doesn't treat empty files as an empty object (you get a syntax error). -{} diff --git a/infrastructure/terraform/membermatters/prod.yml b/infrastructure/terraform/membermatters/prod.yml deleted file mode 100644 index eba59d10..00000000 --- a/infrastructure/terraform/membermatters/prod.yml +++ /dev/null @@ -1,4 +0,0 @@ -# Settings for dev environment - -# Name of EC2 keypair to use for instances -keypair_name: gctechspace-prod diff --git a/infrastructure/terraform/membermatters/prod/acm-public/terragrunt.hcl b/infrastructure/terraform/membermatters/prod/acm-public/terragrunt.hcl deleted file mode 100644 index 2522881e..00000000 --- a/infrastructure/terraform/membermatters/prod/acm-public/terragrunt.hcl +++ /dev/null @@ -1,26 +0,0 @@ -# Create cert using Amazon Certificate Manager for public domain. - -# Cert is for base domain and wildcard. -# Cert for load balancer is created in region where load balancer runs. -# CloudFront certs must be created in us-east-1 region. - -terraform { - source = "${get_terragrunt_dir()}/../../../modules//acm" -} -dependency "route53" { - config_path = "../route53-public" -} -include { - path = find_in_parent_folders() -} -inputs = { - dns_domain = dependency.route53.outputs.name_nodot - - # Whether to create Route53 records for validation. - # Default is true, for primary load balancer cert. - # False when there is a cert already in another region, e.g. for CloudFront. - # create_route53_records = false - - # Override region, certs for CloudFront must be created in us-east-1. - # aws_region = "us-east-1" -} diff --git a/infrastructure/terraform/membermatters/prod/route53-delegation-set/terragrunt.hcl b/infrastructure/terraform/membermatters/prod/route53-delegation-set/terragrunt.hcl deleted file mode 100644 index 356f81f3..00000000 --- a/infrastructure/terraform/membermatters/prod/route53-delegation-set/terragrunt.hcl +++ /dev/null @@ -1,16 +0,0 @@ -# Create Route53 delgation set -# -# This is a set of nameservers which will be used when creating a zone. -# It's useful to create it separately from the zone, as you can then specify -# the nameservers for the domain in the registrar and they will stay the same -# even if you delete the Route53 zone and create it again. - -terraform { - source = "${get_terragrunt_dir()}/../../../modules//route53-delegation-set" -} -dependencies { - paths = [] -} -include { - path = find_in_parent_folders() -} diff --git a/infrastructure/terraform/membermatters/prod/route53-public/terragrunt.hcl b/infrastructure/terraform/membermatters/prod/route53-public/terragrunt.hcl deleted file mode 100644 index 7af7050b..00000000 --- a/infrastructure/terraform/membermatters/prod/route53-public/terragrunt.hcl +++ /dev/null @@ -1,19 +0,0 @@ -# Create Route53 hosted zone for public domain. - -terraform { - source = "${get_terragrunt_dir()}/../../../modules//route53-zone" -} -dependency "delegation-set" { - config_path = "../route53-delegation-set" -} -include { - path = find_in_parent_folders() -} - -inputs = { - name = "members.gctechspace.org" - delegation_set_id = dependency.delegation-set.outputs.id - - # true in dev, unsafe in prod - force_destroy = false -} diff --git a/infrastructure/terraform/membermatters/prod/vpc/terragrunt.hcl b/infrastructure/terraform/membermatters/prod/vpc/terragrunt.hcl deleted file mode 100644 index 40a98d80..00000000 --- a/infrastructure/terraform/membermatters/prod/vpc/terragrunt.hcl +++ /dev/null @@ -1,17 +0,0 @@ -# Create VPC - -terraform { - source = "${get_terragrunt_dir()}/../../../modules//vpc" -} -include { - path = find_in_parent_folders() -} - -inputs = { - cidr = "10.10.0.0/16" - private_subnets = ["10.10.1.0/24", "10.10.2.0/24"] - public_subnets = ["10.10.11.0/24", "10.10.12.0/24"] - - # enable_nat_gateway = true - # single_nat_gateway = true -} diff --git a/infrastructure/terraform/membermatters/terragrunt.hcl b/infrastructure/terraform/membermatters/terragrunt.hcl deleted file mode 100644 index 5ee52c15..00000000 --- a/infrastructure/terraform/membermatters/terragrunt.hcl +++ /dev/null @@ -1,61 +0,0 @@ -# --------------------------------------------------------------------------------------------------------------------- -# TERRAGRUNT CONFIGURATION -# Terragrunt is a thin wrapper for Terraform that provides extra tools for -# working with multiple Terraform modules, remote state, and locking: -# https://github.com/gruntwork-io/terragrunt -# --------------------------------------------------------------------------------------------------------------------- - -# Configure Terragrunt to store state in S3 bucket -remote_state { - backend = "s3" - config = { - encrypt = true - bucket = join("-", [get_env("ORG", ""), get_env("TF_VAR_app_name", ""), get_env("ENV", "dev"), "tfstate"]) - key = "${path_relative_to_include()}/terraform.tfstate" - region = get_env("TF_VAR_remote_state_s3_bucket_region", "us-east-1") - dynamodb_table = join("-", [get_env("ORG", ""), get_env("TF_VAR_app_name", ""), "tfstate"]) - } -} - -# --------------------------------------------------------------------------------------------------------------------- -# GLOBAL PARAMETERS -# These variables apply to all configurations in this subfolder. These are -# automatically merged into the child `terragrunt.hcl` config via the include block. -# --------------------------------------------------------------------------------------------------------------------- - -locals { - default_yaml_path = find_in_parent_folders("empty.yml") - env = get_env("ENV", "dev") - # org = cogini - # app_name = foo - # owner = jake - # aws_profile = "${local.org}-${local.env}" -} - -# This is based on the structure in -# https://github.com/gruntwork-io/terragrunt-infrastructure-live-example -# modified to be more flat. - -# Configure root level variables that all resources can inherit. This is -# especially helpful with multi-account configs where terraform_remote_state -# data sources are placed directly into the modules. -inputs = merge( - yamldecode( - # Default and common settings - file("${find_in_parent_folders("common.yml", local.default_yaml_path)}"), - ), - yamldecode( - # Settings for environment - file("${find_in_parent_folders("${local.env}.yml", local.default_yaml_path)}"), - ), - # Use a directory hierarchy to load config files: - # yamldecode( - # file("${get_terragrunt_dir()}/${find_in_parent_folders("env.yml", local.default_yaml_path)}"), - # ), - # yamldecode( - # file("${get_terragrunt_dir()}/${find_in_parent_folders("region.yml", local.default_yaml_path)}"), - # ), - # { - # aws_profile = "non-prod" - # }, -) \ No newline at end of file diff --git a/infrastructure/terraform/modules/acm/main.tf b/infrastructure/terraform/modules/acm/main.tf deleted file mode 100644 index 61bde2dd..00000000 --- a/infrastructure/terraform/modules/acm/main.tf +++ /dev/null @@ -1,84 +0,0 @@ -# Create a certificate using Amazon Certificate Manager (ACM) with -# Route 53 DNS validation. - -# Generates cert for the public domain and wildcard, -# e.g. example.com and *.example.com - -# Load balancer certs need to be in the same region as the load balancer. -# AWS requires CloudFront certs to be in us-east-1. - -# Example config: -# terraform { -# source = "${get_terragrunt_dir()}/../../../modules//acm-public" -# } -# dependency "zone" { -# config_path = "../route53-public" -# } -# include { -# path = find_in_parent_folders() -# } -# inputs = { -# dns_domain = dependency.zone.outputs.name -# -# # Whether to create Route53 records for validation -# # Default is true, for primary load balancer cert. -# # False when there is a cert already in another region, e.g. for CloudFront. -# # create_route53_records = false -# -# # Override region, certs for CloudFront must be created in us-east-1. -# # aws_region = "us-east-1" -# } - -locals { - domain_name = var.dns_domain - subject_alternative_names = ["*.${local.domain_name}"] -} - -data "aws_route53_zone" "selected" { - name = local.domain_name -} - -# https://www.terraform.io/docs/providers/aws/r/acm_certificate.html -resource "aws_acm_certificate" "default" { - domain_name = local.domain_name - subject_alternative_names = local.subject_alternative_names - validation_method = "DNS" - - tags = merge( - { - "Name" = local.domain_name - "org" = var.org - "app" = var.app_name - "env" = var.env - "owner" = var.owner - }, - var.extra_tags, - ) - - lifecycle { - create_before_destroy = true - } -} - -resource "aws_route53_record" "validation" { - # count = "${length(var.subject_alternative_names) + 1}" - # count = 2 - - # If this is a secondary cert, then the DNS records are already created by the primary - count = var.create_route53_records ? 1 : 0 - - name = aws_acm_certificate.default.domain_validation_options[count.index]["resource_record_name"] - type = aws_acm_certificate.default.domain_validation_options[count.index]["resource_record_type"] - records = [aws_acm_certificate.default.domain_validation_options[count.index]["resource_record_value"]] - zone_id = data.aws_route53_zone.selected.zone_id - ttl = var.validation_record_ttl -} - -# https://www.terraform.io/docs/providers/aws/r/acm_certificate_validation.html -resource "aws_acm_certificate_validation" "default" { - certificate_arn = aws_acm_certificate.default.arn - - validation_record_fqdns = [ - aws_acm_certificate.default.domain_validation_options[0].resource_record_name, - ] -} diff --git a/infrastructure/terraform/modules/acm/outputs.tf b/infrastructure/terraform/modules/acm/outputs.tf deleted file mode 100644 index 06ee4f8c..00000000 --- a/infrastructure/terraform/modules/acm/outputs.tf +++ /dev/null @@ -1,7 +0,0 @@ -output "arn" { - value = aws_acm_certificate.default.arn -} - -output "domain_name" { - value = aws_acm_certificate.default.domain_name -} diff --git a/infrastructure/terraform/modules/acm/provider.tf b/infrastructure/terraform/modules/acm/provider.tf deleted file mode 100644 index ae02c052..00000000 --- a/infrastructure/terraform/modules/acm/provider.tf +++ /dev/null @@ -1,23 +0,0 @@ -terraform { - backend "s3" { - } - required_version = ">= 0.12" -} - -provider "aws" { - alias = "cloudfront" - region = "us-east-1" - version = "~> 2.0" -} - -# https://www.terraform.io/docs/modules/usage.html#passing-providers-explicitly -# https://git.io/fh0qw - -variable "aws_region" { - description = "The AWS region to deploy to (e.g. us-east-1)" -} - -provider "aws" { - region = var.aws_region - version = "~> 2.0" -} diff --git a/infrastructure/terraform/modules/acm/variables.tf b/infrastructure/terraform/modules/acm/variables.tf deleted file mode 100644 index 57becb9a..00000000 --- a/infrastructure/terraform/modules/acm/variables.tf +++ /dev/null @@ -1,13 +0,0 @@ -variable "dns_domain" { - description = "Domain to create cert for, e.g. example.com" -} - -variable "create_route53_records" { - description = "Whether to create Route53 records for validation: true for primary, false for secondary cert." - default = true -} - -variable "validation_record_ttl" { - description = "Time-to-live for Route53 validation records" - default = 60 -} diff --git a/infrastructure/terraform/modules/acm/vars.tf b/infrastructure/terraform/modules/acm/vars.tf deleted file mode 100644 index dffbba73..00000000 --- a/infrastructure/terraform/modules/acm/vars.tf +++ /dev/null @@ -1,59 +0,0 @@ -# Common vars used to name and tag things - -variable "org" { - description = "The organization, short name" -} - -variable "org_unique" { - description = "The organization, globally unique name for e.g. S3 buckets" -} - -variable "app_name" { - description = "The application name (hyphenated)" -} - -variable "env" { - description = "Environment, e.g. prod, stage, dev" -} - -variable "owner" { - description = "Creator of resources, e.g. ops or jake" -} - -variable "extra_tags" { - description = "Extra tags to attach to things" - type = map - default = {} -} - -# For referencing bucket state in modules - -variable "remote_state_s3_bucket_region" { - description = "AWS region for state file, e.g. us-east-1" -} - -variable "remote_state_s3_bucket_name" { - description = "Bucket name for remote state, e.g. org-project-tfstate" -} - -variable "remote_state_s3_key_prefix" { - description = "Prefix in bucket where config starts, e.g. stage/ or project/stage/" -} - -# Configure for AWS environment, e.g. China (Beijing) Region - -# https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html -variable "aws_partition" { - description = "aws is a common partition name. aws-cn for China" - default = "aws" -} - -variable "aws_service_endpoint_ec2" { - description = "EC2 endpoint" - default = "ec2.amazonaws.com" -} - -variable "has_kms" { - description = "Whether KMS is available" - default = true -} diff --git a/infrastructure/terraform/modules/route53-delegation-set/main.tf b/infrastructure/terraform/modules/route53-delegation-set/main.tf deleted file mode 100644 index ecfee632..00000000 --- a/infrastructure/terraform/modules/route53-delegation-set/main.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Create Route53 delgation set -# -# A delegation set is a set of nameservers which will be used when creating a -# zone. It's useful to create it separately from the zone, as you can then -# specify the nameservers for the domain in the registrar and they will stay -# the same even if you delete the Route53 zone and create it again. - -# Example config: -# terraform { -# source = "${get_terragrunt_dir()}/../../../modules//route53-delegation-set" -# } -# dependencies { -# paths = [] -# } -# include { -# path = find_in_parent_folders() -# } - -# https://www.terraform.io/docs/providers/aws/r/route53_delegation_set.html -resource "aws_route53_delegation_set" "main" { - reference_name = var.reference_name -} diff --git a/infrastructure/terraform/modules/route53-delegation-set/outputs.tf b/infrastructure/terraform/modules/route53-delegation-set/outputs.tf deleted file mode 100644 index 7e036ccd..00000000 --- a/infrastructure/terraform/modules/route53-delegation-set/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "id" { - description = "Delegation set id" - value = aws_route53_delegation_set.main.id -} - -output "name_servers" { - description = "Delegation set name servers" - value = aws_route53_delegation_set.main.name_servers -} diff --git a/infrastructure/terraform/modules/route53-delegation-set/provider.tf b/infrastructure/terraform/modules/route53-delegation-set/provider.tf deleted file mode 100644 index ae02c052..00000000 --- a/infrastructure/terraform/modules/route53-delegation-set/provider.tf +++ /dev/null @@ -1,23 +0,0 @@ -terraform { - backend "s3" { - } - required_version = ">= 0.12" -} - -provider "aws" { - alias = "cloudfront" - region = "us-east-1" - version = "~> 2.0" -} - -# https://www.terraform.io/docs/modules/usage.html#passing-providers-explicitly -# https://git.io/fh0qw - -variable "aws_region" { - description = "The AWS region to deploy to (e.g. us-east-1)" -} - -provider "aws" { - region = var.aws_region - version = "~> 2.0" -} diff --git a/infrastructure/terraform/modules/route53-delegation-set/variables.tf b/infrastructure/terraform/modules/route53-delegation-set/variables.tf deleted file mode 100644 index 9041cc55..00000000 --- a/infrastructure/terraform/modules/route53-delegation-set/variables.tf +++ /dev/null @@ -1,4 +0,0 @@ -variable "reference_name" { - description = "Reference name of delegation set" - default = "main" -} diff --git a/infrastructure/terraform/modules/route53-delegation-set/vars.tf b/infrastructure/terraform/modules/route53-delegation-set/vars.tf deleted file mode 100644 index dffbba73..00000000 --- a/infrastructure/terraform/modules/route53-delegation-set/vars.tf +++ /dev/null @@ -1,59 +0,0 @@ -# Common vars used to name and tag things - -variable "org" { - description = "The organization, short name" -} - -variable "org_unique" { - description = "The organization, globally unique name for e.g. S3 buckets" -} - -variable "app_name" { - description = "The application name (hyphenated)" -} - -variable "env" { - description = "Environment, e.g. prod, stage, dev" -} - -variable "owner" { - description = "Creator of resources, e.g. ops or jake" -} - -variable "extra_tags" { - description = "Extra tags to attach to things" - type = map - default = {} -} - -# For referencing bucket state in modules - -variable "remote_state_s3_bucket_region" { - description = "AWS region for state file, e.g. us-east-1" -} - -variable "remote_state_s3_bucket_name" { - description = "Bucket name for remote state, e.g. org-project-tfstate" -} - -variable "remote_state_s3_key_prefix" { - description = "Prefix in bucket where config starts, e.g. stage/ or project/stage/" -} - -# Configure for AWS environment, e.g. China (Beijing) Region - -# https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html -variable "aws_partition" { - description = "aws is a common partition name. aws-cn for China" - default = "aws" -} - -variable "aws_service_endpoint_ec2" { - description = "EC2 endpoint" - default = "ec2.amazonaws.com" -} - -variable "has_kms" { - description = "Whether KMS is available" - default = true -} diff --git a/infrastructure/terraform/modules/route53-zone/main.tf b/infrastructure/terraform/modules/route53-zone/main.tf deleted file mode 100644 index 26b6ecac..00000000 --- a/infrastructure/terraform/modules/route53-zone/main.tf +++ /dev/null @@ -1,26 +0,0 @@ -# Create Route53 hosted zone for public domain. - -# Example config: -# terraform { -# source = "${get_terragrunt_dir()}/../../../modules//route53-zone" -# } -# dependency "delegation-set" { -# config_path = "../route53-delegation-set" -# } -# include { -# path = find_in_parent_folders() -# } -# -# inputs = { -# name = "example.com" -# delegation_set_id = dependency.delegation-set.outputs.id -# -# # Useful in dev, unsafe in prod -# force_destroy = true -# } - -resource "aws_route53_zone" "this" { - name = var.name - delegation_set_id = var.delegation_set_id - force_destroy = var.force_destroy -} diff --git a/infrastructure/terraform/modules/route53-zone/outputs.tf b/infrastructure/terraform/modules/route53-zone/outputs.tf deleted file mode 100644 index 86bbb0cf..00000000 --- a/infrastructure/terraform/modules/route53-zone/outputs.tf +++ /dev/null @@ -1,19 +0,0 @@ -output "name" { - description = "The Hosted Zone name" - value = aws_route53_zone.this.name -} - -output "name_nodot" { - description = "The Hosted Zone name without the trailing dot" - value = replace(aws_route53_zone.this.name, "/\\.$/", "") -} - -output "zone_id" { - description = "The Hosted Zone ID" - value = aws_route53_zone.this.zone_id -} - -output "name_servers" { - description = "A list of name servers in associated (or default) delegation set" - value = aws_route53_zone.this.name_servers -} diff --git a/infrastructure/terraform/modules/route53-zone/provider.tf b/infrastructure/terraform/modules/route53-zone/provider.tf deleted file mode 100644 index ae02c052..00000000 --- a/infrastructure/terraform/modules/route53-zone/provider.tf +++ /dev/null @@ -1,23 +0,0 @@ -terraform { - backend "s3" { - } - required_version = ">= 0.12" -} - -provider "aws" { - alias = "cloudfront" - region = "us-east-1" - version = "~> 2.0" -} - -# https://www.terraform.io/docs/modules/usage.html#passing-providers-explicitly -# https://git.io/fh0qw - -variable "aws_region" { - description = "The AWS region to deploy to (e.g. us-east-1)" -} - -provider "aws" { - region = var.aws_region - version = "~> 2.0" -} diff --git a/infrastructure/terraform/modules/route53-zone/variables.tf b/infrastructure/terraform/modules/route53-zone/variables.tf deleted file mode 100644 index 1a9ed302..00000000 --- a/infrastructure/terraform/modules/route53-zone/variables.tf +++ /dev/null @@ -1,12 +0,0 @@ -variable "name" { - description = "Name (DNS domain), e.g. example.com" -} - -variable "delegation_set_id" { - description = "Delegation set id" -} - -variable "force_destroy" { - description = "Force destroy even if there are subdomains" - default = false -} diff --git a/infrastructure/terraform/modules/route53-zone/vars.tf b/infrastructure/terraform/modules/route53-zone/vars.tf deleted file mode 100644 index dffbba73..00000000 --- a/infrastructure/terraform/modules/route53-zone/vars.tf +++ /dev/null @@ -1,59 +0,0 @@ -# Common vars used to name and tag things - -variable "org" { - description = "The organization, short name" -} - -variable "org_unique" { - description = "The organization, globally unique name for e.g. S3 buckets" -} - -variable "app_name" { - description = "The application name (hyphenated)" -} - -variable "env" { - description = "Environment, e.g. prod, stage, dev" -} - -variable "owner" { - description = "Creator of resources, e.g. ops or jake" -} - -variable "extra_tags" { - description = "Extra tags to attach to things" - type = map - default = {} -} - -# For referencing bucket state in modules - -variable "remote_state_s3_bucket_region" { - description = "AWS region for state file, e.g. us-east-1" -} - -variable "remote_state_s3_bucket_name" { - description = "Bucket name for remote state, e.g. org-project-tfstate" -} - -variable "remote_state_s3_key_prefix" { - description = "Prefix in bucket where config starts, e.g. stage/ or project/stage/" -} - -# Configure for AWS environment, e.g. China (Beijing) Region - -# https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html -variable "aws_partition" { - description = "aws is a common partition name. aws-cn for China" - default = "aws" -} - -variable "aws_service_endpoint_ec2" { - description = "EC2 endpoint" - default = "ec2.amazonaws.com" -} - -variable "has_kms" { - description = "Whether KMS is available" - default = true -} diff --git a/infrastructure/terraform/modules/vpc/main.tf b/infrastructure/terraform/modules/vpc/main.tf deleted file mode 100644 index 26a4b725..00000000 --- a/infrastructure/terraform/modules/vpc/main.tf +++ /dev/null @@ -1,58 +0,0 @@ -# Create the VPC for the app - -module "vpc" { - # version = "~> 1.66.0" - version = "~> 2.0" - - # https://github.com/terraform-aws-modules/terraform-aws-vpc - source = "terraform-aws-modules/vpc/aws" - - name = var.app_name - - cidr = var.cidr - private_subnets = var.private_subnets - public_subnets = var.public_subnets - - azs = var.availability_zones - - enable_dns_hostnames = true - enable_dns_support = true - - enable_nat_gateway = var.enable_nat_gateway - single_nat_gateway = var.single_nat_gateway - - map_public_ip_on_launch = true - - enable_s3_endpoint = true - enable_dynamodb_endpoint = false - - enable_vpn_gateway = var.enable_vpn_gateway - amazon_side_asn = var.amazon_side_asn - customer_gateways = var.customer_gateways - - tags = merge( - { - "Name" = var.app_name - "org" = var.org - "app" = var.app_name - "env" = var.env - "owner" = var.owner - }, - var.extra_tags, - ) - - public_subnet_tags = merge({"type" = "public"}, var.public_subnet_tags) - private_subnet_tags = merge({"type" = "private"}, var.private_subnet_tags) - public_route_table_tags = var.public_route_table_tags - private_route_table_tags = var.private_route_table_tags -} - -# Private DNS zone for app in VPC -resource "aws_route53_zone" "this" { - count = var.enable_route53 ? 1 : 0 - name = var.private_dns_domain == "" ? "${var.app_name}.internal" : var.private_dns_domain - - vpc { - vpc_id = module.vpc.vpc_id - } -} diff --git a/infrastructure/terraform/modules/vpc/outputs.tf b/infrastructure/terraform/modules/vpc/outputs.tf deleted file mode 100644 index 3e365f54..00000000 --- a/infrastructure/terraform/modules/vpc/outputs.tf +++ /dev/null @@ -1,119 +0,0 @@ -# VPC -output "vpc_id" { - description = "The ID of the VPC" - value = module.vpc.vpc_id -} - -output "vpc_cidr_block" { - description = "The CIDR block of the VPC" - value = module.vpc.vpc_cidr_block -} - -output "default_security_group_id" { - description = "The ID of the security group created by default on VPC creation" - value = module.vpc.default_security_group_id -} - -output "default_network_acl_id" { - description = "The ID of the default network ACL" - value = module.vpc.default_network_acl_id -} - -# Subnets -output "private_subnets" { - description = "List of IDs of private subnets" - value = module.vpc.private_subnets -} - -output "private_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.private_subnets_cidr_blocks -} - -output "public_subnets" { - description = "List of IDs of public subnets" - value = module.vpc.public_subnets -} - -output "public_subnets_cidr_blocks" { - description = "List of cidr_blocks of private subnets" - value = module.vpc.public_subnets_cidr_blocks -} - -output "subnets" { - description = "Subnets as a map keyed by name" - value = { - "private" = module.vpc.private_subnets - "public" = module.vpc.public_subnets - } -} - -# Route tables -output "public_route_table_ids" { - description = "List of IDs of public route tables" - value = module.vpc.public_route_table_ids -} - -output "private_route_table_ids" { - description = "List of IDs of private route tables" - value = module.vpc.private_route_table_ids -} - -output "nat_ids" { - description = "List of allocation ID of Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_ids -} - -output "nat_public_ips" { - description = "List of public Elastic IPs created for AWS NAT Gateway" - value = module.vpc.nat_public_ips -} - -output "natgw_ids" { - description = "List of NAT Gateway IDs" - value = module.vpc.natgw_ids -} - -# Internet Gateway -output "igw_id" { - description = "The ID of the Internet Gateway" - value = module.vpc.igw_id -} - -# VPN Gateway -output "vgw_id" { - description = "The ID of the VPN Gateway" - value = module.vpc.vgw_id -} - -# Customer Gateway -output "cgw_ids" { - description = "List of IDs of Customer Gateway" - value = module.vpc.cgw_ids -} - -# VPC Endpoints -output "vpc_endpoint_s3_id" { - description = "The ID of VPC endpoint for S3" - value = module.vpc.vpc_endpoint_s3_id -} - -output "vpc_endpoint_dynamodb_id" { - description = "The ID of VPC endpoint for DynamoDB" - value = module.vpc.vpc_endpoint_dynamodb_id -} - -output "private_dns_zone_id" { - description = "Route53 zone_id for the private zone" - value = join("", aws_route53_zone.this.*.zone_id) -} - -output "private_dns_domain" { - description = "Route53 domain name for the private zone" - value = join("", aws_route53_zone.this.*.name) -} - -output "private_dns_domain_nodot" { - description = "Route53 domain name for the private zone" - value = replace(join("", aws_route53_zone.this.*.name), "/\\.$/", "") -} diff --git a/infrastructure/terraform/modules/vpc/provider.tf b/infrastructure/terraform/modules/vpc/provider.tf deleted file mode 100644 index ae02c052..00000000 --- a/infrastructure/terraform/modules/vpc/provider.tf +++ /dev/null @@ -1,23 +0,0 @@ -terraform { - backend "s3" { - } - required_version = ">= 0.12" -} - -provider "aws" { - alias = "cloudfront" - region = "us-east-1" - version = "~> 2.0" -} - -# https://www.terraform.io/docs/modules/usage.html#passing-providers-explicitly -# https://git.io/fh0qw - -variable "aws_region" { - description = "The AWS region to deploy to (e.g. us-east-1)" -} - -provider "aws" { - region = var.aws_region - version = "~> 2.0" -} diff --git a/infrastructure/terraform/modules/vpc/variables.tf b/infrastructure/terraform/modules/vpc/variables.tf deleted file mode 100644 index 538413fd..00000000 --- a/infrastructure/terraform/modules/vpc/variables.tf +++ /dev/null @@ -1,118 +0,0 @@ -# variable "name" { -# description = "Name to be used on all the resources as identifier" -# default = "" -# } - -variable "availability_zones" { - description = "Availaibility zones" - type = list(string) -} - -variable "cidr" { - description = "The CIDR block for the VPC" - default = "10.10.0.0/16" -} - -variable "public_subnets" { - description = "A list of public subnets inside the VPC" - type = list(string) - default = [] - # default = ["10.10.11.0/24", "10.10.12.0/24"] -} - -variable "private_subnets" { - description = "A list of private subnets inside the VPC" - type = list(string) - default = [] - # default = ["10.10.1.0/24", "10.10.2.0/24"] -} - -# create_database_subnet_group = true -# create_database_subnet_route_table = true -# create_database_internet_gateway_route = true - -variable "enable_nat_gateway" { - description = "Provision NAT Gateways for each of your private networks" - default = false -} - -variable "single_nat_gateway" { - description = "Provision a single shared NAT Gateway across all of your private networks" - default = false -} - -variable "enable_vpn_gateway" { - description = "To create a new VPN Gateway resource and attach it to the VPC" - default = false -} - -variable "amazon_side_asn" { - description = "The Autonomous System Number (ASN) for the Amazon side of the gateway. By default the virtual private gateway is created with the current default Amazon ASN" - default = 64620 -} - -variable "customer_gateways" { - description = "Maps of Customer Gateway's attributes (BGP ASN and Gateway's Internet-routable external IP address)" - type = map(map(any)) - default = {} -} - -#variable "enable_dynamodb_endpoint" { -# description = "Provision a DynamoDB endpoint to the VPC" -# default = false -#} - -#variable "enable_s3_endpoint" { -# description = "Provision an S3 endpoint to the VPC" -# default = false -#} - -# variable "map_public_ip_on_launch" { -# description = "Should be false if you do not want to auto-assign public IP on launch" -# default = true -# } - -# variable "private_propagating_vgws" { -# description = "A list of VGWs the private route table should propagate" -# default = [] -# } - -# variable "public_propagating_vgws" { -# description = "A list of VGWs the public route table should propagate" -# default = [] -# } - -variable "tags" { - description = "A map of tags to add to all resources" - default = {} -} - -variable "public_subnet_tags" { - description = "Additional tags for the public subnets" - default = {} -} - -variable "private_subnet_tags" { - description = "Additional tags for the private subnets" - default = {} -} - -variable "public_route_table_tags" { - description = "Additional tags for the public route tables" - default = {} -} - -variable "private_route_table_tags" { - description = "Additional tags for the private route tables" - default = {} -} - -variable "private_dns_domain" { - description = "Private DNS domain, e.g. foo.local" - default = "" -} - -variable "enable_route53" { - description = "Whether or not to enable route53 zone creation" - default = true -} diff --git a/infrastructure/terraform/modules/vpc/vars.tf b/infrastructure/terraform/modules/vpc/vars.tf deleted file mode 100644 index dffbba73..00000000 --- a/infrastructure/terraform/modules/vpc/vars.tf +++ /dev/null @@ -1,59 +0,0 @@ -# Common vars used to name and tag things - -variable "org" { - description = "The organization, short name" -} - -variable "org_unique" { - description = "The organization, globally unique name for e.g. S3 buckets" -} - -variable "app_name" { - description = "The application name (hyphenated)" -} - -variable "env" { - description = "Environment, e.g. prod, stage, dev" -} - -variable "owner" { - description = "Creator of resources, e.g. ops or jake" -} - -variable "extra_tags" { - description = "Extra tags to attach to things" - type = map - default = {} -} - -# For referencing bucket state in modules - -variable "remote_state_s3_bucket_region" { - description = "AWS region for state file, e.g. us-east-1" -} - -variable "remote_state_s3_bucket_name" { - description = "Bucket name for remote state, e.g. org-project-tfstate" -} - -variable "remote_state_s3_key_prefix" { - description = "Prefix in bucket where config starts, e.g. stage/ or project/stage/" -} - -# Configure for AWS environment, e.g. China (Beijing) Region - -# https://docs.aws.amazon.com/AmazonS3/latest/dev/s3-arn-format.html -variable "aws_partition" { - description = "aws is a common partition name. aws-cn for China" - default = "aws" -} - -variable "aws_service_endpoint_ec2" { - description = "EC2 endpoint" - default = "ec2.amazonaws.com" -} - -variable "has_kms" { - description = "Whether KMS is available" - default = true -} diff --git a/infrastructure/terraform/set_env.sh b/infrastructure/terraform/set_env.sh deleted file mode 100644 index dfecee84..00000000 --- a/infrastructure/terraform/set_env.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env bash - -# Configure for the environment - -# Input env variables -# ENV: environment, e.g. `dev`, `stage`, `demo`, `prod` - -if [ -z "$ENV" ]; then - echo "error: Environment var ENV not set" >&2 -fi - -# Organization that the app runs under, e.g. company or project -export ORG=gctechspace -# Application, group of services -export APP=membermatters -# Creator of resources, e.g. "ops" or a developer -export OWNER=gctechspace - -# Per org + environment -export AWS_PROFILE="$ORG-$ENV" -# Per app + environment -# export AWS_PROFILE="$APP-$ENV" - -# Default region -# Location where Packer will build AMI -export AWS_REGION="${AWS_REGION:-ap-southeast-2}" -export AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-ap-southeast-2}" - -##################################################### -# Terraform - -# EC2 keypair used when creating instances -export TF_VAR_keypair_name=$ORG-$ENV -# export TF_VAR_keypair_name=$APP-$ENV - -# Set Terraform vars matching the env vars -export TF_VAR_env=$ENV -# export TF_VAR_org=$ORG -export TF_VAR_app_name=$APP -# Create versions of app name with different conventions -# Default name is expected to be hyphen -export TF_VAR_app_name_hyphen=$APP -# export TF_VAR_app_name_underscore=$(echo "$APP" | tr '-' '_') -# export TF_VAR_app_name_alpha=$(echo "$APP" | tr -d -c '[a-zA-Z0-9]') -export TF_VAR_owner=$OWNER - -# Name and location of Terraform state tracking bucket -export TF_VAR_remote_state_s3_bucket_name="${ORG}-${TF_VAR_app_name_hyphen}-${ENV}-tfstate" -export TF_VAR_remote_state_s3_bucket_name_prefix="${ORG}-${TF_VAR_app_name_hyphen}" -export TF_VAR_remote_state_s3_key_prefix="${ENV}/" - -# Keep the Terraform state in a single place, no matter where the resources are. -export TF_VAR_remote_state_s3_bucket_region=us-east-1