diff --git a/.circleci/config.yml b/.circleci/config.yml index 92c852a..c80d07c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -103,308 +103,42 @@ commands: sls deploy --stage <> --conceal jobs: - check-code-formatting: - executor: docker-dotnet - steps: - - checkout - - run: - name: Install dotnet format - command: dotnet tool install dotnet-format --tool-path ./dotnet-format-local/ - - run: - name: Run formatter check - command: ./dotnet-format-local/dotnet-format --check - build-and-test: - executor: docker-python - steps: - - checkout - - setup_remote_docker - - run: - name: build - command: docker compose build configuration-api-test - - run: - name: Run tests - command: docker compose run configuration-api-test - - run: - name: Prepare the report - command: | - mkdir coverage - docker cp $(docker ps -aqf "name=configuration-api-test"):/app/coverage ./ - sed -i "s|/app/|$(pwd)/|g" coverage/*/coverage.opencover.xml - - sonarcloud/scan - assume-role-development: - executor: docker-python - steps: - - assume-role-and-persist-workspace: - aws-account: $AWS_ACCOUNT_DEVELOPMENT - assume-role-staging: + assume-role-disaster-recovery: executor: docker-python steps: - assume-role-and-persist-workspace: - aws-account: $AWS_ACCOUNT_STAGING - assume-role-production: - executor: docker-python - steps: - - assume-role-and-persist-workspace: - aws-account: $AWS_ACCOUNT_PRODUCTION - terraform-init-and-apply-to-development: - executor: docker-terraform - steps: - - terraform-init-then-apply: - environment: "development" - terraform-init-and-apply-to-staging: - executor: docker-terraform - steps: - - terraform-init-then-apply: - environment: "staging" - terraform-init-and-apply-to-production: + aws-account: $AWS_ACCOUNT_DISASTER_RECOVERY + terraform-init-and-apply-to-disaster-recovery: executor: docker-terraform steps: - terraform-init-then-apply: environment: "production" - preview-development-terraform: - executor: docker-terraform - steps: - - terraform-preview: - environment: "development" - preview-staging-terraform: - executor: docker-terraform - steps: - - terraform-preview: - environment: "staging" - preview-production-terraform: + preview-disaster-recovery-terraform: executor: docker-terraform steps: - terraform-preview: environment: "production" - deploy-to-development: - executor: docker-dotnet - steps: - - deploy-lambda: - stage: "development" - deploy-to-staging: - executor: docker-dotnet - steps: - - deploy-lambda: - stage: "staging" - deploy-to-production: + deploy-to-disaster-recovery: executor: docker-dotnet steps: - deploy-lambda: stage: "production" - assume-role-pre-production: - executor: docker-python - steps: - - assume-role-and-persist-workspace: - aws-account: $AWS_ACCOUNT_PRE_PRODUCTION - preview-pre-production-terraform: - executor: docker-terraform - steps: - - terraform-preview: - environment: "pre-production" - terraform-init-and-apply-pre-production: - executor: docker-terraform - steps: - - terraform-init-then-apply: - environment: "pre-production" - deploy-to-pre-production: - executor: docker-dotnet - steps: - - deploy-lambda: - stage: "pre-production" workflows: - feature: - jobs: - - check-code-formatting: - context: api-nuget-token-context - filters: - branches: - ignore: - - master - - release - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - ignore: - - master - - release - - assume-role-development: - context: api-assume-role-housing-development-context - filters: - branches: - ignore: - - master - - release - - preview-development-terraform: - requires: - - assume-role-development - - assume-role-staging: - context: api-assume-role-housing-staging-context - filters: - branches: - ignore: - - master - - release - - preview-staging-terraform: - requires: - - assume-role-staging - - assume-role-production: - context: api-assume-role-housing-production-context - filters: - branches: - ignore: - - master - - release - - preview-production-terraform: - requires: - - assume-role-production - development: - jobs: - - check-code-formatting: - context: api-nuget-token-context - filters: - branches: - only: master - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - only: master - - assume-role-development: - context: api-assume-role-housing-development-context - requires: - - build-and-test - filters: - branches: - only: master - - terraform-init-and-apply-to-development: - requires: - - assume-role-development - filters: - branches: - only: master - - deploy-to-development: - context: - - api-nuget-token-context - - "Serverless Framework" - requires: - - terraform-init-and-apply-to-development - filters: - branches: - only: master - staging-and-production: + disaster-recovery: jobs: - - check-code-formatting: - context: api-nuget-token-context - filters: - branches: - only: release - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - only: release - - assume-role-staging: - context: api-assume-role-housing-staging-context + - assume-role-disaster-recovery: + context: api-assume-role-disaster-recovery-context + - terraform-init-and-apply-to-disaster-recovery: requires: - - build-and-test - filters: - branches: - only: release - - terraform-init-and-apply-to-staging: - requires: - - assume-role-staging - filters: - branches: - only: release - - deploy-to-staging: - context: - - api-nuget-token-context - - "Serverless Framework" - requires: - - terraform-init-and-apply-to-staging - filters: - branches: - only: release - - permit-production-terraform-release: + - assume-role-disaster-recovery + - permit-disaster-recovery-release: type: approval requires: - - deploy-to-staging - - assume-role-production: - context: api-assume-role-housing-production-context - requires: - - permit-production-terraform-release - filters: - branches: - only: release - - terraform-init-and-apply-to-production: - requires: - - assume-role-production - filters: - branches: - only: release - - permit-production-release: - type: approval - requires: - - terraform-init-and-apply-to-production - filters: - branches: - only: release - - deploy-to-production: + - terraform-init-and-apply-to-disaster-recovery + - deploy-to-disaster-recovery: context: - api-nuget-token-context - "Serverless Framework" requires: - - permit-production-release - filters: - branches: - only: release - - deploy-terraform-pre-production: - jobs: - - permit-pre-production-terraform-workflow: - type: approval - filters: - branches: - only: release - - assume-role-pre-production: - context: api-assume-role-housing-pre-production-context - requires: - - permit-pre-production-terraform-workflow - - preview-pre-production-terraform: - requires: - - assume-role-pre-production - - permit-pre-production-terraform-deployment: - type: approval - requires: - - preview-pre-production-terraform - - terraform-init-and-apply-pre-production: - requires: - - permit-pre-production-terraform-deployment - - deploy-code-pre-production: - jobs: - - build-and-test: - filters: - branches: - only: release - context: - - api-nuget-token-context - - SonarCloud - - assume-role-pre-production: - context: api-assume-role-housing-pre-production-context - requires: - - build-and-test - - deploy-to-pre-production: - context: - - api-nuget-token-context - - "Serverless Framework" - requires: - - assume-role-pre-production + - permit-disaster-recovery-release diff --git a/ConfigurationApi/V1/Gateway/S3ConfigurationGateway.cs b/ConfigurationApi/V1/Gateway/S3ConfigurationGateway.cs index 0da5a65..9ddb6d2 100644 --- a/ConfigurationApi/V1/Gateway/S3ConfigurationGateway.cs +++ b/ConfigurationApi/V1/Gateway/S3ConfigurationGateway.cs @@ -26,19 +26,19 @@ public async Task Get(string type) { GetObjectRequest request = new GetObjectRequest { BucketName = _bucketName, Key = type }; - try - { + // try + // { using (GetObjectResponse response = await _amazonS3Client.GetObjectAsync(request)) using (Stream responseStream = response.ResponseStream) using (StreamReader reader = new StreamReader(responseStream)) { return JsonConvert.DeserializeObject(reader.ReadToEnd()); } - } - catch - { - return null; - } + // } + // catch + // { + // return null; + // } } } } diff --git a/ConfigurationApi/serverless.yml b/ConfigurationApi/serverless.yml index 59b4e76..9cf6f26 100644 --- a/ConfigurationApi/serverless.yml +++ b/ConfigurationApi/serverless.yml @@ -29,12 +29,12 @@ functions: - http: path: /{proxy+} method: ANY - authorizer: - arn: ${self:custom.authorizerArns.${opt:stage}} - type: request - resultTtlInSeconds: 0 - identitySource: method.request.header.Authorization - managedExternally: true + # authorizer: + # arn: ${self:custom.authorizerArns.${opt:stage}} + # type: request + # resultTtlInSeconds: 0 + # identitySource: method.request.header.Authorization + # managedExternally: true cors: origin: '*' headers: @@ -53,15 +53,15 @@ functions: resources: Resources: - LambdaSecurityGroup: - Type: AWS::EC2::SecurityGroup - Properties: - GroupName: ${self:service}-${self:provider.stage}-sg - GroupDescription: Allow all outbound traffic - SecurityGroupEgress: - - IpProtocol: -1 - CidrIp: 0.0.0.0/0 - VpcId: ${self:custom.vpcId.${opt:stage}} + # LambdaSecurityGroup: + # Type: AWS::EC2::SecurityGroup + # Properties: + # GroupName: ${self:service}-${self:provider.stage}-sg + # GroupDescription: Allow all outbound traffic + # SecurityGroupEgress: + # - IpProtocol: -1 + # CidrIp: 0.0.0.0/0 + # VpcId: ${self:custom.vpcId.${opt:stage}} lambdaExecutionRole: Type: AWS::IAM::Role @@ -80,22 +80,22 @@ resources: - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole - arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess Policies: - - PolicyName: manageLogs - PolicyDocument: - Version: '2012-10-17' - Statement: - - Effect: Allow - Action: - - logs:CreateLogGroup - - logs:CreateLogStream - - logs:PutLogEvents - Resource: - - 'Fn::Join': - - ':' - - - 'arn:aws:logs' - - Ref: 'AWS::Region' - - Ref: 'AWS::AccountId' - - 'log-group:/aws/lambda/*:*:*' + # - PolicyName: manageLogs + # PolicyDocument: + # Version: '2012-10-17' + # Statement: + # - Effect: Allow + # Action: + # - logs:CreateLogGroup + # - logs:CreateLogStream + # - logs:PutLogEvents + # Resource: + # - 'Fn::Join': + # - ':' + # - - 'arn:aws:logs' + # - Ref: 'AWS::Region' + # - Ref: 'AWS::AccountId' + # - 'log-group:/aws/lambda/*:*:*' - PolicyName: lambdaInvocation PolicyDocument: @@ -115,8 +115,8 @@ resources: - "s3:GetObject" - "s3:ListBucket" Resource: - - 'arn:aws:s3:::${ssm:/configuration-api/${self:provider.stage}/bucket-name}' - - 'arn:aws:s3:::${ssm:/configuration-api/${self:provider.stage}/bucket-name}/*' + - 'arn:aws:s3:::configuration-api-configurations-disaster-recovery' + - 'arn:aws:s3:::configuration-api-configurations-disaster-recovery/*' custom: authorizerArns: @@ -134,33 +134,12 @@ custom: path: ./policies vpcId: - development: vpc-0d15f152935c8716f - staging: vpc-064521a7a4109ba31 production: vpc-0ce853ddb64e8fb3c - pre-production: vpc-062a957b99c8b12e6 vpc: - development: - securityGroupIds: - - Ref: LambdaSecurityGroup - subnetIds: - - subnet-0140d06fb84fdb547 - - subnet-05ce390ba88c42bfd - staging: - securityGroupIds: - - Ref: LambdaSecurityGroup - subnetIds: - - subnet-0743d86e9b362fa38 - - subnet-0ea0020a44b98a2ca production: securityGroupIds: - - Ref: LambdaSecurityGroup - subnetIds: - - subnet-06a697d86a9b6ed01 - - subnet-0beb266003a56ca82 - pre-production: - securityGroupIds: - - Ref: LambdaSecurityGroup + - sg-0b7be628d680f9e5f subnetIds: - - subnet-08aa35159a8706faa - - subnet-0b848c5b14f841dfb + - subnet-05e595c59b7d6c8df + - subnet-0e6bc9b4ac24493cc diff --git a/terraform/production/main.tf b/terraform/production/main.tf index 62dd1e0..aec8216 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -29,7 +29,7 @@ locals { terraform { backend "s3" { - bucket = "terraform-state-housing-production" + bucket = "terraform-state-disaster-recovery" encrypt = true region = "eu-west-2" key = "services/configuration-api/state" @@ -37,19 +37,19 @@ terraform { } resource "aws_s3_bucket" "configuration" { - bucket = "configuration-api-configurations-production" + bucket = "configuration-api-configurations-disaster-recovery" acl = "private" tags = { Name = "Configuration Api Bucket" - Environment = "Dev" + # Environment = "Dev" } } -resource "aws_ssm_parameter" "configurations" { - name = "/configuration-api/production/bucket-name" - type = "String" - value = aws_s3_bucket.configuration.id -} +# resource "aws_ssm_parameter" "configurations" { +# name = "/configuration-api/production/bucket-name" +# type = "String" +# value = aws_s3_bucket.configuration.id +# } module "configuration_api_cloudwatch_dashboard" { source = "github.com/LBHackney-IT/aws-hackney-common-terraform.git//modules/cloudwatch/dashboards/api-dashboard" @@ -60,15 +60,15 @@ module "configuration_api_cloudwatch_dashboard" { no_sns_widget_dashboard = false } -data "aws_ssm_parameter" "cloudwatch_topic_arn" { - name = "/housing-tl/${var.environment_name}/cloudwatch-alarms-topic-arn" -} +# data "aws_ssm_parameter" "cloudwatch_topic_arn" { +# name = "/housing-tl/${var.environment_name}/cloudwatch-alarms-topic-arn" +# } -module "api-alarm" { - source = "github.com/LBHackney-IT/aws-hackney-common-terraform.git//modules/cloudwatch/api-alarm" - environment_name = var.environment_name - api_name = "configuration-api" - alarm_period = "300" - error_threshold = "1" - sns_topic_arn = data.aws_ssm_parameter.cloudwatch_topic_arn.value -} +# module "api-alarm" { +# source = "github.com/LBHackney-IT/aws-hackney-common-terraform.git//modules/cloudwatch/api-alarm" +# environment_name = var.environment_name +# api_name = "configuration-api" +# alarm_period = "300" +# error_threshold = "1" +# sns_topic_arn = data.aws_ssm_parameter.cloudwatch_topic_arn.value +# }