diff --git a/Makefile b/Makefile index a57b05359..1af78e340 100644 --- a/Makefile +++ b/Makefile @@ -34,9 +34,11 @@ build-and-push: # Build lambda docker images and pushes them to ECR deploy: # Deploys whole project - mandatory: PROFILE eval "$$(make -s populate-tagging-variables)" make terraform-apply-auto-approve STACKS=api-key,shared-resources,application,blue-green-link + make terraform-apply-auto-approve STACKS=cloudwatch-queries TF_CLI_ARGS="-parallelism=3" undeploy: # Undeploys whole project - mandatory: PROFILE eval "$$(make -s populate-tagging-variables)" + make terraform-destroy-auto-approve STACKS=cloudwatch-queries make terraform-destroy-auto-approve STACKS=blue-green-link,application,shared-resources VERSION=any if [ "$(PROFILE)" != "live" ]; then make terraform-destroy-auto-approve STACKS=api-key @@ -464,6 +466,10 @@ link-blue-green-environment: # Links blue green environment - mandatory: PROFILE eval "$$(make -s populate-tagging-variables)" make terraform-apply-auto-approve STACKS=blue-green-link +deploy-cloudwatch-queries: # Deploys CloudWatch query definitions with reduced parallelism - mandatory: PROFILE, ENVIRONMENT, SHARED_ENVIRONMENT, BLUE_GREEN_ENVIRONMENT + eval "$$(make -s populate-tagging-variables)" + make terraform-apply-auto-approve STACKS=cloudwatch-queries TF_CLI_ARGS="-parallelism=3" + undeploy-shared-resources: # Undeploys shared resources (Only intended to run in pipeline) - mandatory: PROFILE, ENVIRONMENT, SHARED_ENVIRONMENT, BLUE_GREEN_ENVIRONMENT eval "$$(make -s populate-tagging-variables)" make terraform-destroy-auto-approve STACKS=shared-resources @@ -475,6 +481,10 @@ undeploy-blue-green-environment: # Undeploys blue/green resources (Only intended eval "$$(make -s populate-tagging-variables)" make terraform-destroy-auto-approve STACKS=application +undeploy-cloudwatch-queries: # Undeploys CloudWatch query definitions - mandatory: PROFILE, ENVIRONMENT, SHARED_ENVIRONMENT, BLUE_GREEN_ENVIRONMENT + eval "$$(make -s populate-tagging-variables)" + make terraform-destroy-auto-approve STACKS=cloudwatch-queries + unlink-blue-green-environment: # Un-Links blue green environment - mandatory: PROFILE, ENVIRONMENT, SHARED_ENVIRONMENT, BLUE_GREEN_ENVIRONMENT eval "$$(make -s populate-tagging-variables)" make terraform-destroy-auto-approve STACKS=blue-green-link diff --git a/infrastructure/stacks/cloudwatch-queries/.terraform.lock.hcl b/infrastructure/stacks/cloudwatch-queries/.terraform.lock.hcl new file mode 100644 index 000000000..e5ec8d1b1 --- /dev/null +++ b/infrastructure/stacks/cloudwatch-queries/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "6.14.1" + constraints = "~> 6.14.1" + hashes = [ + "h1:XJ0I5WyuOLJvx7zWDOhcNPFFUJ0FP7yr5zfIUyYkHCs=", + "zh:14d0b4b3dffb3368e6257136bbab1f93d419863dd65d99ef80ca2c1dd3c72a1e", + "zh:1de3601251f87a0a989c4b3474baa2efcaf491804f8d7afe15421b728bac5dc5", + "zh:2cfe42b853a3b4117bdbb73e5715035eac9b8d753d6e653fd5f30a807a36b985", + "zh:3dd8a0336face356928faf2396065634739ef2c3ac3dcaa655570df205559fd9", + "zh:42712baca386b84e089b1db8b7844038557f4039b32d8702611aa67eadef7d0f", + "zh:4ffc698099e4d7ffc6b0490a4e78ad66b041afd54e988b8bf8e229bcdd4b3ead", + "zh:52a6a3b01cb34394b0d06b273b27702fb9d795290a02e5824e198315787e8446", + "zh:56eae388c48a844401e44811719dc23be84de538468fd12b7265b06acbf4b51d", + "zh:614a918fdf27416b2ee2ce1737895b791f59f9deff3b61246c62a992eabfb8eb", + "zh:68605e159177b57fdc4a26bb2caff69a7b69593a601145b7ab5a86fd44b28b9f", + "zh:771ac00fd5f211052d735ff0e4b9ec67288abd1e22ffea4ed774aec73c7e5687", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:a1355841161e5b53dc3078c88aae1972fd4a9c0d30309b18b1951137b96571fa", + "zh:a3c8ca40c1fa7ad76d3d4c3c0039b66a93cc96399e757d2caa0b5cdedce9d3e8", + "zh:c77e02a72ef9eb0eb65faaf84c33af843520622dbb51ec31d04ca371bd4d4ee8", + ] +} diff --git a/infrastructure/stacks/blue-green-link/cloudwatch-queries.tf b/infrastructure/stacks/cloudwatch-queries/cloudwatch-queries.tf similarity index 90% rename from infrastructure/stacks/blue-green-link/cloudwatch-queries.tf rename to infrastructure/stacks/cloudwatch-queries/cloudwatch-queries.tf index 968c08743..5eda0427b 100644 --- a/infrastructure/stacks/blue-green-link/cloudwatch-queries.tf +++ b/infrastructure/stacks/cloudwatch-queries/cloudwatch-queries.tf @@ -16,10 +16,6 @@ fields @timestamp, correlation_id, ods_code, function_name, message | filter level == 'ERROR' | sort @timestamp EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_by_correlation_id" { @@ -40,10 +36,6 @@ fields @timestamp, message | filter correlation_id == 'REPLACE' | sort @timestamp EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_by_correlation_id_expanded" { @@ -64,10 +56,6 @@ fields @timestamp,correlation_id,ods_code,level,message_received,function_name, | filter correlation_id == 'REPLACE' | sort @timestamp EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_by_odscode" { @@ -88,10 +76,6 @@ fields @timestamp, message | filter ods_code == 'REPLACE' | sort @timestamp EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_by_odscode_expanded" { @@ -112,10 +96,6 @@ fields @timestamp,correlation_id,ods_code,level,message_received,function_name, | filter ods_code == 'REPLACE' | sort @timestamp EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_for_invalid_postcode" { @@ -130,10 +110,6 @@ fields @timestamp,correlation_id,ods_code,level,message_received,function_name, | filter report_key == 'INVALID_POSTCODE' | sort @timestamp EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_for_invalid_opening_times" { @@ -148,10 +124,6 @@ fields @timestamp,correlation_id,ods_code,level,message_received,function_name, | filter report_key == 'INVALID_OPEN_TIMES' | sort @timestamp EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_by_email_correlation_id" { @@ -167,10 +139,6 @@ fields correlation_id | filter message =="Email Correlation Id" | filter email_correlation_id == "ADD_EMAIL_CORRELATION_ID" EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_by_update_request_success" { @@ -185,10 +153,6 @@ fields @timestamp, correlation_id | filter ServiceUpdateSuccess == 1 | sort @timestamp desc EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_by_update_request_failed" { @@ -203,10 +167,6 @@ fields @timestamp, correlation_id, report_key | filter report_key == DOS_DB_UPDATE_DLQ_HANDLER_RECEIVED_EVENT | sort @timestamp desc EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_by_dos_data_item_updates" { @@ -223,10 +183,6 @@ fields @timestamp, correlation_id | filter field == 'REPLACE' | sort @timestamp desc EOF - - provisioner "local-exec" { - command = "sleep 30" - } } resource "aws_cloudwatch_query_definition" "search_for_report_warnings" { @@ -248,13 +204,8 @@ fields @timestamp, correlation_id, message | filter level == 'WARNING' | sort @timestamp desc EOF - - provisioner "local-exec" { - command = "sleep 30" - } } - resource "aws_cloudwatch_query_definition" "search_for_quality_checker_logs_with_odscode" { name = "${var.project_id}/${var.blue_green_environment}/search-for-quality-checker-logs-with-odscode" @@ -267,8 +218,4 @@ fields @timestamp, level, message | filter odscode = 'TO_ADD' | sort @timestamp asc EOF - - provisioner "local-exec" { - command = "sleep 30" - } } diff --git a/infrastructure/stacks/cloudwatch-queries/terraform.tf b/infrastructure/stacks/cloudwatch-queries/terraform.tf new file mode 100644 index 000000000..5a3d2f3fc --- /dev/null +++ b/infrastructure/stacks/cloudwatch-queries/terraform.tf @@ -0,0 +1,11 @@ +terraform { + backend "s3" { + encrypt = true + } + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 6.14.1" + } + } +} diff --git a/infrastructure/stacks/cloudwatch-queries/variables.tf b/infrastructure/stacks/cloudwatch-queries/variables.tf new file mode 100644 index 000000000..2cd5dd9e4 --- /dev/null +++ b/infrastructure/stacks/cloudwatch-queries/variables.tf @@ -0,0 +1,43 @@ +# ############## +# # LAMBDAS +# ############## + +variable "change_event_dlq_handler_lambda" { + type = string + description = "Name of fifo dlq handler lambda" +} + +variable "dos_db_update_dlq_handler_lambda" { + type = string + description = "Name of cr_fifo dlq handler lambda" +} + +variable "event_replay_lambda" { + type = string + description = "Name of event replay lambda" +} + +variable "ingest_change_event_lambda" { + type = string + description = "Name of ingest change event lambda" +} + +variable "send_email_lambda" { + type = string + description = "Name of send email lambda" +} + +variable "service_matcher_lambda" { + type = string + description = "Name of event processor lambda" +} + +variable "service_sync_lambda" { + type = string + description = "Name of event sender lambda" +} + +variable "quality_checker_lambda" { + type = string + description = "Name of quality checker lambda" +} diff --git a/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-batch-jobs/deploy-cloudwatch-queries.yml b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-batch-jobs/deploy-cloudwatch-queries.yml new file mode 100644 index 000000000..30ba96136 --- /dev/null +++ b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-batch-jobs/deploy-cloudwatch-queries.yml @@ -0,0 +1,35 @@ +# For documentation see here - https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html +version: 0.2 + +phases: + pre_build: + commands: + - chown -R 999:999 $CODEBUILD_SRC_DIR + - temp_role=$(aws sts assume-role --role-arn "arn:aws:iam::$AWS_ACCOUNT_ID_NONPROD:role/$PIPELINE_BUILD_ROLE" --role-session-name "CodeBuildSessionNonProd") + - export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId) + - export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey) + - export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken) + - make docker-hub-signin + - unset AWS_ACCESS_KEY_ID + - unset AWS_SECRET_ACCESS_KEY + - unset AWS_SESSION_TOKEN + - | + if [[ "$AWS_ACCOUNT" == "PROD" ]]; then + temp_role=$(aws sts assume-role --role-arn "arn:aws:iam::$AWS_ACCOUNT_ID_PROD:role/$PIPELINE_BUILD_ROLE" --role-session-name "CodeBuildSession") + else + temp_role=$(aws sts assume-role --role-arn "arn:aws:iam::$AWS_ACCOUNT_ID_NONPROD:role/$PIPELINE_BUILD_ROLE" --role-session-name "CodeBuildSession") + fi + - export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId) + - export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey) + - export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken) + - aws sts get-caller-identity + - make -s clean + build: + on-failure: CONTINUE + commands: + - echo "[Deploying CloudWatch Queries]" + - echo AWS_ACCOUNT=$AWS_ACCOUNT + - echo ENVIRONMENT=$ENVIRONMENT + - echo PROFILE=$PROFILE + - eval "$$(make -s populate-tagging-variables)" + - make deploy-cloudwatch-queries VERSION=$CODEBUILD_RESOLVED_SOURCE_VERSION PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT diff --git a/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-batch-jobs/deploy-set-environment.yml b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-batch-jobs/deploy-set-environment.yml index 634882eec..796b38c1b 100644 --- a/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-batch-jobs/deploy-set-environment.yml +++ b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-batch-jobs/deploy-set-environment.yml @@ -30,4 +30,4 @@ phases: - echo AWS_ACCOUNT=$AWS_ACCOUNT - echo ENVIRONMENT=$ENVIRONMENT - echo PROFILE=$PROFILE - - make deploy VERSION=$CODEBUILD_RESOLVED_SOURCE_VERSION PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT TF_CLI_ARGS="-parallelism=30" + - make terraform-apply-auto-approve STACKS=api-key,shared-resources,application,blue-green-link VERSION=$CODEBUILD_RESOLVED_SOURCE_VERSION PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT TF_CLI_ARGS="-parallelism=30" diff --git a/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-buildspec.yml b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-buildspec.yml index 9073e3a97..15cc1f97f 100644 --- a/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-buildspec.yml +++ b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-buildspec.yml @@ -125,6 +125,19 @@ batch: - build_slack_messenger - build_quality_checker + - identifier: deploy_cloudwatch_queries + env: + compute-type: BUILD_GENERAL1_SMALL + image: aws/codebuild/amazonlinux2-x86_64-standard:5.0 + type: LINUX_CONTAINER + privileged-mode: true + variables: + PROFILE: dev + ENVIRONMENT: release + buildspec: infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/build-deploy-test-release-batch-jobs/deploy-cloudwatch-queries.yml + depend-on: + - deploy + - identifier: integration_test env: compute-type: BUILD_GENERAL1_LARGE diff --git a/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/task-env-deploy-and-test-batch-jobs/deploy-cloudwatch-queries.yml b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/task-env-deploy-and-test-batch-jobs/deploy-cloudwatch-queries.yml new file mode 100644 index 000000000..5ef6e4feb --- /dev/null +++ b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/task-env-deploy-and-test-batch-jobs/deploy-cloudwatch-queries.yml @@ -0,0 +1,32 @@ +# For documentation see here - https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html +version: 0.2 + +phases: + pre_build: + commands: + - temp_role=$(aws sts assume-role --role-arn "arn:aws:iam::$AWS_ACCOUNT_ID_NONPROD:role/$PIPELINE_BUILD_ROLE" --role-session-name "CodeBuildSession") + - export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId) + - export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey) + - export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken) + - make docker-hub-signin + - unset AWS_ACCESS_KEY_ID + - unset AWS_SECRET_ACCESS_KEY + - unset AWS_SESSION_TOKEN + + - temp_role=$(aws sts assume-role --role-arn "arn:aws:iam::$AWS_ACCOUNT_ID_NONPROD:role/$PIPELINE_BUILD_ROLE" --role-session-name "CodeBuildSession") + - export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId) + - export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey) + - export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken) + - echo PROFILE = $PROFILE + build: + on-failure: CONTINUE + commands: + - export BUILD_BRANCH=$(echo $CODEBUILD_WEBHOOK_TRIGGER | sed -e "s|^refs/heads/||") + - echo Branch = $BUILD_BRANCH + - | + if [ -z "$BUILD_BRANCH" ]; then + echo "Not triggered by branch will stop deploying CloudWatch queries" + exit + fi + - echo "[Deploying CloudWatch Queries]" + - make deploy-cloudwatch-queries VERSION=$(make commit-date-hash-tag) BUILD_BRANCH=$BUILD_BRANCH PROFILE=$PROFILE diff --git a/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/task-env-deploy-and-test-buildspec.yml b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/task-env-deploy-and-test-buildspec.yml index 4991ee13e..39bdfd627 100644 --- a/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/task-env-deploy-and-test-buildspec.yml +++ b/infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/task-env-deploy-and-test-buildspec.yml @@ -136,6 +136,18 @@ batch: - build_quality_checker - deploy_prerequisites + - identifier: deploy_cloudwatch_queries + env: + compute-type: BUILD_GENERAL1_SMALL + image: aws/codebuild/amazonlinux2-x86_64-standard:5.0 + type: LINUX_CONTAINER + privileged-mode: true + variables: + PROFILE: dev + buildspec: infrastructure/stacks/development-and-deployment-tools/batch-buildspecs/task-env-deploy-and-test-batch-jobs/deploy-cloudwatch-queries.yml + depend-on: + - deploy + - identifier: integration_test_reporting env: compute-type: BUILD_GENERAL1_LARGE diff --git a/infrastructure/stacks/development-and-deployment-tools/buildspecs/delete-blue-green-environment-buildspec.yml b/infrastructure/stacks/development-and-deployment-tools/buildspecs/delete-blue-green-environment-buildspec.yml index 1ec689b35..890d829fb 100644 --- a/infrastructure/stacks/development-and-deployment-tools/buildspecs/delete-blue-green-environment-buildspec.yml +++ b/infrastructure/stacks/development-and-deployment-tools/buildspecs/delete-blue-green-environment-buildspec.yml @@ -39,6 +39,9 @@ phases: # Only destroy the environment if it exists - | if [ -n "$ENVIRONMENT_DEPLOYED" ]; then + echo "[Destroying CloudWatch Queries]"; + make undeploy-cloudwatch-queries PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT BLUE_GREEN_ENVIRONMENT=$BLUE_GREEN_ENVIRONMENT TF_CLI_ARGS="-parallelism=30" || echo "CloudWatch queries already destroyed or don't exist"; + echo "[Destroying Application Stack]"; make undeploy-blue-green-environment PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT BLUE_GREEN_ENVIRONMENT=$BLUE_GREEN_ENVIRONMENT TF_CLI_ARGS="-parallelism=30"; fi - diff --git a/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-cloudwatch-queries-buildspec.yml b/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-cloudwatch-queries-buildspec.yml new file mode 100644 index 000000000..336d6c082 --- /dev/null +++ b/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-cloudwatch-queries-buildspec.yml @@ -0,0 +1,44 @@ +# For documentation see here - https://docs.aws.amazon.com/codebuild/latest/userguide/build-spec-ref.html +version: 0.2 + +# This buildspec deploys CloudWatch query definitions for a specific blue-green environment. +# Required environment variables (passed from pipeline): +# - PROFILE: The deployment profile (e.g., dev, demo, live) +# - SHARED_ENVIRONMENT: The shared environment name +# - BLUE_GREEN_ENVIRONMENT: The blue-green environment identifier (will be derived from SSM parameter) +# - AWS_ACCOUNT: The AWS account type (NONPROD or PROD) + +phases: + pre_build: + commands: + - chown -R 999:999 $CODEBUILD_SRC_DIR + - temp_role=$(aws sts assume-role --role-arn "arn:aws:iam::$AWS_ACCOUNT_ID_NONPROD:role/$PIPELINE_BUILD_ROLE" --role-session-name "CodeBuildSessionNonProd") + - export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId) + - export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey) + - export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken) + - make docker-hub-signin + - unset AWS_ACCESS_KEY_ID + - unset AWS_SECRET_ACCESS_KEY + - unset AWS_SESSION_TOKEN + - | + if [[ "$AWS_ACCOUNT" == "PROD" ]]; then + temp_role=$(aws sts assume-role --role-arn "arn:aws:iam::$AWS_ACCOUNT_ID_PROD:role/$PIPELINE_BUILD_ROLE" --role-session-name "CodeBuildSession") + else + temp_role=$(aws sts assume-role --role-arn "arn:aws:iam::$AWS_ACCOUNT_ID_NONPROD:role/$PIPELINE_BUILD_ROLE" --role-session-name "CodeBuildSession") + fi + - export AWS_ACCESS_KEY_ID=$(echo $temp_role | jq -r .Credentials.AccessKeyId) + - export AWS_SECRET_ACCESS_KEY=$(echo $temp_role | jq -r .Credentials.SecretAccessKey) + - export AWS_SESSION_TOKEN=$(echo $temp_role | jq -r .Credentials.SessionToken) + - aws sts get-caller-identity + - make -s clean + build: + commands: + # Get the current blue-green environment from the blue-green-link stack + - echo "[Getting Current Blue-Green Environment]" + - export ENVIRONMENT=$SHARED_ENVIRONMENT + - export BLUE_GREEN_ENVIRONMENT=$(make terraform-output STACKS=blue-green-link OPTS='-raw connected_blue_green_environment' PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT | tail -n -1) + - echo "[Deploying CloudWatch Queries]" + - echo PROFILE=$PROFILE + - echo SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT + - echo BLUE_GREEN_ENVIRONMENT=$BLUE_GREEN_ENVIRONMENT + - make deploy-cloudwatch-queries PROFILE=$PROFILE ENVIRONMENT=$SHARED_ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT BLUE_GREEN_ENVIRONMENT=$BLUE_GREEN_ENVIRONMENT diff --git a/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-full-environment-buildspec.yml b/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-full-environment-buildspec.yml index 634882eec..54602bb8b 100644 --- a/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-full-environment-buildspec.yml +++ b/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-full-environment-buildspec.yml @@ -30,4 +30,5 @@ phases: - echo AWS_ACCOUNT=$AWS_ACCOUNT - echo ENVIRONMENT=$ENVIRONMENT - echo PROFILE=$PROFILE - - make deploy VERSION=$CODEBUILD_RESOLVED_SOURCE_VERSION PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT TF_CLI_ARGS="-parallelism=30" + - eval "$$(make -s populate-tagging-variables)" + - make terraform-apply-auto-approve STACKS=api-key,shared-resources,application,blue-green-link VERSION=$CODEBUILD_RESOLVED_SOURCE_VERSION PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT TF_CLI_ARGS="-parallelism=30" diff --git a/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-shared-resources-environment-buildspec.yml b/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-shared-resources-environment-buildspec.yml index 8657e5c0e..7d552df8f 100644 --- a/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-shared-resources-environment-buildspec.yml +++ b/infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-shared-resources-environment-buildspec.yml @@ -39,6 +39,10 @@ phases: - export CURRENT_VERSION=$(make terraform-output STACKS=blue-green-link OPTS='-raw connected_blue_green_environment' PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT | tail -n -1) - export PREVIOUS_VERSION=$(make terraform-output STACKS=blue-green-link OPTS='-raw previous_blue_green_environment' PROFILE=$PROFILE ENVIRONMENT=$ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT | tail -n -1) + # Remove CloudWatch queries before unlinking + - echo "[Undeploying CloudWatch Queries]" + - make undeploy-cloudwatch-queries PROFILE=$PROFILE ENVIRONMENT=$SHARED_ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT BLUE_GREEN_ENVIRONMENT=$CURRENT_VERSION || echo "CloudWatch queries already destroyed or don't exist" + # Remove the blue-green-link terraform stack to allow changes to be made to the shared resources - echo "[Unlink Existing Version]" - echo BLUE/GREEN CURRENT_VERSION=$CURRENT_VERSION diff --git a/infrastructure/stacks/development-and-deployment-tools/buildspecs/rollback-blue-green-deployment-buildspec.yml b/infrastructure/stacks/development-and-deployment-tools/buildspecs/rollback-blue-green-deployment-buildspec.yml index d47329dab..1d59d4e34 100644 --- a/infrastructure/stacks/development-and-deployment-tools/buildspecs/rollback-blue-green-deployment-buildspec.yml +++ b/infrastructure/stacks/development-and-deployment-tools/buildspecs/rollback-blue-green-deployment-buildspec.yml @@ -40,7 +40,13 @@ phases: # PREVIOUS_VERSION is the version of the environment that was not linked to the environment at the start of the build - echo CURRENT_VERSION=$CURRENT_VERSION - echo PREVIOUS_VERSION=$PREVIOUS_VERSION + # Undeploy CloudWatch queries for current version before unlinking + - echo "[Undeploying CloudWatch Queries for Current Version]" + - make undeploy-cloudwatch-queries PROFILE=$PROFILE ENVIRONMENT=$SHARED_ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT BLUE_GREEN_ENVIRONMENT=$CURRENT_VERSION || echo "CloudWatch queries already destroyed or don't exist" # Unlink environment from current version - make unlink-blue-green-environment BLUE_GREEN_ENVIRONMENT=$PREVIOUS_VERSION PROFILE=$PROFILE ENVIRONMENT=$SHARED_ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT TF_CLI_ARGS="-parallelism=30" # Rollback environment to previous version - make link-blue-green-environment BLUE_GREEN_ENVIRONMENT=$PREVIOUS_VERSION PROFILE=$PROFILE ENVIRONMENT=$SHARED_ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT TF_VAR_previous_blue_green_environment=$CURRENT_VERSION TF_CLI_ARGS="-parallelism=30" + # Deploy cloudwatch queries for the rollback version + - echo "[Deploying CloudWatch Queries for Rollback Version]" + - make deploy-cloudwatch-queries PROFILE=$PROFILE ENVIRONMENT=$SHARED_ENVIRONMENT SHARED_ENVIRONMENT=$SHARED_ENVIRONMENT BLUE_GREEN_ENVIRONMENT=$PREVIOUS_VERSION diff --git a/infrastructure/stacks/development-and-deployment-tools/cicd_blue_green_deployment_pipeline.tf b/infrastructure/stacks/development-and-deployment-tools/cicd_blue_green_deployment_pipeline.tf index 21ef9f639..6605522c1 100644 --- a/infrastructure/stacks/development-and-deployment-tools/cicd_blue_green_deployment_pipeline.tf +++ b/infrastructure/stacks/development-and-deployment-tools/cicd_blue_green_deployment_pipeline.tf @@ -125,6 +125,38 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" { } } } + dynamic "action" { + for_each = local.cicd_nonprod_environments + content { + name = "Deploy_CloudWatch_Queries_${action.value["SHARED_ENVIRONMENT"]}" + category = "Build" + owner = "AWS" + provider = "CodeBuild" + input_artifacts = ["source_output"] + version = "1" + run_order = 3 + configuration = { + ProjectName = aws_codebuild_project.deploy_cloudwatch_queries_stage.name + EnvironmentVariables = jsonencode([ + { + name = "AWS_ACCOUNT" + value = "${action.value["AWS_ACCOUNT"]}" + type = "PLAINTEXT" + }, + { + name = "PROFILE" + value = "${action.value["PROFILE"]}" + type = "PLAINTEXT" + }, + { + name = "SHARED_ENVIRONMENT" + value = "${action.value["SHARED_ENVIRONMENT"]}" + type = "PLAINTEXT" + } + ]) + } + } + } } stage { name = "Deploy_Cicd_Release_Environment" @@ -160,11 +192,43 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" { } } } + dynamic "action" { + for_each = local.cicd_prod_environments + content { + name = "Deploy_CloudWatch_Queries_${action.value["SHARED_ENVIRONMENT"]}" + category = "Build" + owner = "AWS" + provider = "CodeBuild" + input_artifacts = ["source_output"] + version = "1" + run_order = 2 + configuration = { + ProjectName = aws_codebuild_project.deploy_cloudwatch_queries_stage.name + EnvironmentVariables = jsonencode([ + { + name = "AWS_ACCOUNT" + value = "${action.value["AWS_ACCOUNT"]}" + type = "PLAINTEXT" + }, + { + name = "PROFILE" + value = "${action.value["PROFILE"]}" + type = "PLAINTEXT" + }, + { + name = "SHARED_ENVIRONMENT" + value = "${action.value["SHARED_ENVIRONMENT"]}" + type = "PLAINTEXT" + } + ]) + } + } + } action { name = "Smoke_Test_Latest_Version" category = "Build" owner = "AWS" - run_order = 2 + run_order = 3 provider = "CodeBuild" input_artifacts = ["source_output"] version = "1" @@ -194,7 +258,7 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" { name = "Rollback_To_Previous_Version" category = "Build" owner = "AWS" - run_order = 3 + run_order = 4 provider = "CodeBuild" input_artifacts = ["source_output"] version = "1" @@ -223,7 +287,7 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" { name = "Smoke_Test_Previous_Version" category = "Build" owner = "AWS" - run_order = 4 + run_order = 5 provider = "CodeBuild" input_artifacts = ["source_output"] version = "1" @@ -252,7 +316,7 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" { name = "Rollback_To_Latest_Version" category = "Build" owner = "AWS" - run_order = 5 + run_order = 6 provider = "CodeBuild" input_artifacts = ["source_output"] version = "1" @@ -322,6 +386,35 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" { ]) } } + action { + name = "Deploy_CloudWatch_Queries_Live" + category = "Build" + owner = "AWS" + run_order = 2 + provider = "CodeBuild" + input_artifacts = ["source_output"] + version = "1" + configuration = { + ProjectName = aws_codebuild_project.deploy_cloudwatch_queries_stage.name + EnvironmentVariables = jsonencode([ + { + name = "AWS_ACCOUNT" + value = "PROD" + type = "PLAINTEXT" + }, + { + name = "PROFILE" + value = "live" + type = "PLAINTEXT" + }, + { + name = "SHARED_ENVIRONMENT" + value = "live" + type = "PLAINTEXT" + } + ]) + } + } } depends_on = [ module.cicd_blue_green_deployment_pipeline_artefact_bucket, @@ -329,6 +422,7 @@ resource "aws_codepipeline" "cicd_blue_green_deployment_pipeline" { aws_codebuild_project.build_image_stage, aws_codebuild_project.integration_tests, aws_codebuild_project.deploy_blue_green_environment_stage, + aws_codebuild_project.deploy_cloudwatch_queries_stage, ] } diff --git a/infrastructure/stacks/development-and-deployment-tools/cicd_shared_resources_pipeline.tf b/infrastructure/stacks/development-and-deployment-tools/cicd_shared_resources_pipeline.tf index 265980717..0ec4b09c6 100644 --- a/infrastructure/stacks/development-and-deployment-tools/cicd_shared_resources_pipeline.tf +++ b/infrastructure/stacks/development-and-deployment-tools/cicd_shared_resources_pipeline.tf @@ -85,6 +85,38 @@ resource "aws_codepipeline" "cicd_shared_resources_deployment_pipeline" { } } } + dynamic "action" { + for_each = local.cicd_nonprod_environments + content { + name = "Deploy_CloudWatch_Queries_${action.value["SHARED_ENVIRONMENT"]}" + category = "Build" + owner = "AWS" + run_order = 3 + provider = "CodeBuild" + input_artifacts = ["source_output"] + version = "1" + configuration = { + ProjectName = aws_codebuild_project.deploy_cloudwatch_queries_stage.name + EnvironmentVariables = jsonencode([ + { + name = "AWS_ACCOUNT" + value = "${action.value["AWS_ACCOUNT"]}" + type = "PLAINTEXT" + }, + { + name = "PROFILE" + value = "${action.value["PROFILE"]}" + type = "PLAINTEXT" + }, + { + name = "SHARED_ENVIRONMENT" + value = "${action.value["SHARED_ENVIRONMENT"]}" + type = "PLAINTEXT" + } + ]) + } + } + } } stage { name = "Deploy_Cicd_Release_Environment" @@ -120,11 +152,43 @@ resource "aws_codepipeline" "cicd_shared_resources_deployment_pipeline" { } } } + dynamic "action" { + for_each = local.cicd_prod_environments + content { + name = "Deploy_CloudWatch_Queries_${action.value["SHARED_ENVIRONMENT"]}" + category = "Build" + owner = "AWS" + run_order = 2 + provider = "CodeBuild" + input_artifacts = ["source_output"] + version = "1" + configuration = { + ProjectName = aws_codebuild_project.deploy_cloudwatch_queries_stage.name + EnvironmentVariables = jsonencode([ + { + name = "AWS_ACCOUNT" + value = "${action.value["AWS_ACCOUNT"]}" + type = "PLAINTEXT" + }, + { + name = "PROFILE" + value = "${action.value["PROFILE"]}" + type = "PLAINTEXT" + }, + { + name = "SHARED_ENVIRONMENT" + value = "${action.value["SHARED_ENVIRONMENT"]}" + type = "PLAINTEXT" + } + ]) + } + } + } action { name = "Smoke_Test_New_Version" category = "Build" owner = "AWS" - run_order = 2 + run_order = 3 provider = "CodeBuild" input_artifacts = ["source_output"] version = "1" @@ -195,12 +259,42 @@ resource "aws_codepipeline" "cicd_shared_resources_deployment_pipeline" { ]) } } + action { + name = "Deploy_CloudWatch_Queries_Live" + category = "Build" + owner = "AWS" + run_order = 2 + provider = "CodeBuild" + input_artifacts = ["source_output"] + version = "1" + configuration = { + ProjectName = aws_codebuild_project.deploy_cloudwatch_queries_stage.name + EnvironmentVariables = jsonencode([ + { + name = "AWS_ACCOUNT" + value = "PROD" + type = "PLAINTEXT" + }, + { + name = "PROFILE" + value = "live" + type = "PLAINTEXT" + }, + { + name = "SHARED_ENVIRONMENT" + value = "live" + type = "PLAINTEXT" + } + ]) + } + } } depends_on = [ module.cicd_blue_green_deployment_pipeline_artefact_bucket, aws_codebuild_project.unit_tests_stage, aws_codebuild_project.integration_tests, aws_codebuild_project.deploy_shared_resources_environment_stage, + aws_codebuild_project.deploy_cloudwatch_queries_stage, ] } diff --git a/infrastructure/stacks/development-and-deployment-tools/development_pipeline.tf b/infrastructure/stacks/development-and-deployment-tools/development_pipeline.tf index 6276699c5..ca7aa2385 100644 --- a/infrastructure/stacks/development-and-deployment-tools/development_pipeline.tf +++ b/infrastructure/stacks/development-and-deployment-tools/development_pipeline.tf @@ -131,6 +131,38 @@ resource "aws_codepipeline" "development_pipeline" { } } } + dynamic "action" { + for_each = local.development_nonprod_environments + content { + name = "Deploy_CloudWatch_Queries_${action.value["ENVIRONMENT"]}" + category = "Build" + owner = "AWS" + run_order = 3 + provider = "CodeBuild" + input_artifacts = ["source_output"] + version = "1" + configuration = { + ProjectName = aws_codebuild_project.deploy_cloudwatch_queries_stage.name + EnvironmentVariables = jsonencode([ + { + name = "AWS_ACCOUNT" + value = "${action.value["AWS_ACCOUNT"]}" + type = "PLAINTEXT" + }, + { + name = "PROFILE" + value = "${action.value["PROFILE"]}" + type = "PLAINTEXT" + }, + { + name = "SHARED_ENVIRONMENT" + value = "${action.value["ENVIRONMENT"]}" + type = "PLAINTEXT" + } + ]) + } + } + } } stage { name = "Deploy_Prod_Environments" @@ -163,15 +195,43 @@ resource "aws_codepipeline" "development_pipeline" { ]) } } - action { - name = "Smoke_Test_Demo" + name = "Deploy_CloudWatch_Queries_Demo" category = "Build" owner = "AWS" run_order = 2 provider = "CodeBuild" input_artifacts = ["source_output"] version = "1" + configuration = { + ProjectName = aws_codebuild_project.deploy_cloudwatch_queries_stage.name + EnvironmentVariables = jsonencode([ + { + name = "AWS_ACCOUNT" + value = "PROD" + type = "PLAINTEXT" + }, + { + name = "PROFILE" + value = "demo" + type = "PLAINTEXT" + }, + { + name = "SHARED_ENVIRONMENT" + value = "demo" + type = "PLAINTEXT" + } + ]) + } + } + action { + name = "Smoke_Test_Demo" + category = "Build" + owner = "AWS" + run_order = 3 + provider = "CodeBuild" + input_artifacts = ["source_output"] + version = "1" configuration = { ProjectName = aws_codebuild_project.production_smoke_test.name EnvironmentVariables = jsonencode([ @@ -202,6 +262,7 @@ resource "aws_codepipeline" "development_pipeline" { aws_codebuild_project.full_deploy_stage, aws_codebuild_project.integration_tests, aws_codebuild_project.production_smoke_test, + aws_codebuild_project.deploy_cloudwatch_queries_stage, ] } diff --git a/infrastructure/stacks/development-and-deployment-tools/pipeline_stages.tf b/infrastructure/stacks/development-and-deployment-tools/pipeline_stages.tf index 4fc9ce3bd..844d61401 100644 --- a/infrastructure/stacks/development-and-deployment-tools/pipeline_stages.tf +++ b/infrastructure/stacks/development-and-deployment-tools/pipeline_stages.tf @@ -375,3 +375,44 @@ resource "aws_codebuild_project" "production_smoke_test" { buildspec = "infrastructure/stacks/development-and-deployment-tools/buildspecs/production-smoke-test-buildspec.yml" } } + +resource "aws_codebuild_project" "deploy_cloudwatch_queries_stage" { + name = "${var.project_id}-${var.environment}-deploy-cloudwatch-queries-stage" + description = "Deploy CloudWatch Query Definitions" + build_timeout = "30" + queued_timeout = "10" + service_role = data.aws_iam_role.pipeline_role.arn + + artifacts { + type = "CODEPIPELINE" + } + + environment { + compute_type = "BUILD_GENERAL1_SMALL" + image = "aws/codebuild/amazonlinux2-x86_64-standard:5.0" + type = "LINUX_CONTAINER" + image_pull_credentials_type = "CODEBUILD" + privileged_mode = true + + # Requires - PROFILE, SHARED_ENVIRONMENT, BLUE_GREEN_ENVIRONMENT and AWS_ACCOUNT to be set + dynamic "environment_variable" { + for_each = local.default_environment_variables + content { + name = environment_variable.key + value = environment_variable.value + } + } + } + + logs_config { + cloudwatch_logs { + group_name = "/aws/codebuild/${var.project_id}-${var.environment}-deploy-cloudwatch-queries-stage" + stream_name = "" + } + } + + source { + type = "CODEPIPELINE" + buildspec = "infrastructure/stacks/development-and-deployment-tools/buildspecs/deploy-cloudwatch-queries-buildspec.yml" + } +}