immunisation-fhir-api/infrastructure/instance/main.tf at 16df88b454acfe50d480cd9e7924c9ca6416fd4d · NHSDigital/immunisation-fhir-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 6"
    }
    docker = {
      source  = "kreuzwerker/docker"
      version = "4.2.0"
    }
  }
  backend "s3" {
    region       = "eu-west-2"
    key          = "state"
    use_lockfile = true
  }
  required_version = ">= 1.5.0"
}

provider "aws" {
  region = var.aws_region
  default_tags {
    tags = {
      Project     = var.project_name
      Environment = local.resource_scope
      Service     = var.service
    }
  }
}

provider "docker" {
  registry_auth {
    address  = "${data.aws_caller_identity.current.account_id}.dkr.ecr.${data.aws_region.current.region}.amazonaws.com"
    username = data.aws_ecr_authorization_token.token.user_name
    password = data.aws_ecr_authorization_token.token.password
  }
}

data "aws_region" "current" {}
data "aws_caller_identity" "current" {}
data "aws_ecr_authorization_token" "token" {}

check "private_subnets" {
  assert {
    condition     = length(local.private_subnet_ids) > 0
    error_message = "No private subnets with internet access found in VPC ${data.aws_vpc.default.id}"
  }
}

data "aws_vpc" "default" {
  tags = {
    Name = "imms-${var.environment}-fhir-api-vpc"
  }
}

data "aws_subnets" "all" {
  filter {
    name   = "vpc-id"
    values = [data.aws_vpc.default.id]
  }
}

data "aws_route_table" "route_table_by_subnet" {
  for_each = toset(data.aws_subnets.all.ids)

  subnet_id = each.value
}

data "aws_route" "internet_traffic_route_by_subnet" {
  for_each = data.aws_route_table.route_table_by_subnet

  route_table_id         = each.value.id
  destination_cidr_block = "0.0.0.0/0"
}

data "aws_kms_key" "existing_s3_encryption_key" {
  key_id = "alias/imms-batch-s3-shared-key"
}

data "aws_kms_key" "existing_dynamo_encryption_key" {
  key_id = "alias/imms-event-dynamodb-encryption"
}

data "aws_elasticache_cluster" "existing_redis" {
  cluster_id = "immunisation-redis-cluster"
}

data "aws_security_group" "existing_securitygroup" {
  filter {
    name   = "group-name"
    values = ["immunisation-security-group"]
  }
}

data "aws_kms_key" "existing_lambda_encryption_key" {
  key_id = "alias/imms-batch-lambda-env-encryption"
}

data "aws_kms_key" "existing_kinesis_encryption_key" {
  key_id = "alias/imms-batch-kinesis-stream-encryption"
}

data "aws_kms_key" "existing_id_sync_sqs_encryption_key" {
  key_id = "alias/imms-event-id-sync-encryption"
}

data "aws_route53_zone" "project_zone" {
  name = local.project_domain_name
}

data "aws_sns_topic" "imms_system_alert_errors" {
  name = "${var.environment}-imms-system-alert-errors"
}