UML-3225 Remove unnecessary data lookups (#2472)

* UML-3225 Remove unnecessary data lookups
ministryofjustice · Dec 21, 2023 · 9d5a2fe · 9d5a2fe
1 parent 3a7a362
commit 9d5a2fe
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 125 deletions.
diff --git a/terraform/account/locals.tf b/terraform/account/locals.tf
@@ -1,13 +1,16 @@
 variable "pagerduty_token" {
+  type        = string
+  description = "Token for the PagerDuty API"
 }
 
 variable "account_mapping" {
   type = map(string)
 }
 
 variable "lambda_container_version" {
-  type    = string
-  default = "latest"
+  description = "The version of the lambda container to use"
+  type        = string
+  default     = "latest"
 }
 variable "accounts" {
   type = map(
@@ -43,9 +46,6 @@ locals {
   account      = var.accounts[local.account_name]
   environment  = lower(terraform.workspace)
 
-  dns_namespace_acc = local.environment == "production" ? "" : "${local.account_name}."
-  dns_namespace_env = local.account_name == "production" ? "" : "${local.environment}."
-  dev_wildcard      = local.account_name == "production" ? "" : "*."
 
   mandatory_moj_tags = {
     business-unit    = "OPG"

diff --git a/terraform/account/region/variables.tf b/terraform/account/region/variables.tf
@@ -1,17 +1,44 @@
 variable "account" {
   description = "The account object"
+  type = object({
+    account_id             = string
+    shared_account_id      = number
+    is_production          = bool
+    retention_in_days      = number
+    pagerduty_service_name = string
+    pagerduty_service_id   = string
+    opg_metrics = object({
+      enabled                     = bool
+      api_key_secretsmanager_name = string
+      endpoint_url                = string
+    })
+    dns_firewall = object({
+      enabled         = bool
+      domains_allowed = list(string)
+      domains_blocked = list(string)
+    })
+    dynamodb_cloudtrail = object({
+      enabled            = bool
+      trail_name_suffix  = string
+      bucket_name_suffix = string
+    })
+    s3_access_log_bucket_name = string
+  })
 }
 
 variable "account_name" {
   description = "The account name"
+  type        = string
 }
 
 variable "environment_name" {
   description = "The environment name"
+  type        = string
 }
 
 variable "lambda_container_version" {
   description = "The version of the lambda container"
+  type        = string
 }
 
 variable "vpc_flow_logs_iam_role" {

diff --git a/terraform/account/terraform.tf b/terraform/account/terraform.tf
@@ -23,11 +23,17 @@ terraform {
       source  = "PagerDuty/pagerduty"
       version = "~> 3.1.0"
     }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 4.0.0"
+    }
   }
 }
 
 variable "default_role" {
-  default = "opg-use-an-lpa-ci"
+  default     = "opg-use-an-lpa-ci"
+  type        = string
+  description = "The default role to assume for the AWS providers"
 }
 
 provider "aws" {

diff --git a/terraform/environment/locals.tf b/terraform/environment/locals.tf
@@ -117,13 +117,11 @@ variable "environments" {
 }
 
 locals {
-  environment_name     = lower(replace(terraform.workspace, "_", "-"))
-  environment          = contains(keys(var.environments), local.environment_name) ? var.environments[local.environment_name] : var.environments["default"]
-  dns_namespace_acc    = local.environment_name == "production" ? "" : "${local.environment.account_name}."
-  dns_namespace_env    = local.environment.account_name == "production" ? "" : "${local.environment_name}."
-  dev_wildcard         = local.environment.account_name == "production" ? "" : "*."
-  capacity_provider    = local.environment.fargate_spot ? "FARGATE_SPOT" : "FARGATE"
-  policy_region_prefix = lower(replace(data.aws_region.current.name, "-", ""))
+  environment_name  = lower(replace(terraform.workspace, "_", "-"))
+  environment       = contains(keys(var.environments), local.environment_name) ? var.environments[local.environment_name] : var.environments["default"]
+  dns_namespace_env = local.environment.account_name == "production" ? "" : "${local.environment_name}."
+  dev_wildcard      = local.environment.account_name == "production" ? "" : "*."
+  capacity_provider = local.environment.fargate_spot ? "FARGATE_SPOT" : "FARGATE"
 
   mandatory_moj_tags = {
     business-unit    = "OPG"

diff --git a/terraform/environment/shared_data_sources.tf b/terraform/environment/shared_data_sources.tf
@@ -1,32 +1,3 @@
-data "aws_vpc" "default" {
-  default = "true"
-}
-
-data "aws_subnets" "private" {
-  filter {
-    name   = "vpc-id"
-    values = [data.aws_vpc.default.id]
-  }
-
-  tags = {
-    Name = "private"
-  }
-}
-
-data "aws_subnets" "public" {
-  filter {
-    name   = "vpc-id"
-    values = [data.aws_vpc.default.id]
-  }
-
-  tags = {
-    Name = "public"
-  }
-}
-
-data "aws_cloudwatch_log_group" "use-an-lpa" {
-  name = "use-an-lpa"
-}
 
 data "aws_acm_certificate" "certificate_view" {
   domain = "${local.dev_wildcard}view.lastingpowerofattorney.opg.service.justice.gov.uk"
@@ -48,64 +19,13 @@ data "aws_acm_certificate" "public_facing_certificate_use" {
   domain = "${local.dev_wildcard}use-lasting-power-of-attorney.service.gov.uk"
 }
 
-data "aws_kms_alias" "sessions_viewer" {
-  name = "alias/sessions-viewer-mrk"
-}
-
-data "aws_kms_alias" "sessions_actor" {
-  name = "alias/sessions-actor-mrk"
-}
-
-data "aws_kms_alias" "secrets_manager" {
-  name = "alias/secrets_manager_encryption-mrk"
-}
-
-data "aws_kms_alias" "pagerduty_sns" {
-  name = "alias/pagerduty-sns"
-}
-
 data "aws_kms_alias" "cloudwatch_encryption" {
   name = "alias/cloudwatch-encryption-mrk"
 }
 
 //--------------------
 // ECR Repos
 
-data "aws_ecr_repository" "use_an_lpa_front_web" {
-  provider = aws.management
-  name     = "use_an_lpa/front_web"
-}
-
-data "aws_ecr_repository" "use_an_lpa_front_app" {
-  provider = aws.management
-  name     = "use_an_lpa/front_app"
-}
-
-data "aws_ecr_repository" "use_an_lpa_api_app" {
-  provider = aws.management
-  name     = "use_an_lpa/api_app"
-}
-
-data "aws_ecr_repository" "use_an_lpa_api_web" {
-  provider = aws.management
-  name     = "use_an_lpa/api_web"
-}
-
-data "aws_ecr_repository" "use_an_lpa_pdf" {
-  provider = aws.management
-  name     = "pdf_service"
-}
-
-data "aws_ecr_image" "pdf_service" {
-  repository_name = "pdf_service"
-  image_tag       = local.environment.pdf_container_version
-  provider        = aws.management
-}
-
-data "aws_ecr_repository" "use_an_lpa_admin_app" {
-  provider = aws.management
-  name     = "use_an_lpa/admin_app"
-}
 
 data "aws_ecr_repository" "use_an_lpa_upload_statistics" {
   provider = aws.management
@@ -116,35 +36,3 @@ module "allow_list" {
   source = "[email protected]:ministryofjustice/terraform-aws-moj-ip-allow-list.git?ref=v2.3.0"
 }
 
-data "aws_secretsmanager_secret" "notify_api_key" {
-  name = local.environment.notify_key_secret_name
-}
-
-data "aws_secretsmanager_secret" "gov-uk-onelogin-identity-private-key" {
-  name = "gov-uk-onelogin-identity-private-key"
-}
-
-data "aws_secretsmanager_secret" "gov-uk-onelogin-identity-public-key" {
-  name = "gov-uk-onelogin-identity-public-key"
-}
-
-data "aws_ip_ranges" "route53_healthchecks" {
-  services = ["route53_healthchecks"]
-  regions  = ["GLOBAL"]
-}
-
-data "aws_security_group" "brute_force_cache_service" {
-  filter {
-    name   = "group-name"
-    values = ["brute-force-cache-service*"]
-  }
-}
-
-data "aws_elasticache_replication_group" "brute_force_cache_replication_group" {
-  replication_group_id = "brute-force-cache-replication-group"
-
-}
-
-data "aws_iam_role" "ecs_autoscaling_service_role" {
-  name = "AWSServiceRoleForApplicationAutoScaling_ECSService"
-}