manage-vaccinations-in-schools/terraform/data_replication/variables.tf at 72e2b34739295f496e485bc0154e6421daed0b0a · NHSDigital/manage-vaccinations-in-schools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
variable "environment" {
  type        = string
  description = "String literal for the environment"
  nullable    = false

  validation {
    condition = contains([
      "sandbox-alpha", "sandbox-beta", "qa", "test", "training", "preview", "production"
    ], var.environment)
    error_message = "Valid values for environment: sandbox-alpha, sandbox-beta, qa, test, training, preview, production."
  }
}

variable "region" {
  type        = string
  default     = "eu-west-2"
  description = "AWS region"
  nullable    = false
}

variable "db_engine_version" {
  type        = string
  default     = "16.8"
  description = "The version of the database engine to use."
  nullable    = false
}

variable "imported_snapshot" {
  type        = string
  description = "ARN of snapshot to create DB cluster from. This is the basis for replicating the existing DB."
  nullable    = false
}

variable "max_aurora_capacity_units" {
  type        = number
  default     = 8
  description = "Maximum amount of allowed ACU capacity for Aurora Serverless v2"
}

variable "db_secret_arn" {
  type        = string
  description = "The ARN of the secret that stores the credentials for the database from which the snapshot originates."
  nullable    = false
}

variable "account_id" {
  type        = string
  default     = "393416225559"
  description = "ID of aws account. Defaults to non-prod account."
  nullable    = false
}

variable "rails_master_key_path" {
  type        = string
  default     = "/mavis/staging/credentials/RAILS_MASTER_KEY"
  description = "The path of the System Manager Parameter Store secure string for the rails master key."
  nullable    = false
}

locals {
  name_prefix                        = "mavis-${var.environment}-data-replication"
  subnet_list                        = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id]
  shared_egress_infrastructure_count = min(length(var.allowed_egress_cidr_blocks), 1)

  task_envs = [
    {
      name  = "DB_HOST"
      value = aws_rds_cluster.cluster.endpoint
    },
    {
      name  = "DB_NAME"
      value = aws_rds_cluster.cluster.database_name
    },
    {
      name  = "RAILS_ENV"
      value = var.environment == "production" ? "production" : "staging"
    },
    {
      name  = "REDIS_CACHE_URL"
      value = "not_needed"
    }
  ]
  task_secrets = [
    {
      name      = "DB_CREDENTIALS"
      valueFrom = var.db_secret_arn
    },
    {
      name      = "RAILS_MASTER_KEY"
      valueFrom = var.rails_master_key_path
    }
  ]
}

variable "allowed_egress_cidr_blocks" {
  type        = list(string)
  description = "CIDR blocks for the allowed outbound traffic from the data replication service."
  default     = []
}