Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[PRMP-614] Bump up lambda runtime python version #66

Merged
merged 2 commits into from
Jul 24, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions terraform/dev.tfvars
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
environment = "dev"

mhs_cidr_newbits=8
mhs_cidr_newbits = 8

deductions_private_cidr = "10.20.0.0/16"
deductions_private_public_subnets = ["10.20.101.0/24", "10.20.102.0/24"]
Expand All @@ -14,22 +14,22 @@ deductions_core_private_subnets = ["10.25.1.0/24", "10.25.2.0/24"]
deductions_core_database_subnets = ["10.25.111.0/24", "10.25.112.0/24"]
deductions_core_azs = ["eu-west-2a", "eu-west-2b"]

mhs_repo_private_subnets = ["10.34.0.0/22", "10.34.4.0/22", "10.34.8.0/22"]
mhs_repo_public_subnets_inbound = ["10.34.12.0/22", "10.34.16.0/22", "10.34.20.0/22"]
mhs_repo_public_subnets_outbound = ["10.34.24.0/22", "10.34.28.0/22", "10.34.32.0/22"]
mhs_test_harness_private_subnets = ["10.34.128.0/22", "10.34.132.0/22", "10.34.136.0/22"]
mhs_test_harness_public_subnets_inbound = ["10.34.140.0/22", "10.34.144.0/22", "10.34.148.0/22"]
mhs_repo_private_subnets = ["10.34.0.0/22", "10.34.4.0/22", "10.34.8.0/22"]
mhs_repo_public_subnets_inbound = ["10.34.12.0/22", "10.34.16.0/22", "10.34.20.0/22"]
mhs_repo_public_subnets_outbound = ["10.34.24.0/22", "10.34.28.0/22", "10.34.32.0/22"]
mhs_test_harness_private_subnets = ["10.34.128.0/22", "10.34.132.0/22", "10.34.136.0/22"]
mhs_test_harness_public_subnets_inbound = ["10.34.140.0/22", "10.34.144.0/22", "10.34.148.0/22"]
mhs_test_harness_public_subnets_outbound = ["10.34.152.0/22", "10.34.156.0/22", "10.34.160.0/22"]


repo_mhs_cluster_domain_name = "mhs.patient-deductions.nhs.uk"
repo_mhs_cluster_domain_name = "mhs.patient-deductions.nhs.uk"
test_harness_mhs_cluster_domain_name = "test-harness-mhs.patient-deductions.nhs.uk"
mhs_vpc_cidr_block = "10.34.0.0/16"
mhs_vpc_cidr_block = "10.34.0.0/16"


deploy_mhs_test_harness = true
deploy_mhs_test_harness = true
deploy_cross_account_vpc_peering = true

inbound_sig_ips = ["3.11.206.30/32", "3.8.223.81/32", "35.178.32.211/32","3.11.177.31/32","35.177.15.89/32","3.11.199.83/32","18.132.113.121/32","18.132.31.159/32","35.178.64.126/32"]
inbound_sig_ips = ["3.11.206.30/32", "3.8.223.81/32", "35.178.32.211/32", "3.11.177.31/32", "35.177.15.89/32", "3.11.199.83/32", "18.132.113.121/32", "18.132.31.159/32", "35.178.64.126/32"]

grant_access_to_queues_through_vpn = true
30 changes: 15 additions & 15 deletions terraform/generate_cost_report.tf
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
resource "aws_lambda_function" "generate_cost_report_lambda" {
filename = var.generate_cost_report_lambda_zip
function_name = "${var.environment}-generate-cost-report-lambda"
role = aws_iam_role.generate-cost-report-role.arn
handler = "main.lambda_handler"
filename = var.generate_cost_report_lambda_zip
function_name = "${var.environment}-generate-cost-report-lambda"
role = aws_iam_role.generate-cost-report-role.arn
handler = "main.lambda_handler"
source_code_hash = filebase64sha256(var.generate_cost_report_lambda_zip)
runtime = "python3.8"
timeout = 15
memory_size = 448
runtime = "python3.12"
timeout = 15
memory_size = 448
tags = {
Environment = var.environment
CreatedBy = var.repo_name
}
environment {
variables = {
ENVIRONMENT = var.environment,
SENDER_EMAIL_SSM_PARAMETER = data.aws_ssm_parameter.sender_cost_report_email_id.name,
ENVIRONMENT = var.environment,
SENDER_EMAIL_SSM_PARAMETER = data.aws_ssm_parameter.sender_cost_report_email_id.name,
RECEIVER_EMAIL_SSM_PARAMETER = data.aws_ssm_parameter.receiver_cost_report_email_id.name
SUPPORT_EMAIL_SSM_PARAMETER = data.aws_ssm_parameter.support_cost_report_email_id.name
ACCOUNT_ID = data.aws_caller_identity.current.account_id
GENERATE_REPORT_FOR_YEAR = ""
GENERATE_REPORT_FOR_MONTH = ""
SUPPORT_EMAIL_SSM_PARAMETER = data.aws_ssm_parameter.support_cost_report_email_id.name
ACCOUNT_ID = data.aws_caller_identity.current.account_id
GENERATE_REPORT_FOR_YEAR = ""
GENERATE_REPORT_FOR_MONTH = ""
}
}
}
Expand All @@ -35,9 +35,9 @@ resource "aws_cloudwatch_event_rule" "generate_cost_report_end_of_every_month" {
}

resource "aws_cloudwatch_event_target" "invoke_generate_cost_report_lambda" {
rule = aws_cloudwatch_event_rule.generate_cost_report_end_of_every_month.name
rule = aws_cloudwatch_event_rule.generate_cost_report_end_of_every_month.name
target_id = "InvokeLambda"
arn = aws_lambda_function.generate_cost_report_lambda.arn
arn = aws_lambda_function.generate_cost_report_lambda.arn
}

resource "aws_lambda_permission" "allow_invocation_from_event_bridge_rule" {
Expand Down
2 changes: 1 addition & 1 deletion terraform/glue.tf
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ resource "aws_glue_crawler" "generate_cost_report_crawler" {
}

resource "aws_iam_role" "generate_cost_report_glue_role" {
name = "${var.environment}-generate-cost-report-glue-role"
name = "${var.environment}-generate-cost-report-glue-role"
description = "Glue Role to allow access to the billing reports"
assume_role_policy = data.aws_iam_policy_document.generate_cost_report_glue_assume_role_policy.json
}
Expand Down
16 changes: 8 additions & 8 deletions terraform/iam.tf
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
locals {
receiver_email_arns = split(",", "arn:aws:ses:${var.region}:${local.account_id}:identity/${join(",arn:aws:ses:${var.region}:${local.account_id}:identity/", split(",", data.aws_ssm_parameter.receiver_cost_report_email_id.value))}")
support_email_arns = split(",", "arn:aws:ses:${var.region}:${local.account_id}:identity/${join(",arn:aws:ses:${var.region}:${local.account_id}:identity/", split(",", data.aws_ssm_parameter.support_cost_report_email_id.value))}")
sender_email_arn = ["arn:aws:ses:${var.region}:${local.account_id}:identity/${data.aws_ssm_parameter.sender_cost_report_email_id.value}"]
support_email_arns = split(",", "arn:aws:ses:${var.region}:${local.account_id}:identity/${join(",arn:aws:ses:${var.region}:${local.account_id}:identity/", split(",", data.aws_ssm_parameter.support_cost_report_email_id.value))}")
sender_email_arn = ["arn:aws:ses:${var.region}:${local.account_id}:identity/${data.aws_ssm_parameter.sender_cost_report_email_id.value}"]
}

data "aws_ssm_parameter" "splunk_trusted_principal" {
name = "/repo/user-input/external/splunk-trusted-principal"
}

resource "aws_iam_role" "splunk_sqs_forwarder" {
name = "SplunkSqsForwarder"
description = "Role to allow repo to integrate with splunk"
name = "SplunkSqsForwarder"
description = "Role to allow repo to integrate with splunk"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
Expand Down Expand Up @@ -49,15 +49,15 @@ data "aws_iam_policy_document" "splunk_access_policy_document" {
resources = ["arn:aws:sqs:*:*:*-audit", "arn:aws:sqs:*:*:*-audit-uploader"]
}
statement {
effect = "Allow"
actions = ["kms:Decrypt"]
effect = "Allow"
actions = ["kms:Decrypt"]
resources = ["*"]
}
}

resource "aws_iam_role" "generate-cost-report-role" {
name = "GenerateCostReportLambdaExecution"
description = "Role to generate the cost report"
name = "GenerateCostReportLambdaExecution"
description = "Role to generate the cost report"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
Expand Down
2 changes: 1 addition & 1 deletion terraform/main.tf
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
provider "aws" {
region = var.region
region = var.region
}

provider "aws" {
Expand Down
14 changes: 7 additions & 7 deletions terraform/notification_lambda.tf
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
locals {
alarm_webhook_ssm_path = "/repo/${var.environment}/user-input/external/alarm-notifications-webhook-url"
account_id = data.aws_caller_identity.current.account_id
account_id = data.aws_caller_identity.current.account_id
}

resource "aws_lambda_function" "alarm_notifications_lambda" {
filename = var.alarm_lambda_zip
function_name = "${var.environment}-alarm-notifications-lambda"
role = aws_iam_role.alarm_notifications_lambda_role.arn
handler = "main.lambda_handler"
filename = var.alarm_lambda_zip
function_name = "${var.environment}-alarm-notifications-lambda"
role = aws_iam_role.alarm_notifications_lambda_role.arn
handler = "main.lambda_handler"
source_code_hash = filebase64sha256(var.alarm_lambda_zip)
runtime = "python3.8"
timeout = 15
runtime = "python3.12"
timeout = 15
tags = {
Environment = var.environment
CreatedBy = var.repo_name
Expand Down
4 changes: 2 additions & 2 deletions terraform/output.tf
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
# Deductions Private Outputs
output "deductions_private_private_subnets" {
value = module.deductions-private.deductions_private_private_subnets
value = module.deductions-private.deductions_private_private_subnets
}

output "dns_server_1" {
value = module.deductions-private.dns_server_1
}

output "deductions_core_private_subnets" {
value = module.deductions-core.deductions_core_private_subnets
value = module.deductions-core.deductions_core_private_subnets
}
16 changes: 8 additions & 8 deletions terraform/perf.tfvars
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
environment = "perf"

deductions_private_cidr = "10.24.0.0/16"
deductions_core_cidr = "10.29.0.0/16"
deductions_private_cidr = "10.24.0.0/16"
deductions_core_cidr = "10.29.0.0/16"

deductions_private_public_subnets = ["10.24.101.0/24", "10.24.102.0/24"]
deductions_private_private_subnets = ["10.24.1.0/24", "10.24.2.0/24"]
deductions_private_database_subnets = ["10.24.111.0/24", "10.24.112.0/24"]
deductions_private_azs = ["eu-west-2b", "eu-west-2a"]
deductions_private_public_subnets = ["10.24.101.0/24", "10.24.102.0/24"]
deductions_private_private_subnets = ["10.24.1.0/24", "10.24.2.0/24"]
deductions_private_database_subnets = ["10.24.111.0/24", "10.24.112.0/24"]
deductions_private_azs = ["eu-west-2b", "eu-west-2a"]
deductions_private_vpn_client_subnet = "10.233.200.0/22"

deductions_core_private_subnets = ["10.29.1.0/24", "10.29.2.0/24"]
deductions_core_database_subnets = ["10.29.111.0/24", "10.29.112.0/24"]
deductions_core_azs = ["eu-west-2b", "eu-west-2a"]

mhs_cidr_newbits=2
mhs_cidr_newbits = 2

repo_mhs_cluster_domain_name = "mhs.patient-deductions.nhs.uk"

Expand All @@ -22,7 +22,7 @@ mhs_repo_public_subnets_inbound = ["10.35.112.0/22", "10.35.116.0/22", "10.35.1
mhs_repo_public_subnets_outbound = ["10.35.140.0/22", "10.35.144.0/22", "10.35.148.0/22"]
mhs_repo_private_subnets = ["10.35.128.0/22", "10.35.132.0/22", "10.35.136.0/22"]

inbound_sig_ips = ["3.11.206.30/32", "3.8.223.81/32", "35.178.32.211/32","3.11.177.31/32","35.177.15.89/32","3.11.199.83/32","18.132.113.121/32","18.132.31.159/32","35.178.64.126/32"]
inbound_sig_ips = ["3.11.206.30/32", "3.8.223.81/32", "35.178.32.211/32", "3.11.177.31/32", "35.177.15.89/32", "3.11.199.83/32", "18.132.113.121/32", "18.132.31.159/32", "35.178.64.126/32"]

grant_access_to_queues_through_vpn = true

24 changes: 12 additions & 12 deletions terraform/private_zone.tf
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ resource "aws_route53_zone" "private" {

# Save the zone IDs to use them in other infra projects
resource "aws_ssm_parameter" "private_zone_id" {
name = "/repo/${var.environment}/output/${var.repo_name}/private-root-zone-id"
name = "/repo/${var.environment}/output/${var.repo_name}/private-root-zone-id"
type = "String"
value = aws_route53_zone.private.zone_id

Expand Down Expand Up @@ -40,7 +40,7 @@ resource "aws_route53_zone" "environment_private" {
}

resource "aws_ssm_parameter" "environment_private_zone_id" {
name = "/repo/${var.environment}/output/${var.repo_name}/environment-private-zone-id"
name = "/repo/${var.environment}/output/${var.repo_name}/environment-private-zone-id"
type = "String"
value = aws_route53_zone.environment_private.zone_id

Expand All @@ -51,7 +51,7 @@ resource "aws_ssm_parameter" "environment_private_zone_id" {
}

resource "aws_ssm_parameter" "environment_domain_name" {
name = "/repo/${var.environment}/output/${var.repo_name}/environment-domain-name"
name = "/repo/${var.environment}/output/${var.repo_name}/environment-domain-name"
type = "String"
value = local.environment_domain_name

Expand All @@ -63,33 +63,33 @@ resource "aws_ssm_parameter" "environment_domain_name" {

resource "aws_route53_zone_association" "core" {
zone_id = aws_route53_zone.environment_private.zone_id
vpc_id = local.deductions_core_vpc_id
vpc_id = local.deductions_core_vpc_id
}

resource "aws_route53_vpc_association_authorization" "environment_zone_gocd_vpc" {
count = var.deploy_cross_account_vpc_peering ? 1 : 0
vpc_id = data.aws_ssm_parameter.gocd_vpc.value
count = var.deploy_cross_account_vpc_peering ? 1 : 0
vpc_id = data.aws_ssm_parameter.gocd_vpc.value
zone_id = aws_route53_zone.environment_private.zone_id
}

resource "aws_route53_zone_association" "gocd" {
provider = aws.ci
zone_id = aws_route53_zone.environment_private.zone_id
vpc_id = data.aws_ssm_parameter.gocd_vpc.value
zone_id = aws_route53_zone.environment_private.zone_id
vpc_id = data.aws_ssm_parameter.gocd_vpc.value
}

resource "aws_route53_zone_association" "repo_mhs" {
zone_id = aws_route53_zone.environment_private.zone_id
vpc_id = local.repo_mhs_vpc_id
vpc_id = local.repo_mhs_vpc_id
}

resource "aws_route53_zone_association" "test_harness_mhs" {
count = var.deploy_mhs_test_harness ? 1 : 0
count = var.deploy_mhs_test_harness ? 1 : 0
zone_id = aws_route53_zone.environment_private.zone_id
vpc_id = local.test_harness_mhs_vpc_id
vpc_id = local.test_harness_mhs_vpc_id
}

data "aws_ssm_parameter" "gocd_vpc" {
provider = aws.ci
name = "/repo/prod/output/prm-gocd-infra/gocd-vpc-id"
name = "/repo/prod/output/prm-gocd-infra/gocd-vpc-id"
}
24 changes: 12 additions & 12 deletions terraform/public_zone.tf
Original file line number Diff line number Diff line change
Expand Up @@ -8,37 +8,37 @@ resource "aws_route53_zone" "environment_public" {

data "aws_ssm_parameter" "non_prod_public_zone" {
provider = aws.ci
name = "/repo/output/prm-deductions-base-infra/non-prod-public-zone-id"
name = "/repo/output/prm-deductions-base-infra/non-prod-public-zone-id"
}

data "aws_ssm_parameter" "root_public_zone" {
provider = aws.ci
name = "/repo/output/prm-deductions-base-infra/root-zone-id"
name = "/repo/output/prm-deductions-base-infra/root-zone-id"
}

resource "aws_route53_record" "environment_ns_prod" {
count = var.deploy_prod_route53_zone ? 1 : 0
name = "${var.environment}.patient-deductions.nhs.uk"
ttl = 30
type = "NS"
count = var.deploy_prod_route53_zone ? 1 : 0
name = "${var.environment}.patient-deductions.nhs.uk"
ttl = 30
type = "NS"
zone_id = data.aws_ssm_parameter.root_public_zone.value

records = aws_route53_zone.environment_public.name_servers
}

resource "aws_route53_record" "environment_ns_non_prod_env" {
count = var.deploy_prod_route53_zone ? 0 : 1
count = var.deploy_prod_route53_zone ? 0 : 1
provider = aws.ci
name = "${var.environment}.non-prod.patient-deductions.nhs.uk"
ttl = 30
type = "NS"
zone_id = data.aws_ssm_parameter.non_prod_public_zone.value
name = "${var.environment}.non-prod.patient-deductions.nhs.uk"
ttl = 30
type = "NS"
zone_id = data.aws_ssm_parameter.non_prod_public_zone.value

records = aws_route53_zone.environment_public.name_servers
}

resource "aws_ssm_parameter" "environment_public_zone_id" {
name = "/repo/${var.environment}/output/${var.repo_name}/environment-public-zone-id"
name = "/repo/${var.environment}/output/${var.repo_name}/environment-public-zone-id"
type = "String"
value = aws_route53_zone.environment_public.zone_id

Expand Down
36 changes: 18 additions & 18 deletions terraform/terraform.tfvars
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
region = "eu-west-2"
repo_name = "prm-deductions-infra"
region = "eu-west-2"
repo_name = "prm-deductions-infra"

deductions_private_component_name = "deductions-private"
deductions_core_component_name = "deductions-core"

gocd_cidr = "10.1.0.0/16"

deployment_mode = "ACTIVE_STANDBY_MULTI_AZ"
mq_deployment_mode = "SINGLE_INSTANCE"
engine_type = "ActiveMQ"
engine_version = "5.16.3"
host_instance_type = "mq.t2.micro"
auto_minor_version_upgrade = "true"
apply_immediately = "false"
general_log = "true"
audit_log = "true"
maintenance_day_of_week = "SUNDAY"
maintenance_time_of_day = "03:00"
maintenance_time_zone = "GMT"
deployment_mode = "ACTIVE_STANDBY_MULTI_AZ"
mq_deployment_mode = "SINGLE_INSTANCE"
engine_type = "ActiveMQ"
engine_version = "5.16.3"
host_instance_type = "mq.t2.micro"
auto_minor_version_upgrade = "true"
apply_immediately = "false"
general_log = "true"
audit_log = "true"
maintenance_day_of_week = "SUNDAY"
maintenance_time_of_day = "03:00"
maintenance_time_zone = "GMT"
state_db_allocated_storage = "20"
state_db_engine_version = "11.5"
state_db_instance_class = "db.t2.small"

mhs_test_harness_public_subnets_inbound = []
mhs_test_harness_public_subnets_inbound = []
mhs_test_harness_public_subnets_outbound = []
mhs_test_harness_private_subnets = []
mhs_test_harness_private_subnets = []

deploy_mhs_test_harness = false
deploy_cross_account_vpc_peering = true
deploy_mhs_test_harness = false
deploy_cross_account_vpc_peering = true
grant_access_to_queues_through_vpn = false
Loading
Loading