From eac9f7cd15c33ac55ffd2ca4ef6484a32cadf8cf Mon Sep 17 00:00:00 2001 From: Andy Flint Date: Thu, 31 Oct 2024 14:15:00 +0000 Subject: [PATCH] Revert "[PRMP-123] Changing file permissions (#105)" This reverts commit 94eae931e7db9c103219196495bf21b564f8b574. --- scripts/run-server.sh | 0 terraform-db-roles/application-role.tf | 44 +++++++ terraform-db-roles/data.tf | 4 + terraform-db-roles/main.tf | 14 ++ terraform-db-roles/migration-role.tf | 79 ++++++++++++ terraform-db-roles/variables.tf | 9 ++ terraform/data.tf | 8 ++ terraform/dev.tfvars | 6 +- terraform/ecs-task.tf | 6 + terraform/main.tf | 5 +- terraform/perf.tfvars | 6 +- terraform/pre-prod.tfvars | 8 +- terraform/prod.tfvars | 8 +- terraform/rds.tf | 172 +++++++++++++++++++++++++ terraform/s3.tf | 48 +++---- terraform/test.tfvars | 6 +- terraform/variables.tf | 15 +++ test/docker/health.test.js | 2 +- 18 files changed, 408 insertions(+), 32 deletions(-) mode change 100755 => 100644 scripts/run-server.sh create mode 100644 terraform-db-roles/application-role.tf create mode 100644 terraform-db-roles/migration-role.tf create mode 100644 terraform/rds.tf diff --git a/scripts/run-server.sh b/scripts/run-server.sh old mode 100755 new mode 100644 diff --git a/terraform-db-roles/application-role.tf b/terraform-db-roles/application-role.tf new file mode 100644 index 00000000..8d78ceb8 --- /dev/null +++ b/terraform-db-roles/application-role.tf @@ -0,0 +1,44 @@ +// TODO: PRMP-120 - Entire file may need removing + +resource "postgresql_role" "application_role" { + name = "application_role" +} + +resource "postgresql_grant" "application_role_schema_usage_grant" { + database = var.db_name + role = postgresql_role.application_role.name + schema = "public" + object_type = "schema" + privileges = ["USAGE"] +} + +resource "postgresql_role" "application_user" { + name = "application_user" + login = true + roles = ["rds_iam", postgresql_role.application_role.name] +} + +data "aws_iam_policy_document" "db_application_user_policy_doc" { + statement { + actions = [ + "rds-db:connect" + ] + + resources = [ + "arn:aws:rds-db:${var.region}:${data.aws_caller_identity.current.account_id}:dbuser:${data.aws_ssm_parameter.db_cluster_resource_id.value}/${postgresql_role.application_user.name}" + ] + + effect = "Allow" + } +} + +resource "aws_iam_policy" "db_application_user_policy" { + name = "${var.environment}-${var.component_name}-db_application_user" + policy = data.aws_iam_policy_document.db_application_user_policy_doc.json +} + +# Grant ECS Task permissions to connect to the DB as application_user +resource "aws_iam_role_policy_attachment" "db_application_user_policy_attach" { + role = "${var.environment}-${var.component_name}-EcsTaskRole" + policy_arn = aws_iam_policy.db_application_user_policy.arn +} diff --git a/terraform-db-roles/data.tf b/terraform-db-roles/data.tf index 8fc4b38c..87e9be5e 100644 --- a/terraform-db-roles/data.tf +++ b/terraform-db-roles/data.tf @@ -1 +1,5 @@ data "aws_caller_identity" "current" {} + +data "aws_ssm_parameter" "db_cluster_resource_id" { // TODO: PRMP-120 - May need removing + name = "/repo/${var.environment}/output/${var.repo_name}/db-resource-cluster-id" +} diff --git a/terraform-db-roles/main.tf b/terraform-db-roles/main.tf index 3d77fe3c..e74bd362 100644 --- a/terraform-db-roles/main.tf +++ b/terraform-db-roles/main.tf @@ -3,11 +3,25 @@ provider "aws" { region = var.region } +provider "postgresql" { // TODO: PRMP-120 - REMOVE + host = var.db_host + port = var.db_port + database = var.db_name + username = var.db_username + password = var.db_password + connect_timeout = 15 + superuser = false +} + terraform { required_providers { aws = { source = "hashicorp/aws" version = "3.44.0" } + postgresql = { // TODO: PRMP-120 - REMOVE + source = "cyrilgdn/postgresql" + version = "1.13.0" + } } } diff --git a/terraform-db-roles/migration-role.tf b/terraform-db-roles/migration-role.tf new file mode 100644 index 00000000..51223d5a --- /dev/null +++ b/terraform-db-roles/migration-role.tf @@ -0,0 +1,79 @@ +// TODO: PRMP-120 - Entire file may need removing + +resource "postgresql_role" "migration_role" { + name = "migration_role" +} + +resource "postgresql_grant" "migration_role_schema_usage_grant" { + database = var.db_name + role = postgresql_role.migration_role.name + schema = "public" + object_type = "schema" + privileges = ["USAGE", "CREATE"] +} + +resource "postgresql_role" "migration_user" { + name = "migration_user" + login = true + valid_until = "" + roles = ["rds_iam", postgresql_role.migration_role.name] +} + +resource "aws_ssm_parameter" "migration_user" { + name = "/repo/${var.environment}/output/${var.repo_name}/db-migration-user" + type = "String" + value = postgresql_role.migration_user.name +} + +data "aws_iam_policy_document" "migration-assume-role-policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = [ + "ec2.amazonaws.com" + ] + } + } +} + +resource "aws_iam_role" "db_migration_role" { + name = "${var.environment}-${var.component_name}-DbMigrationRole" + assume_role_policy = data.aws_iam_policy_document.migration-assume-role-policy.json + description = "DbMigration role to migrate db in the pipeline" + + tags = { + Environment = var.environment + CreatedBy = var.repo_name + } +} + +resource "aws_iam_instance_profile" "db_migration_role_profile" { + name = "${var.environment}-${var.component_name}-DbMigrationRole" + role = aws_iam_role.db_migration_role.name +} + +data "aws_iam_policy_document" "db_migration_user_policy_doc" { + statement { + actions = [ + "rds-db:connect" + ] + + resources = [ + "arn:aws:rds-db:${var.region}:${data.aws_caller_identity.current.account_id}:dbuser:${data.aws_ssm_parameter.db_cluster_resource_id.value}/${postgresql_role.migration_user.name}" + ] + + effect = "Allow" + } +} + +resource "aws_iam_policy" "db_migration_user_policy" { + name = "${var.environment}-${var.component_name}-db_migration_user" + policy = data.aws_iam_policy_document.db_migration_user_policy_doc.json +} + +resource "aws_iam_role_policy_attachment" "db_migration_user_policy_attach" { + role = aws_iam_role.db_migration_role.name + policy_arn = aws_iam_policy.db_migration_user_policy.arn +} diff --git a/terraform-db-roles/variables.tf b/terraform-db-roles/variables.tf index a88d9aba..95a76051 100644 --- a/terraform-db-roles/variables.tf +++ b/terraform-db-roles/variables.tf @@ -8,9 +8,18 @@ variable "repo_name" { default = "prm-deductions-ehr-repository" } +variable "db_port" { // TODO: PRMP-120 - REMOVE + type = string + default = "5432" +} + variable "component_name" { type = string default = "ehr-repo" } variable "environment" {} +variable "db_name" {} // TODO: PRMP-120 - REMOVE +variable "db_host" {} // TODO: PRMP-120 - REMOVE +variable "db_username" {} // TODO: PRMP-120 - REMOVE +variable "db_password" {} // TODO: PRMP-120 - REMOVE \ No newline at end of file diff --git a/terraform/data.tf b/terraform/data.tf index faae5fa1..b12360ff 100644 --- a/terraform/data.tf +++ b/terraform/data.tf @@ -12,6 +12,14 @@ data "aws_ssm_parameter" "private_zone_id" { name = "/repo/${var.environment}/output/prm-deductions-infra/private-root-zone-id" } +data "aws_ssm_parameter" "db-username" { + name = "/repo/${var.environment}/user-input/ehr-repo-db-username" +} + +data "aws_ssm_parameter" "db-password" { + name = "/repo/${var.environment}/user-input/ehr-repo-db-password" +} + data "aws_ssm_parameter" "dynamodb_name" { name = "/repo/${var.environment}/output/prm-deductions-infra/ehr-transfer-tracker-db-name" } \ No newline at end of file diff --git a/terraform/dev.tfvars b/terraform/dev.tfvars index c6706bc8..319fda62 100644 --- a/terraform/dev.tfvars +++ b/terraform/dev.tfvars @@ -3,7 +3,8 @@ component_name = "ehr-repo" dns_name = "ehr-repo" repo_name = "prm-deductions-ehr-repository" -node_env = "prod" +node_env = "prod" +database_name = "deductions_db" // TODO: PRMP-120 - REMOVE s3_bucket_name = "dev-ehr-repo-bucket" s3_prev_bucket_name = "dev-ehr-repo" @@ -14,3 +15,6 @@ port = 3000 service_desired_count = "1" alb_deregistration_delay = 15 + +grant_access_through_vpn = true // TODO: PRMP-120 - REMOVE +enable_rds_cluster_deletion_protection = false // TODO: PRMP-120 - REMOVE \ No newline at end of file diff --git a/terraform/ecs-task.tf b/terraform/ecs-task.tf index 7faf5c01..52fce7cd 100644 --- a/terraform/ecs-task.tf +++ b/terraform/ecs-task.tf @@ -7,7 +7,13 @@ locals { { name = "NODE_ENV", value = var.node_env }, { name = "NHS_ENVIRONMENT", value = var.environment }, { name = "S3_BUCKET_NAME", value = var.s3_bucket_name }, + { name = "DATABASE_NAME", value = aws_rds_cluster.db-cluster.database_name }, # TODO: PRMP-120 - Removed code references as part of PRMP-123, terraform needs removing as part of PRMP-120 + { name = "DATABASE_HOST", value = aws_rds_cluster.db-cluster.endpoint }, # TODO: PRMP-120 - Removed code references as part of PRMP-123, terraform needs removing as part of PRMP-120 + { name = "DATABASE_USER", value = var.application_database_user }, # TODO: PRMP-120 - Removed code references as part of PRMP-123, terraform needs removing as part of PRMP-120 + { name = "USE_AWS_RDS_CREDENTIALS", value = "true" }, # TODO: PRMP-120 - Removed code references as part of PRMP-123, terraform needs removing as part of PRMP-120 { name = "AWS_REGION", value = var.region }, + { name = "SKIP_DB_MIGRATION", value = "true" }, # TODO: PRMP-120 - Removed code references as part of PRMP-123, terraform needs removing as part of PRMP-120 + { name = "USE_SSL_FOR_DB", value = "true" }, # TODO: PRMP-120 - Removed code references as part of PRMP-123, terraform needs removing as part of PRMP-120 { name = "LOG_LEVEL", value = var.log_level }, { name = "DYNAMODB_NAME", value = data.aws_ssm_parameter.dynamodb_name.value }, ] diff --git a/terraform/main.tf b/terraform/main.tf index 6c496ada..5a27307f 100644 --- a/terraform/main.tf +++ b/terraform/main.tf @@ -1,12 +1,13 @@ provider "aws" { - region = var.region + profile = "default" + region = var.region } terraform { required_providers { aws = { source = "hashicorp/aws" - version = "~> 4.0" + version = "3.75.1" } } } diff --git a/terraform/perf.tfvars b/terraform/perf.tfvars index 6e5bcde5..de49c726 100644 --- a/terraform/perf.tfvars +++ b/terraform/perf.tfvars @@ -3,7 +3,8 @@ component_name = "ehr-repo" dns_name = "ehr-repo" repo_name = "prm-deductions-ehr-repository" -node_env = "prod" +node_env = "prod" +database_name = "deductions_db" // TODO: PRMP-120 - REMOVE s3_bucket_name = "perf-ehr-repo-bucket" s3_prev_bucket_name = "perf-ehr-repo" @@ -12,3 +13,6 @@ port = 3000 service_desired_count = "2" alb_deregistration_delay = 15 + +grant_access_through_vpn = true // TODO: PRMP-120 - REMOVE +enable_rds_cluster_deletion_protection = false // TODO: PRMP-120 - REMOVE \ No newline at end of file diff --git a/terraform/pre-prod.tfvars b/terraform/pre-prod.tfvars index 570b3c5c..a483c58e 100644 --- a/terraform/pre-prod.tfvars +++ b/terraform/pre-prod.tfvars @@ -3,7 +3,8 @@ component_name = "ehr-repo" dns_name = "ehr-repo" repo_name = "prm-deductions-ehr-repository" -node_env = "prod" +node_env = "prod" +database_name = "deductions_db" // TODO: PRMP-120 - REMOVE s3_bucket_name = "pre-prod-ehr-repo-bucket" s3_prev_bucket_name = "pre-prod-ehr-repo" @@ -15,5 +16,10 @@ service_desired_count = "3" alb_deregistration_delay = 15 log_level = "info" +grant_access_through_vpn = true // TODO: PRMP-120 - REMOVE +enable_rds_cluster_deletion_protection = true // TODO: PRMP-120 - REMOVE + is_restricted_account = true +db_instance_number = 3 // TODO: PRMP-120 - REMOVE + diff --git a/terraform/prod.tfvars b/terraform/prod.tfvars index 2e14826a..0522f183 100644 --- a/terraform/prod.tfvars +++ b/terraform/prod.tfvars @@ -3,7 +3,8 @@ component_name = "ehr-repo" dns_name = "ehr-repo" repo_name = "prm-deductions-ehr-repository" -node_env = "prod" +node_env = "prod" +database_name = "deductions_db" // TODO: PRMP-120 - REMOVE s3_bucket_name = "prod-ehr-repo-bucket" s3_prev_bucket_name = "prod-ehr-repo" @@ -15,4 +16,9 @@ service_desired_count = "3" alb_deregistration_delay = 15 log_level = "info" +grant_access_through_vpn = true // TODO: PRMP-120 - REMOVE +enable_rds_cluster_deletion_protection = true // TODO: PRMP-120 - REMOVE + is_restricted_account = true + +db_instance_number = 3 // TODO: PRMP-120 - REMOVE \ No newline at end of file diff --git a/terraform/rds.tf b/terraform/rds.tf new file mode 100644 index 00000000..d45d6d36 --- /dev/null +++ b/terraform/rds.tf @@ -0,0 +1,172 @@ +// TODO: PRMP-120 - REMOVE ENTIRE FILE AND ALL REFERENCES + +resource "aws_rds_cluster" "db-cluster" { + cluster_identifier = "${var.environment}-ehr-db-cluster" + engine = "aurora-postgresql" + database_name = "ehrdb" + master_username = data.aws_ssm_parameter.db-username.value + master_password = data.aws_ssm_parameter.db-password.value + backup_retention_period = 35 + preferred_backup_window = "06:30-08:00" + allow_major_version_upgrade = true + engine_version = "13.8" + vpc_security_group_ids = [ + aws_security_group.ehr_repo_to_db_sg.id, + aws_security_group.gocd_to_db_sg.id, + aws_security_group.vpn_to_db_sg.id + ] + apply_immediately = true + db_subnet_group_name = aws_db_subnet_group.db-cluster-subnet-group.name + skip_final_snapshot = true + storage_encrypted = true + kms_key_id = aws_kms_key.ehr-repo-key.arn + iam_database_authentication_enabled = true + deletion_protection = var.enable_rds_cluster_deletion_protection + db_cluster_parameter_group_name = data.aws_ssm_parameter.repo_databases_parameter_group_name.value + + tags = { + CreatedBy = var.repo_name + Environment = var.environment + } + + lifecycle { + ignore_changes = [ + engine_version + ] + } +} + +resource "aws_kms_key" "ehr-repo-key" { + description = "EHR repository KMS key in ${var.environment} environment" + enable_key_rotation = true + tags = { + Name = "${var.environment}-ehr-repo-db" + CreatedBy = var.repo_name + Environment = var.environment + } +} + +resource "aws_kms_alias" "ehr_repo_encryption" { + name = "alias/ehr-repo-encryption-kms-key" + target_key_id = aws_kms_key.ehr-repo-key.id +} + +resource "aws_ssm_parameter" "db_host" { + name = "/repo/${var.environment}/output/${var.repo_name}/db-host" + type = "String" + value = aws_rds_cluster.db-cluster.endpoint + tags = { + CreatedBy = var.repo_name + Environment = var.environment + } +} + +resource "aws_ssm_parameter" "db_resource_cluster_id" { + name = "/repo/${var.environment}/output/${var.repo_name}/db-resource-cluster-id" + type = "String" + value = aws_rds_cluster.db-cluster.cluster_resource_id + + tags = { + CreatedBy = var.repo_name + Environment = var.environment + } +} + +resource "aws_ssm_parameter" "db_name" { + name = "/repo/${var.environment}/output/${var.repo_name}/db-name" + type = "String" + value = aws_rds_cluster.db-cluster.database_name +} + +data "aws_ssm_parameter" "database_subnets" { + name = "/repo/${var.environment}/output/prm-deductions-infra/deductions-core-database-subnets" +} + +resource "aws_db_subnet_group" "db-cluster-subnet-group" { + name = "${var.environment}-ehr-db-subnet-group" + subnet_ids = split(",", data.aws_ssm_parameter.database_subnets.value) + + tags = { + Name = "${var.environment}-ehr-db-subnet-group" + CreatedBy = var.repo_name + Environment = var.environment + } +} + +resource "aws_rds_cluster_instance" "ehr-db-instances" { + count = var.db_instance_number + identifier = "${var.environment}-ehr-db-instance-${count.index}" + cluster_identifier = aws_rds_cluster.db-cluster.id + instance_class = "db.t3.medium" + engine = "aurora-postgresql" + db_subnet_group_name = aws_db_subnet_group.db-cluster-subnet-group.name + + tags = { + CreatedBy = var.repo_name + Environment = var.environment + } +} + +resource "aws_security_group" "ehr_repo_to_db_sg" { + name = "${var.environment}-ehr-repo-ecs-to-ehr-repo-db-sg" + vpc_id = data.aws_ssm_parameter.deductions_core_vpc_id.value + + ingress { + description = "Allow traffic from ehr-repo to the db" + protocol = "tcp" + from_port = "5432" + to_port = "5432" + security_groups = [aws_security_group.ecs-tasks-sg.id] + } + + tags = { + Name = "${var.environment}-ehr-repo-ecs-to-ehr-repo-db-sg" + CreatedBy = var.repo_name + Environment = var.environment + } +} + +resource "aws_security_group" "gocd_to_db_sg" { + name = "${var.environment}-gocd-to-ehr-repo-db-sg" + vpc_id = data.aws_ssm_parameter.deductions_core_vpc_id.value + + ingress { + description = "Allow traffic from GoCD agent to the db" + protocol = "tcp" + from_port = "5432" + to_port = "5432" + security_groups = [data.aws_ssm_parameter.gocd_sg_id.value] + } + + tags = { + Name = "${var.environment}-gocd-to-ehr-repo-db-sg" + CreatedBy = var.repo_name + Environment = var.environment + } +} + +resource "aws_security_group" "vpn_to_db_sg" { + name = "${var.environment}-vpn-to-ehr-repo-db-sg" + vpc_id = data.aws_ssm_parameter.deductions_core_vpc_id.value + + tags = { + Name = "${var.environment}-vpn-to-ehr-repo-db-sg" + CreatedBy = var.repo_name + Environment = var.environment + } +} + +resource "aws_security_group_rule" "vpn_to_db_sg" { + count = var.grant_access_through_vpn ? 1 : 0 + type = "ingress" + description = "Allow traffic from VPN to the db" + protocol = "tcp" + from_port = 5432 + to_port = 5432 + source_security_group_id = data.aws_ssm_parameter.vpn_sg_id.value + security_group_id = aws_security_group.vpn_to_db_sg.id +} + +data "aws_ssm_parameter" "repo_databases_parameter_group_name" { + name = "/repo/${var.environment}/output/prm-deductions-infra/repo-databases-parameter-group-name-version-13" +} diff --git a/terraform/s3.tf b/terraform/s3.tf index 7e57ab18..b33ac762 100644 --- a/terraform/s3.tf +++ b/terraform/s3.tf @@ -32,11 +32,6 @@ resource "aws_s3_bucket_logging" "ehr-repo-bucket" { target_bucket = aws_s3_bucket.ehr_repo_access_logs.id target_prefix = local.ehr_repo_bucket_access_logs_prefix - - // TODO PRMP-120 add back in when moving to terraform AWS provider V5 - # target_object_key_format { - # simple_prefix {} - # } } # resource "aws_s3_bucket_object_lock_configuration" "ehr_repo_bucket" { @@ -152,36 +147,41 @@ resource "aws_s3_bucket_policy" "ehr_repo_permit_developer_to_see_access_logs_po count = var.is_restricted_account ? 1 : 0 bucket = aws_s3_bucket.ehr_repo_access_logs.id policy = jsonencode({ - "Version" : "2012-10-17", + "Version" : "2008-10-17", "Statement" : [ { - "Sid" : "S3ServerAccessLogsPolicy", - "Effect" : "Allow", - "Principal" : { - "Service" : "logging.s3.amazonaws.com" + Effect : "Allow", + Principal : { + "AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/RepoDeveloper" }, - "Action" : "s3:PutObject", - "Resource" : "${aws_s3_bucket.ehr_repo_access_logs.arn}/${local.ehr_repo_bucket_access_logs_prefix}*", + Action : ["s3:Get*", "s3:ListBucket"], + Resource : [ + "${aws_s3_bucket.ehr_repo_access_logs.arn}", + "${aws_s3_bucket.ehr_repo_access_logs.arn}/*" + ], Condition : { Bool : { "aws:SecureTransport" : "false" } } - }, + } + ] + }) +} + +resource "aws_s3_bucket_policy" "ehr_repo_permit_s3_to_write_access_logs_policy" { + bucket = aws_s3_bucket.ehr_repo_access_logs.id + policy = jsonencode({ + "Version" : "2012-10-17", + "Statement" : [ { - "Sid" : "S3PermitDeveloperAccessLogsPolicy", + "Sid" : "S3ServerAccessLogsPolicy", "Effect" : "Allow", "Principal" : { - "AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/RepoDeveloper" + "Service" : "logging.s3.amazonaws.com" }, - "Action" : [ - "s3:Get*", - "s3:ListBucket" - ], - "Resource" : [ - "${aws_s3_bucket.ehr_repo_access_logs.arn}", - "${aws_s3_bucket.ehr_repo_access_logs.arn}/*" - ], + "Action" : "s3:PutObject", + "Resource" : "${aws_s3_bucket.ehr_repo_access_logs.arn}/${local.ehr_repo_bucket_access_logs_prefix}*", Condition : { Bool : { "aws:SecureTransport" : "false" @@ -190,4 +190,4 @@ resource "aws_s3_bucket_policy" "ehr_repo_permit_developer_to_see_access_logs_po } ] }) -} +} \ No newline at end of file diff --git a/terraform/test.tfvars b/terraform/test.tfvars index 3cc205c8..0ad55b79 100644 --- a/terraform/test.tfvars +++ b/terraform/test.tfvars @@ -3,7 +3,8 @@ component_name = "ehr-repo" dns_name = "ehr-repo" repo_name = "prm-deductions-ehr-repository" -node_env = "prod" +node_env = "prod" +database_name = "deductions_db" // TODO: PRMP-120 - REMOVE s3_bucket_name = "test-ehr-repo-bucket" s3_prev_bucket_name = "test-ehr-repo" @@ -14,3 +15,6 @@ port = 3000 service_desired_count = "2" alb_deregistration_delay = 15 + +grant_access_through_vpn = true // TODO: PRMP-120 - REMOVE +enable_rds_cluster_deletion_protection = false // TODO: PRMP-120 - REMOVE \ No newline at end of file diff --git a/terraform/variables.tf b/terraform/variables.tf index b235fcaa..52a1d28d 100644 --- a/terraform/variables.tf +++ b/terraform/variables.tf @@ -35,17 +35,32 @@ variable "service_desired_count" {} variable "alb_deregistration_delay" {} +variable "database_name" { // TODO: PRMP-120 - REMOVE + type = string +} + variable "gocd_cidr_block" { default = "10.1.0.0/16" } +variable "application_database_user" { // TODO: PRMP-120 - Does this need removing? + default = "application_user" + description = "Needs to match with the user created in db-roles tf plan" +} + variable "log_level" { type = string default = "debug" } +variable "grant_access_through_vpn" {} // TODO: PRMP-120 - REMOVE variable "allow_vpn_to_ecs_tasks" { default = false } +variable "enable_rds_cluster_deletion_protection" {} // TODO: PRMP-120 - REMOVE variable "is_restricted_account" { default = false +} + +variable "db_instance_number" { // TODO: PRMP-120 - REMOVE + default = 1 } \ No newline at end of file diff --git a/test/docker/health.test.js b/test/docker/health.test.js index 12c7f3b0..54f5b30c 100644 --- a/test/docker/health.test.js +++ b/test/docker/health.test.js @@ -7,7 +7,7 @@ describe('GET /health', () => { expect(res.data).toEqual( expect.objectContaining({ version: '1', - description: 'Health of the EHR Repo S3 Bucket', + description: 'Health of EHR Repo service', details: expect.objectContaining({ filestore: expect.objectContaining({ available: true,