diff --git a/.circleci/config.yml b/.circleci/config.yml index ef23338..808f320 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,7 @@ orbs: executors: docker-python: docker: - - image: circleci/python:3.7 + - image: cimg/python:3.12 docker-terraform: docker: - image: "hashicorp/terraform:1.1.9" @@ -51,6 +51,10 @@ commands: terraform get -update=true terraform init name: get and init + # - run: + # command: | + # cd ./terraform/<>/ + # terraform import aws_dynamodb_table.accountsapi_dynamodb_table Accounts - run: name: plan command: | @@ -142,285 +146,68 @@ commands: sls deploy --stage <> --conceal jobs: - check-code-formatting: - executor: docker-dotnet - steps: - - checkout - - run: - name: Install dotnet format - command: dotnet tool install dotnet-format --tool-path ./dotnet-format-local/ - - run: - name: Run formatter check - command: ./dotnet-format-local/dotnet-format --check - build-and-test: - executor: docker-python - steps: - - checkout - - setup_remote_docker - - run: - name: build - command: docker-compose build accounts-api-test - - run: - name: Run tests - command: docker-compose run accounts-api-test - assume-role-development: - executor: docker-python - steps: - - assume-role-and-persist-workspace: - aws-account: $AWS_ACCOUNT_DEVELOPMENT - assume-role-staging: + assume-role-disaster-recovery: executor: docker-python steps: - assume-role-and-persist-workspace: - aws-account: $AWS_ACCOUNT_STAGING - assume-role-production: - executor: docker-python - steps: - - assume-role-and-persist-workspace: - aws-account: $AWS_ACCOUNT_PRODUCTION - terraform-init-and-plan-development: - executor: docker-terraform - steps: - - terraform-init-then-plan: - environment: "development" - terraform-compliance-development: - executor: docker-terraform - steps: - - terraform-compliance: - environment: "development" - terraform-apply-development: - executor: docker-terraform - steps: - - terraform-apply: - environment: "development" - terraform-init-and-plan-staging: - executor: docker-terraform - steps: - - terraform-init-then-plan: - environment: "staging" - terraform-compliance-staging: - executor: docker-terraform - steps: - - terraform-compliance: - environment: "staging" - terraform-apply-staging: - executor: docker-terraform - steps: - - terraform-apply: - environment: "staging" - terraform-init-and-plan-production: + aws-account: $AWS_ACCOUNT_DISASTER_RECOVERY + terraform-init-and-plan-disaster-recovery: executor: docker-terraform steps: - terraform-init-then-plan: environment: "production" - terraform-compliance-production: - executor: docker-terraform - steps: - - terraform-compliance: - environment: "production" - terraform-apply-production: + terraform-apply-disaster-recovery: executor: docker-terraform steps: - terraform-apply: environment: "production" - preview-development-terraform: - executor: docker-terraform - steps: - - terraform-preview: - environment: "development" - preview-staging-terraform: - executor: docker-terraform - steps: - - terraform-preview: - environment: "staging" - preview-production-terraform: - executor: docker-terraform - steps: - - terraform-preview: - environment: "production" - deploy-to-development: - executor: docker-dotnet - steps: - - deploy-lambda: - stage: "development" - deploy-to-staging: - executor: docker-dotnet - steps: - - deploy-lambda: - stage: "staging" - deploy-to-production: + deploy-to-disaster-recovery: executor: docker-dotnet steps: - deploy-lambda: stage: "production" workflows: - feature: - jobs: - - check-code-formatting: - context: api-nuget-token-context - filters: - branches: - ignore: - - development - - master - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - ignore: - - development - - master - - assume-role-development: - context: api-assume-role-housing-development-context - filters: - branches: - ignore: - - development - - master - - preview-development-terraform: - requires: - - assume-role-development - - assume-role-staging: - context: api-assume-role-housing-staging-context - filters: - branches: - ignore: - - development - - master - - preview-staging-terraform: - requires: - - assume-role-staging - - assume-role-production: - context: api-assume-role-housing-production-context - filters: - branches: - ignore: - - development - - master - - preview-production-terraform: - requires: - - assume-role-production - development: - jobs: - - check-code-formatting: - context: api-nuget-token-context - filters: - branches: - only: development - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - only: development - - assume-role-development: - context: api-assume-role-housing-development-context - requires: - - build-and-test - - terraform-init-and-plan-development: - requires: - - assume-role-development - - terraform-compliance-development: - requires: - - terraform-init-and-plan-development - - terraform-apply-development: - requires: - - terraform-compliance-development - - deploy-to-development: - context: - - api-nuget-token-context - - "Serverless Framework" - requires: - - terraform-apply-development - staging-and-production: + staging-and-disaster-recovery: jobs: - - build-and-test: - context: - - api-nuget-token-context - - SonarCloud - filters: - branches: - only: master - - assume-role-staging: - context: api-assume-role-housing-staging-context - requires: - - build-and-test - filters: - branches: - only: master - - terraform-init-and-plan-staging: - requires: - - assume-role-staging - filters: - branches: - only: master - - terraform-compliance-staging: - requires: - - terraform-init-and-plan-staging - filters: - branches: - only: master - - terraform-apply-staging: - requires: - - terraform-compliance-staging - filters: - branches: - only: master - - deploy-to-staging: - context: - - api-nuget-token-context - - "Serverless Framework" - requires: - - terraform-apply-staging - filters: - branches: - only: master - - permit-production-terraform-release: + - permit-disaster-recovery-terraform-release: type: approval + - assume-role-disaster-recovery: + context: api-assume-role-disaster-recovery-context requires: - - deploy-to-staging - - assume-role-production: - context: api-assume-role-housing-production-context - requires: - - permit-production-terraform-release + - permit-disaster-recovery-terraform-release filters: branches: - only: master - - terraform-init-and-plan-production: + only: disaster-recovery-test + - terraform-init-and-plan-disaster-recovery: requires: - - assume-role-production + - assume-role-disaster-recovery filters: branches: - only: master - - terraform-compliance-production: + only: disaster-recovery-test + - confirm-disaster-recovery-terraform-release: + type: approval requires: - - terraform-init-and-plan-production - filters: - branches: - only: master - - terraform-apply-production: + - terraform-init-and-plan-disaster-recovery + - terraform-apply-disaster-recovery: requires: - - terraform-compliance-production + - confirm-disaster-recovery-terraform-release filters: branches: - only: master - - permit-production-release: + only: disaster-recovery-test + - permit-disaster-recovery-release: type: approval requires: - - terraform-apply-production + - terraform-apply-disaster-recovery filters: branches: - only: master - - deploy-to-production: + only: disaster-recovery-test + - deploy-to-disaster-recovery: context: - api-nuget-token-context - "Serverless Framework" requires: - - permit-production-release + - permit-disaster-recovery-release filters: branches: - only: master + only: disaster-recovery-test diff --git a/AccountsApi/serverless.yml b/AccountsApi/serverless.yml index 225316e..208bc60 100644 --- a/AccountsApi/serverless.yml +++ b/AccountsApi/serverless.yml @@ -29,12 +29,6 @@ functions: - http: path: /{proxy+} method: ANY - authorizer: - arn: ${self:custom.authorizerArns.${opt:stage}} - type: request - resultTtlInSeconds: 0 - identitySource: method.request.header.Authorization - managedExternally: true cors: origin: '*' headers: @@ -94,15 +88,6 @@ resources: - Ref: 'AWS::Region' - Ref: 'AWS::AccountId' - 'log-group:/aws/lambda/*:*:*' - - Effect: "Allow" - Action: - - "s3:PutObject" - - "s3:GetObject" - Resource: - Fn::Join: - - "" - - - "arn:aws:s3:::" - - "Ref": "ServerlessDeploymentBucket" - PolicyName: lambdaInvocation PolicyDocument: Version: '2012-10-17' @@ -168,10 +153,10 @@ custom: - subnet-0ea0020a44b98a2ca production: securityGroupIds: - - sg-02a377899622e884c + - sg-0b7be628d680f9e5f subnetIds: - - subnet-0beb266003a56ca82 - - subnet-06a697d86a9b6ed01 + - subnet-05e595c59b7d6c8df + - subnet-0e6bc9b4ac24493cc #plugins: # - serverless-step-functions diff --git a/terraform/production/dynamodb.tf b/terraform/production/dynamodb.tf index 561be40..d0f6722 100644 --- a/terraform/production/dynamodb.tf +++ b/terraform/production/dynamodb.tf @@ -22,7 +22,7 @@ resource "aws_dynamodb_table" "accountsapi_dynamodb_table" { tags = { Name = "accounts-api-${var.environment_name}" - Environment = var.environment_name + Environment = "prod" terraform-managed = true project_name = var.project_name BackupPolicy = "Prod" diff --git a/terraform/production/main.tf b/terraform/production/main.tf index 10235e8..10fc1f1 100644 --- a/terraform/production/main.tf +++ b/terraform/production/main.tf @@ -30,7 +30,7 @@ locals { terraform { backend "s3" { - bucket = "terraform-state-housing-production" + bucket = "terraform-state-disaster-recovery" encrypt = true region = "eu-west-2" key = "services/accounts-api/state"