Converting dev destroy to individual jobs (#1468)

Dev environment destroy fixes!
cds-snc · Aug 23, 2024 · a3a380e · a3a380e
1 parent e79b9f7
commit a3a380e
Show file tree

Hide file tree

Showing 44 changed files with 1,970 additions and 183 deletions.
diff --git a/.github/workflows/terragrunt_create_dev_environment.yml b/.github/workflows/terragrunt_create_dev_environment.yml
diff --git a/.github/workflows/terragrunt_destroy_environment.yml b/.github/workflows/terragrunt_destroy_environment.yml
diff --git a/aws/dns/notification.cdssandbox.xyz.tf b/aws/dns/notification.cdssandbox.xyz.tf
@@ -1,12 +1,12 @@
 resource "aws_route53_zone" "notification-sandbox" {
-  count = var.env == "production" ? 0 : 1
+  count = var.env == "staging" ? 1 : 0
   name  = "notification.cdssandbox.xyz"
 }
 
 resource "aws_route53_record" "notification-sandbox-MX" {
   count    = var.env == "production" ? 0 : 1
   provider = aws.dns
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   name     = var.domain
   type     = "MX"
   ttl      = "300"
@@ -16,7 +16,7 @@ resource "aws_route53_record" "notification-sandbox-MX" {
 resource "aws_route53_record" "bounce-notification-sandbox-MX" {
   count    = var.env == "production" ? 0 : 1
   provider = aws.dns
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   name     = "bounce.${var.domain}"
   type     = "MX"
   ttl      = "300"
@@ -26,7 +26,7 @@ resource "aws_route53_record" "bounce-notification-sandbox-MX" {
 resource "aws_route53_record" "bounce-custom-notification-sandbox-MX" {
   count    = var.env == "production" ? 0 : 1
   provider = aws.dns
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   name     = "bounce.custom-sending-domain.${var.domain}"
   type     = "MX"
   ttl      = "300"
@@ -36,7 +36,7 @@ resource "aws_route53_record" "bounce-custom-notification-sandbox-MX" {
 resource "aws_route53_record" "ses-notification-sandbox-TXT" {
   count    = var.env == "production" ? 0 : 1
   provider = aws.dns
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   name     = "_amazonses.${var.domain}"
   type     = "TXT"
   ttl      = "300"
@@ -48,7 +48,7 @@ resource "aws_route53_record" "ses-notification-sandbox-TXT" {
 resource "aws_route53_record" "dmarc-notification-sandbox-TXT" {
   count    = var.env == "production" ? 0 : 1
   provider = aws.dns
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   name     = "_dmarc.${var.domain}"
   type     = "TXT"
   ttl      = "300"
@@ -58,7 +58,7 @@ resource "aws_route53_record" "dmarc-notification-sandbox-TXT" {
 resource "aws_route53_record" "notification-sandbox-TXT" {
   count    = var.env == "production" ? 0 : 1
   provider = aws.dns
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   name     = var.domain
   type     = "TXT"
   ttl      = "300"
@@ -70,7 +70,7 @@ resource "aws_route53_record" "notification-sandbox-TXT" {
 resource "aws_route53_record" "bounce-notification-sandbox-TXT" {
   count    = var.env == "production" ? 0 : 1
   provider = aws.dns
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   name     = "bounce.${var.domain}"
   type     = "TXT"
   ttl      = "300"
@@ -79,7 +79,7 @@ resource "aws_route53_record" "bounce-notification-sandbox-TXT" {
 
 resource "aws_route53_record" "custom-domain-aws-ses-sandbox-TXT" {
   count    = var.env == "production" ? 0 : 1
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   provider = aws.dns
   name     = "_amazonses.custom-sending-domain.${var.domain}"
   type     = "TXT"
@@ -90,7 +90,7 @@ resource "aws_route53_record" "custom-domain-aws-ses-sandbox-TXT" {
 resource "aws_route53_record" "custom-domain-ses-sandbox-TXT" {
   count    = var.env == "production" ? 0 : 1
   provider = aws.dns
-  zone_id  = aws_route53_zone.notification-sandbox[0].zone_id
+  zone_id  = var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
   name     = "custom-sending-domain.${var.domain}"
   type     = "TXT"
   ttl      = "300"

diff --git a/aws/dns/outputs.tf b/aws/dns/outputs.tf
@@ -46,5 +46,5 @@ output "internal_dns_name" {
 }
 
 output "route53_zone_id" {
-  value = var.env == "production" ? aws_route53_zone.notification-canada-ca[0].zone_id : aws_route53_zone.notification-sandbox[0].zone_id
+  value = var.env == "production" ? aws_route53_zone.notification-canada-ca[0].zone_id : var.env == "staging" ? aws_route53_zone.notification-sandbox[0].zone_id : var.hosted_zone_id
 }
diff --git a/aws/dns/secrets.tf b/aws/dns/secrets.tf
@@ -9,7 +9,8 @@ resource "aws_secretsmanager_secret_version" "internal_dns_cert_base64" {
 }
 
 resource "aws_secretsmanager_secret" "internal_dns_key_base64" {
-  name = "INTERNAL_DNS_KEY_BASE64"
+  name                    = "INTERNAL_DNS_KEY_BASE64"
+  recovery_window_in_days = 0
 }
 
 resource "aws_secretsmanager_secret_version" "internal_dns_key_base64" {
@@ -18,7 +19,8 @@ resource "aws_secretsmanager_secret_version" "internal_dns_key_base64" {
 }
 
 resource "aws_secretsmanager_secret" "internal_dns_fqdn" {
-  name = "INTERNAL_DNS_FQDN"
+  name                    = "INTERNAL_DNS_FQDN"
+  recovery_window_in_days = 0
 }
 
 resource "aws_secretsmanager_secret_version" "internal_dns_fqdn" {

diff --git a/aws/dns/variables.tf b/aws/dns/variables.tf
@@ -19,4 +19,10 @@ variable "scratch_account_ids" {
 variable "vpc_id" {
   type        = string
   description = "Used to associate the internal DNS with the VPC"
+}
+
+variable "hosted_zone_id" {
+  type        = string
+  description = "Used to associate the internal DNS with the VPC"
+  default     = "Z04028033PLSHVOO9ZJ1Z"
 }
diff --git a/aws/eks/sentinel.tf b/aws/eks/sentinel.tf
@@ -12,7 +12,7 @@ module "sentinel_forwarder" {
   function_name     = "sentinel-cloud-watch-forwarder"
   billing_tag_value = "notification-canada-ca-${var.env}"
 
-  layer_arn = "arn:aws:lambda:ca-central-1:283582579564:layer:aws-sentinel-connector-layer:132"
+  layer_arn = "arn:aws:lambda:ca-central-1:283582579564:layer:aws-sentinel-connector-layer:150"
 
   customer_id = var.sentinel_customer_id
   shared_key  = var.sentinel_shared_key

diff --git a/aws/lambda-api/secrets_manager.tf b/aws/lambda-api/secrets_manager.tf
@@ -1,12 +1,5 @@
-resource "random_string" "new_relic_postfix" {
-  count = var.env == "production" || var.env == "staging" ? 0 : 1
-
-  length  = 8
-  special = false
-}
-
 resource "aws_secretsmanager_secret" "new-relic-license-key" {
-  name                    = var.env == "production" || var.env == "staging" ? "NEW_RELIC_LICENSE_KEY" : "NEW_RELIC_LICENSE_KEY_${random_string.new_relic_postfix[0].result}"
+  name                    = "NEW_RELIC_LICENSE_KEY"
   description             = "The New Relic license key, for sending telemetry"
   recovery_window_in_days = 0
 }