|
| 1 | +# Infrastructure |
| 2 | + |
| 3 | +Terraform configurations, Docker images, and environment definitions for deploying the Clinical Data Gateway API to AWS. |
| 4 | + |
| 5 | +## Project Structure |
| 6 | + |
| 7 | +```text |
| 8 | +infrastructure/ |
| 9 | +├── environments/ # Terraform root modules, one per environment |
| 10 | +│ ├── dev/ # Development environment (placeholder) |
| 11 | +│ └── preview/ # Preview environment — per-branch deployments |
| 12 | +│ ├── terraform.tf # Provider and S3 backend configuration |
| 13 | +│ ├── main.tf # Resources: ALB rule, ECS service, CloudWatch, etc. |
| 14 | +│ ├── variables.tf # Input variables (branch_name, image_tag, domain, etc.) |
| 15 | +│ ├── outputs.tf # Outputs: preview URL, target group ARN, ECS service name |
| 16 | +│ └── preview.tfvars # Default variable values for the preview environment |
| 17 | +├── images/ # Docker image definitions |
| 18 | +│ ├── build-container/ # CI/CD build container (Python, asdf, linters, Docker CLI) |
| 19 | +│ │ ├── Dockerfile |
| 20 | +│ │ └── resources/ # Files copied into the build container |
| 21 | +│ └── gateway-api/ # Gateway API runtime container (Python + Flask on Alpine) |
| 22 | +│ ├── Dockerfile |
| 23 | +│ └── resources/ # Application code copied into the runtime container |
| 24 | +└── modules/ # Reusable Terraform modules (placeholder) |
| 25 | +``` |
| 26 | + |
| 27 | +## Environments |
| 28 | + |
| 29 | +### Preview |
| 30 | + |
| 31 | +The `preview/` environment creates an isolated, per-branch deployment of the Gateway API. Each PR gets its own ECS service, ALB target group rule, and DNS record under `dev.endpoints.clinical-data-gateway.national.nhs.uk`. |
| 32 | + |
| 33 | +Key input variables: |
| 34 | + |
| 35 | +| Variable | Description | Default | |
| 36 | +|---|---|---| |
| 37 | +| `branch_name` | Git branch name — used to derive the hostname and resource names | *(required)* | |
| 38 | +| `image_tag` | Docker image tag to deploy; defaults to `branch_name` if empty | `""` | |
| 39 | +| `base_domain` | Base domain for the preview URL | `dev.endpoints.clinical-data-gateway.national.nhs.uk` | |
| 40 | +| `container_port` | Port the container listens on | `8080` | |
| 41 | +| `desired_count` | Number of ECS tasks | `1` | |
| 42 | + |
| 43 | +In CI, the Terraform state key is set per branch (e.g. `dev/preview/<branch>.tfstate`) so each preview environment has its own isolated state. |
| 44 | + |
| 45 | +```bash |
| 46 | +# Typical CI usage |
| 47 | +terraform init -backend-config="key=dev/preview/${BRANCH_NAME}.tfstate" |
| 48 | +terraform apply -var="branch_name=${BRANCH_NAME}" -var="image_tag=${IMAGE_TAG}" |
| 49 | +``` |
| 50 | + |
| 51 | +### Dev |
| 52 | + |
| 53 | +The `dev/` environment is currently a placeholder for the shared development environment. |
| 54 | + |
| 55 | +## Docker Images |
| 56 | + |
| 57 | +### `gateway-api` |
| 58 | + |
| 59 | +A lightweight Alpine-based Python image that runs the Flask application. Built with: |
| 60 | + |
| 61 | +- A configurable `PYTHON_VERSION` build argument |
| 62 | +- A non-root user (`gateway_api_user`) |
| 63 | +- Stubs enabled by default (`STUB_PDS`, `STUB_SDS`, `STUB_PROVIDER` all set to `true`) |
| 64 | +- Flask listening on `0.0.0.0:8080` |
| 65 | + |
| 66 | +### `build-container` |
| 67 | + |
| 68 | +A dev container image used by CI/CD pipelines, based on the VS Code Alpine base image. Includes: |
| 69 | + |
| 70 | +- Python (via asdf) |
| 71 | +- Docker CLI and Buildx |
| 72 | +- Linters and checkers: vale, hadolint (via npm/markdownlint), ShellCheck |
| 73 | +- Development certificate support for machines behind corporate proxies |
| 74 | + |
| 75 | +## Terraform Operations |
| 76 | + |
| 77 | +Terraform is managed through the Make targets defined in `scripts/terraform/terraform.mk`: |
| 78 | + |
| 79 | +```bash |
| 80 | +make terraform-init dir=infrastructure/environments/preview |
| 81 | +make terraform-plan dir=infrastructure/environments/preview |
| 82 | +make terraform-apply dir=infrastructure/environments/preview |
| 83 | +make terraform-destroy dir=infrastructure/environments/preview |
| 84 | +``` |
| 85 | + |
| 86 | +These wrap the `scripts/terraform/terraform.sh` script, which runs Terraform natively or falls back to a Docker container. |
0 commit comments