Merge pull request #674 from NHSDigital/feature/made14-NRL-760-fixup-…

…infra-for-bluegreen [NRL-760] Fixup infrastructure for bluegreen deploys
NHSDigital · Jul 3, 2024 · 8392883 · 8392883
2 parents 2fdd722 + d0ff37d
commit 8392883
Show file tree

Hide file tree

Showing 9 changed files with 52 additions and 45 deletions.
diff --git a/.github/workflows/activate-stack.yml b/.github/workflows/activate-stack.yml
@@ -64,4 +64,4 @@ jobs:
 
       - name: Activate Stack
         run: |
-          poetry run python ./scripts/activate-stack.py ${{ inputs.stack_name }} ${{ inputs.environment }}
+          poetry run python ./scripts/activate_stack.py ${{ inputs.stack_name }} ${{ inputs.environment }}
diff --git a/.github/workflows/persistent-environment.yml b/.github/workflows/persistent-environment.yml
@@ -339,4 +339,4 @@ jobs:
       - name: Deactivate Stack
         run: |
           inactive_stack_name=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
-          poetry run python ./scripts/activate-stack.py ${inactive_stack_name} ${{ inputs.environment }}
+          poetry run python ./scripts/activate_stack.py ${inactive_stack_name} ${{ inputs.environment }}
diff --git a/.github/workflows/rollback-stack.yml b/.github/workflows/rollback-stack.yml
@@ -60,7 +60,7 @@ jobs:
       - name: Rollback
         run: |
           inactive_stack_name=$(poetry run python ./scripts/get_env_config.py inactive-stack ${{ inputs.environment }})
-          poetry run python ./scripts/activate-stack.py ${inactive_stack_name} ${{ inputs.environment }}
+          poetry run python ./scripts/activate_stack.py ${inactive_stack_name} ${{ inputs.environment }}
 
       - name: "Smoke Test"
         run: |

diff --git a/scripts/aws_session_assume.py b/scripts/aws_session_assume.py
@@ -3,9 +3,12 @@
 
 _AWS_ACCOUNT_FOR_ENV = {
     "dev": "dev",
+    "dev-sandbox": "dev",
     "qa": "test",
+    "qa-sandbox": "test",
     "ref": "test",
     "int": "test",
+    "int-sandbox": "test",
     "prod": "prod",
 }
 

diff --git a/terraform/account-wide-infrastructure/dev/domain.tf b/terraform/account-wide-infrastructure/dev/domain.tf
@@ -1,8 +1,14 @@
 
 module "dev-custom-domain-name" {
-  source                    = "../modules/env-custom-domain-name"
-  domain_name               = var.dev_api_domain_name
-  domain_zone               = aws_route53_zone.NEW_dev-ns.name
-  subject_alternative_names = [aws_route53_zone.NEW_dev-ns.name]
-  mtls_certificate_file     = "s3://${module.dev-truststore-bucket.bucket_name}/${module.dev-truststore-bucket.certificates_object_key}"
+  source                = "../modules/env-custom-domain-name"
+  domain_name           = var.dev_api_domain_name
+  domain_zone           = aws_route53_zone.dev-ns.name
+  mtls_certificate_file = "s3://${module.dev-truststore-bucket.bucket_name}/${module.dev-truststore-bucket.certificates_object_key}"
+}
+
+module "devsandbox-custom-domain-name" {
+  source                = "../modules/env-custom-domain-name"
+  domain_name           = var.devsandbox_api_domain_name
+  domain_zone           = aws_route53_zone.dev-ns.name
+  mtls_certificate_file = "s3://${module.dev-truststore-bucket.bucket_name}/${module.dev-truststore-bucket.certificates_object_key}"
 }
diff --git a/terraform/account-wide-infrastructure/dev/vars.tf b/terraform/account-wide-infrastructure/dev/vars.tf
@@ -6,5 +6,10 @@ variable "assume_role" {}
 
 variable "dev_api_domain_name" {
   description = "The internal DNS name of the API Gateway for the dev environment"
-  default     = "api.dev.record-locator.national.nhs.uk"
+  default     = "dev.api.record-locator.dev.national.nhs.uk"
+}
+
+variable "devsandbox_api_domain_name" {
+  description = "The internal DNS name of the API Gateway for the dev environment"
+  default     = "dev-sandbox.api.record-locator.dev.national.nhs.uk"
 }
diff --git a/terraform/account-wide-infrastructure/modules/env-custom-domain-name/route53.tf b/terraform/account-wide-infrastructure/modules/env-custom-domain-name/route53.tf
@@ -12,12 +12,11 @@ resource "aws_route53_record" "route" {
     }
   }
 
-  allow_overwrite = true
-  name            = each.value.name
-  records         = [each.value.record]
-  ttl             = 60
-  type            = each.value.type
-  zone_id         = data.aws_route53_zone.zone.zone_id
+  name    = each.value.name
+  records = [each.value.record]
+  ttl     = 60
+  type    = each.value.type
+  zone_id = data.aws_route53_zone.zone.zone_id
 }
 
 resource "aws_route53_record" "cname" {

diff --git a/terraform/account-wide-infrastructure/prod/domain.tf b/terraform/account-wide-infrastructure/prod/domain.tf
@@ -1,8 +1,7 @@
 
 module "dev-custom-domain-name" {
-  source                    = "../modules/env-custom-domain-name"
-  domain_name               = var.prod_api_domain_name
-  domain_zone               = aws_route53_zone.prod-ns.name
-  subject_alternative_names = [aws_route53_zone.prod-ns.name]
-  mtls_certificate_file     = "s3://${module.prod-truststore-bucket.bucket_name}/${module.prod-truststore-bucket.certificates_object_key}"
+  source                = "../modules/env-custom-domain-name"
+  domain_name           = var.prod_api_domain_name
+  domain_zone           = aws_route53_zone.prod-ns.name
+  mtls_certificate_file = "s3://${module.prod-truststore-bucket.bucket_name}/${module.prod-truststore-bucket.certificates_object_key}"
 }
diff --git a/terraform/account-wide-infrastructure/test/domain.tf b/terraform/account-wide-infrastructure/test/domain.tf
@@ -1,40 +1,35 @@
 
 module "qa-custom-domain-name" {
-  source                    = "../modules/env-custom-domain-name"
-  domain_name               = var.qa_api_domain_name
-  domain_zone               = aws_route53_zone.test-qa-ns.name
-  subject_alternative_names = [aws_route53_zone.test-qa-ns.name]
-  mtls_certificate_file     = "s3://${module.qa-truststore-bucket.bucket_name}/${module.qa-truststore-bucket.certificates_object_key}"
+  source                = "../modules/env-custom-domain-name"
+  domain_name           = var.qa_api_domain_name
+  domain_zone           = aws_route53_zone.test-qa-ns.name
+  mtls_certificate_file = "s3://${module.qa-truststore-bucket.bucket_name}/${module.qa-truststore-bucket.certificates_object_key}"
 }
 
 module "qasandbox-custom-domain-name" {
-  source                    = "../modules/env-custom-domain-name"
-  domain_name               = var.qasandbox_api_domain_name
-  domain_zone               = aws_route53_zone.test-qa-ns.name
-  subject_alternative_names = [aws_route53_zone.test-qa-ns.name]
-  mtls_certificate_file     = "s3://${module.qa-truststore-bucket.bucket_name}/${module.qa-truststore-bucket.certificates_object_key}"
+  source                = "../modules/env-custom-domain-name"
+  domain_name           = var.qasandbox_api_domain_name
+  domain_zone           = aws_route53_zone.test-qa-ns.name
+  mtls_certificate_file = "s3://${module.qa-truststore-bucket.bucket_name}/${module.qa-truststore-bucket.certificates_object_key}"
 }
 
 module "int-custom-domain-name" {
-  source                    = "../modules/env-custom-domain-name"
-  domain_name               = var.int_api_domain_name
-  domain_zone               = aws_route53_zone.NEW_test-int-ns.name
-  subject_alternative_names = [aws_route53_zone.NEW_test-int-ns.name]
-  mtls_certificate_file     = "s3://${module.int-truststore-bucket.bucket_name}/${module.int-truststore-bucket.certificates_object_key}"
+  source                = "../modules/env-custom-domain-name"
+  domain_name           = var.int_api_domain_name
+  domain_zone           = aws_route53_zone.test-int-ns.name
+  mtls_certificate_file = "s3://${module.int-truststore-bucket.bucket_name}/${module.int-truststore-bucket.certificates_object_key}"
 }
 
 module "intsandbox-custom-domain-name" {
-  source                    = "../modules/env-custom-domain-name"
-  domain_name               = var.intsandbox_api_domain_name
-  domain_zone               = aws_route53_zone.NEW_test-int-ns.name
-  subject_alternative_names = [aws_route53_zone.NEW_test-int-ns.name]
-  mtls_certificate_file     = "s3://${module.int-truststore-bucket.bucket_name}/${module.int-truststore-bucket.certificates_object_key}"
+  source                = "../modules/env-custom-domain-name"
+  domain_name           = var.intsandbox_api_domain_name
+  domain_zone           = aws_route53_zone.test-int-ns.name
+  mtls_certificate_file = "s3://${module.int-truststore-bucket.bucket_name}/${module.int-truststore-bucket.certificates_object_key}"
 }
 
 module "ref-custom-domain-name" {
-  source                    = "../modules/env-custom-domain-name"
-  domain_name               = var.ref_api_domain_name
-  domain_zone               = aws_route53_zone.NEW_test-ref-ns.name
-  subject_alternative_names = [aws_route53_zone.NEW_test-ref-ns.name]
-  mtls_certificate_file     = "s3://${module.ref-truststore-bucket.bucket_name}/${module.ref-truststore-bucket.certificates_object_key}"
+  source                = "../modules/env-custom-domain-name"
+  domain_name           = var.ref_api_domain_name
+  domain_zone           = aws_route53_zone.test-ref-ns.name
+  mtls_certificate_file = "s3://${module.ref-truststore-bucket.bucket_name}/${module.ref-truststore-bucket.certificates_object_key}"
 }