diff --git a/terraform/environments/wardship/application_variables.json b/terraform/environments/wardship/application_variables.json index 209d5c6d2a9..88627eca359 100644 --- a/terraform/environments/wardship/application_variables.json +++ b/terraform/environments/wardship/application_variables.json @@ -1,14 +1,13 @@ { "accounts": { "development": { - "moj_ip": "81.134.202.29/32", "db_name": "wardship_db_dev", "identifier": "wardship-db-dev", "db_username": "dbadmin", "allocated_storage": "20", "storage_type": "gp2", "engine": "postgres", - "engine_version": "14.7", + "engine_version": "14.10", "instance_class": "db.t3.micro", "server_port_1": "80", "lb_listener_protocol_1": "HTTP", @@ -23,14 +22,13 @@ "tactical_products_db_secrets_arn": "tspb4H" }, "preproduction": { - "moj_ip": "81.134.202.29/32", "db_name": "wardship_db_pre_prod", "identifier": "wardship-db-pre-prod", "db_username": "dbadmin", "allocated_storage": "20", "storage_type": "gp2", "engine": "postgres", - "engine_version": "14.7", + "engine_version": "14.10", "instance_class": "db.t3.micro", "server_port_1": "80", "lb_listener_protocol_1": "HTTP", @@ -45,14 +43,13 @@ "tactical_products_db_secrets_arn": "kVCGj1" }, "production": { - "moj_ip": "81.134.202.29/32", "db_name": "wardship_db_prod", "identifier": "wardship-db-prod", "db_username": "dbadmin", "allocated_storage": "20", "storage_type": "gp2", "engine": "postgres", - "engine_version": "14.7", + "engine_version": "14.10", "instance_class": "db.t3.micro", "server_port_1": "80", "lb_listener_protocol_1": "HTTP", diff --git a/terraform/environments/wardship/load_balancer.tf b/terraform/environments/wardship/load_balancer.tf index 294756dbac8..4c1434cf7e5 100644 --- a/terraform/environments/wardship/load_balancer.tf +++ b/terraform/environments/wardship/load_balancer.tf @@ -4,11 +4,19 @@ resource "aws_security_group" "wardship_lb_sc" { vpc_id = data.aws_vpc.shared.id ingress { - description = "allow access on HTTPS for the MOJ VPN" + description = "allow access on HTTPS for the Dom1 Cisco VPN" from_port = 443 to_port = 443 protocol = "tcp" - cidr_blocks = [local.application_data.accounts[local.environment].moj_ip] + cidr_blocks = ["194.33.192.1/32"] + } + + ingress { + description = "allow access on HTTPS for the Global Protect VPN" + from_port = 443 + to_port = 443 + protocol = "tcp" + cidr_blocks = ["35.176.93.186/32"] } // Allow all User IPs @@ -30,7 +38,10 @@ resource "aws_security_group" "wardship_lb_sc" { "194.33.192.0/25", "157.203.176.0/25", "201.33.21.5/32", - "54.94.206.111/32" + "54.94.206.111/32", + "18.169.147.172/32", + "18.130.148.126/32", + "35.176.148.126/32" ] } diff --git a/terraform/environments/wardship/migrate_db.sh b/terraform/environments/wardship/migrate_db.sh deleted file mode 100644 index 5632c9bd981..00000000000 --- a/terraform/environments/wardship/migrate_db.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - -export PGPASSWORD=$WARDSHIP_DB_PASSWORD; -# if database contains schema dbo then store schema name inside variable. -SCHEMA=$(psql -h ${DB_HOSTNAME} -p 5432 -U $WARDSHIP_DB_USERNAME -d $DB_NAME -c "SELECT schema_name FROM information_schema.schemata WHERE schema_name = 'dbo'" | grep -o 'dbo') -echo "Schema = $SCHEMA" - -if [ "$SCHEMA" == "dbo" ]; then - echo "The Schema dbo is already present in the database" -else - export PGPASSWORD=$SOURCE_DB_PASSWORD; - pg_dump -U $SOURCE_DB_USERNAME -h $SOURCE_DB_HOSTNAME -d $SOURCE_DB_NAME -O --section=pre-data > pre-data.sql - pg_dump -U $SOURCE_DB_USERNAME -h $SOURCE_DB_HOSTNAME -d $SOURCE_DB_NAME -t 'dbo.*_seq' > sequences.sql - pg_dump -U $SOURCE_DB_USERNAME -h $SOURCE_DB_HOSTNAME -d $SOURCE_DB_NAME -O --section=data > data.sql - pg_dump -U $SOURCE_DB_USERNAME -h $SOURCE_DB_HOSTNAME -d $SOURCE_DB_NAME -O --section=post-data > post-data.sql - - export PGPASSWORD=$WARDSHIP_DB_PASSWORD; - psql -U $WARDSHIP_DB_USERNAME -h $DB_HOSTNAME -d $DB_NAME -f pre-data.sql - psql -U $WARDSHIP_DB_USERNAME -h $DB_HOSTNAME -d $DB_NAME -f sequences.sql - psql -U $WARDSHIP_DB_USERNAME -h $DB_HOSTNAME -d $DB_NAME -f data.sql - psql -U $WARDSHIP_DB_USERNAME -h $DB_HOSTNAME -d $DB_NAME -f post-data.sql - -fi \ No newline at end of file diff --git a/terraform/environments/wardship/rds.tf b/terraform/environments/wardship/rds.tf index 51c93cb3771..cbaff95582a 100644 --- a/terraform/environments/wardship/rds.tf +++ b/terraform/environments/wardship/rds.tf @@ -84,48 +84,6 @@ data "http" "myip" { url = "http://ipinfo.io/json" } -resource "null_resource" "setup_db" { - count = local.is-development ? 0 : 1 - depends_on = [aws_db_instance.wardship_db] - - provisioner "local-exec" { - interpreter = ["bash", "-c"] - command = "chmod +x ./migrate_db.sh; ./migrate_db.sh" - - environment = { - SOURCE_DB_HOSTNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_HOSTNAME"] - SOURCE_DB_NAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_NAME"] - SOURCE_DB_USERNAME = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_USERNAME"] - SOURCE_DB_PASSWORD = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SOURCE_DB_PASSWORD"] - DB_HOSTNAME = aws_db_instance.wardship_db.address - DB_NAME = aws_db_instance.wardship_db.db_name - WARDSHIP_DB_USERNAME = local.application_data.accounts[local.environment].db_username - WARDSHIP_DB_PASSWORD = random_password.password.result - } - } - triggers = { - always_run = "${timestamp()}" - } -} - -// executes a local script to set up the security group for the source RDS instance. -resource "null_resource" "setup_source_rds_security_group" { - provisioner "local-exec" { - interpreter = ["bash", "-c"] - command = "chmod +x ./setup-security-group-${local.environment}.sh; ./setup-security-group-${local.environment}.sh" - - environment = { - RDS_SECURITY_GROUP = aws_security_group.modernisation_wardship_access.id - RDS_SOURCE_ACCOUNT_ACCESS_KEY = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["ACCESS_KEY"] - RDS_SOURCE_ACCOUNT_SECRET_KEY = jsondecode(data.aws_secretsmanager_secret_version.get_tactical_products_rds_credentials.secret_string)["SECRET_KEY"] - RDS_SOURCE_ACCOUNT_REGION = "eu-west-2" - } - } - triggers = { - always_run = "${timestamp()}" - } -} - // Sets up empty database for Development environment resource "null_resource" "setup_dev_db" { count = local.is-development ? 1 : 0 diff --git a/terraform/environments/wardship/setup-security-group-development.sh b/terraform/environments/wardship/setup-security-group-development.sh deleted file mode 100644 index 63fc5957c97..00000000000 --- a/terraform/environments/wardship/setup-security-group-development.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash - -export AWS_ACCESS_KEY_ID=$RDS_SOURCE_ACCOUNT_ACCESS_KEY -export AWS_SECRET_ACCESS_KEY=$RDS_SOURCE_ACCOUNT_SECRET_KEY -export AWS_DEFAULT_REGION=$RDS_SOURCE_ACCOUNT_REGION - -aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile dts-legacy-apps-user && -aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" --profile dts-legacy-apps-user && -aws configure set region "$AWS_DEFAULT_REGION" --profile dts-legacy-apps-user && -aws configure set output "json" --profile dts-legacy-apps-user - -aws rds modify-db-instance --db-instance-identifier postgresql-dev --vpc-security-group-ids sg-08244ba362f922899 sg-0e0f5cf0883f81945 sg-02938dce60af69c14 sg-05ea046c ${RDS_SECURITY_GROUP} --profile dts-legacy-apps-user diff --git a/terraform/environments/wardship/setup-security-group-preproduction.sh b/terraform/environments/wardship/setup-security-group-preproduction.sh deleted file mode 100644 index 706e2cb30e7..00000000000 --- a/terraform/environments/wardship/setup-security-group-preproduction.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash - -export AWS_ACCESS_KEY_ID=$RDS_SOURCE_ACCOUNT_ACCESS_KEY -export AWS_SECRET_ACCESS_KEY=$RDS_SOURCE_ACCOUNT_SECRET_KEY -export AWS_DEFAULT_REGION=$RDS_SOURCE_ACCOUNT_REGION - -aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile dts-legacy-apps-user && -aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" --profile dts-legacy-apps-user && -aws configure set region "$AWS_DEFAULT_REGION" --profile dts-legacy-apps-user && -aws configure set output "json" --profile dts-legacy-apps-user - -aws rds modify-db-instance --db-instance-identifier postgresql-staging --vpc-security-group-ids sg-08244ba362f922899 sg-0e0f5cf0883f81945 sg-04e9fe073afcc6b65 ${RDS_SECURITY_GROUP} --profile dts-legacy-apps-user \ No newline at end of file diff --git a/terraform/environments/wardship/setup-security-group-production.sh b/terraform/environments/wardship/setup-security-group-production.sh deleted file mode 100644 index 1ce01e59be2..00000000000 --- a/terraform/environments/wardship/setup-security-group-production.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash - -export AWS_ACCESS_KEY_ID=$RDS_SOURCE_ACCOUNT_ACCESS_KEY -export AWS_SECRET_ACCESS_KEY=$RDS_SOURCE_ACCOUNT_SECRET_KEY -export AWS_DEFAULT_REGION=$RDS_SOURCE_ACCOUNT_REGION - -aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID" --profile dts-legacy-apps-user && -aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY" --profile dts-legacy-apps-user && -aws configure set region "$AWS_DEFAULT_REGION" --profile dts-legacy-apps-user && -aws configure set output "json" --profile dts-legacy-apps-user - -aws rds modify-db-instance --db-instance-identifier Wardship --vpc-security-group-ids sg-08244ba362f922899 sg-05f6c8bdbb26422d0 ${RDS_SECURITY_GROUP} --profile dts-legacy-apps-user \ No newline at end of file