🚀 deploy lb for onr production (#9387)

* 🚀 deploy lb for onr production * fix typo * change url for onr and add DNS record * simplify lb alias record * fix lb host header value
ministryofjustice · Jan 17, 2025 · de3d0b6 · de3d0b6
1 parent a41eefd
commit de3d0b6
Show file tree

Hide file tree

Showing 2 changed files with 143 additions and 2 deletions.
diff --git a/terraform/environments/oasys-national-reporting/locals_preproduction.tf b/terraform/environments/oasys-national-reporting/locals_preproduction.tf
@@ -181,7 +181,7 @@ locals {
       }
     }
 
-    # DO NOT DEPLOY YET AS OTHER THINGS AREN'T READY
+    # DO NOT FULLY DEPLOY YET AS WEB INSTANCES ARE NOT IN USE
     lbs = {
       public = merge(local.lbs.public, {
         instance_target_groups = {
@@ -274,7 +274,7 @@ locals {
       #           conditions = [{
       #             host_header = {
       #               values = [
-      #                 "pp-onr-web-1-a.oasys-national-reporting.hmpps-test.modernisation-platform.service.justice.gov.uk",
+      #                 "pp-onr-web-1-a.oasys-national-reporting.hmpps-preproduction.modernisation-platform.service.justice.gov.uk",
       #               ]
       #             }
       #           }]

diff --git a/terraform/environments/oasys-national-reporting/locals_production.tf b/terraform/environments/oasys-national-reporting/locals_production.tf
@@ -131,6 +131,144 @@ locals {
       }
     }
 
+    # DO NOT FULLY DEPLOY YET AS WEB INSTANCES ARE NOT IN USE
+    lbs = {
+      public = merge(local.lbs.public, {
+        instance_target_groups = {
+          pd-onr-bods-http28080 = merge(local.lbs.public.instance_target_groups.http28080, {
+            attachments = [
+              { ec2_instance_name = "pd-onr-bods-1" },
+            ]
+          })
+        }
+        listeners = merge(local.lbs.public.listeners, {
+          https = merge(local.lbs.public.listeners.https, {
+            alarm_target_group_names = []
+            rules = {
+              pd-onr-bods-http28080 = {
+                priority = 100
+                actions = [{
+                  type              = "forward"
+                  target_group_name = "pd-onr-bods-http28080"
+                }]
+                conditions = [{
+                  host_header = {
+                    values = [
+                      "bods.reporting.oasys.service.justice.gov.uk",
+                    ]
+                  }
+                }]
+              }
+            }
+          })
+        })
+      })
+
+      # No web instances built yet, not in use
+      # private = {
+      #   drop_invalid_header_fields       = false # https://me.sap.com/notes/0003348935
+      #   enable_cross_zone_load_balancing = true
+      #   enable_delete_protection         = false
+      #   idle_timeout                     = 3600
+      #   internal_lb                      = true
+      #   load_balancer_type               = "application"
+      #   security_groups                  = ["lb"]
+      #   subnets                          = module.environment.subnets["private"].ids
+
+      #   instance_target_groups = {
+      #     pd-onr-web-1-a = {
+      #       port     = 7777
+      #       protocol = "HTTP"
+      #       health_check = {
+      #         enabled             = true
+      #         healthy_threshold   = 3
+      #         interval            = 30
+      #         matcher             = "200-399"
+      #         path                = "/"
+      #         port                = 7777
+      #         timeout             = 5
+      #         unhealthy_threshold = 5
+      #       }
+      #       stickiness = {
+      #         enabled = true
+      #         type    = "lb_cookie"
+      #       }
+      #       attachments = [
+      #         { ec2_instance_name = "pd-onr-web-1-a" },
+      #       ]
+      #     }
+      #   }
+
+      #   listeners = {
+      #     http = {
+      #       port     = 7777
+      #       protocol = "HTTP"
+
+      #       default_action = {
+      #         type = "fixed-response"
+      #         fixed_response = {
+      #           content_type = "text/plain"
+      #           message_body = "Not implemented"
+      #           status_code  = "501"
+      #         }
+      #       }
+      #       rules = {
+      #         pd-onr-web-1-a = {
+      #           priority = 4000
+
+      #           actions = [{
+      #             type              = "forward"
+      #             target_group_name = "pd-onr-web-1-a"
+      #           }]
+
+      #           conditions = [{
+      #             host_header = {
+      #               values = [
+      #                 "pd-onr-web-1-a.oasys-national-reporting.hmpps-production.modernisation-platform.service.justice.gov.uk",
+      #               ]
+      #             }
+      #           }]
+      #         }
+      #       }
+      #     }
+      #     https = {
+      #       certificate_names_or_arns = ["oasys_national_reporting_wildcard_cert"]
+      #       port                      = 443
+      #       protocol                  = "HTTPS"
+      #       ssl_policy                = "ELBSecurityPolicy-2016-08"
+
+      #       default_action = {
+      #         type = "fixed-response"
+      #         fixed_response = {
+      #           content_type = "text/plain"
+      #           message_body = "Not implemented"
+      #           status_code  = "501"
+      #         }
+      #       }
+
+      #       rules = {
+      #         pd-onr-web-1-a = {
+      #           priority = 4580
+
+      #           actions = [{
+      #             type              = "forward"
+      #             target_group_name = "pd-onr-web-1-a"
+      #           }]
+
+      #           conditions = [{
+      #             host_header = {
+      #               values = [
+      #                 "pd-onr-web-1-a.oasys-national-reporting.hmpps-production.modernisation-platform.service.justice.gov.uk",
+      #               ]
+      #             }
+      #           }]
+      #         }
+      #       }
+      #     }
+      #   }
+      # }
+    } # end of lbs
+
     route53_zones = {
       "reporting.oasys.service.justice.gov.uk" = {
         ns_records = [
@@ -142,6 +280,9 @@ locals {
           { name = "test", type = "NS", ttl = "86000", records = ["ns-1440.awsdns-52.org", "ns-1823.awsdns-35.co.uk", "ns-43.awsdns-05.com", "ns-893.awsdns-47.net"] },
           { name = "preproduction", type = "NS", ttl = "86400", records = ["ns-1161.awsdns-17.org", "ns-2014.awsdns-59.co.uk", "ns-487.awsdns-60.com", "ns-919.awsdns-50.net"] },
         ]
+        lb_alias_records = [
+          { name = "bods", type = "A", lbs_map_key = "public" }
+        ],
       }
       "production.reporting.oasys.service.justice.gov.uk" = {
       }